Heuman
asked on
Virus tvgyiy.exe - unable to remove
Well first off my computer is acting a little buggy which is unusual. I made sure that my antivirus software was up to date and ran a Virus and Spyware Scan to find nothing (utilities I'm using on my computer). Went online to BitDefender's website and did an online virus-scan their to reveal a virus that my antivirus program did not pick up (imagine that). The virus's name is tvgyiy.exe - Backdoor.Rbot.XJH. Which I've searched and searched I can't find anything on it. I have tried to locate the virus myself by doing a search with the Windows search engine and whatever I do it won't find this particular file. Then I did a search in the system32 directory where this virus resides I still can't find it there. I enabled show hidden folders or files and turned on file extensions with no once again. I ran silent runners and posting my log here for hopefully somebody can help me out.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ------
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
-------------------------- -------
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmo n.exe" [MS]
"Yahoo! Pager" = ""C:\PROGRA~1\Yahoo!\MESSE N~1\YAHOOM ~1.EXE" -quiet" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run\ {++}
"BitDefender Antiphishing Helper" = ""C:\Program Files\BitDefender\BitDefen der 2008\IEShow.exe"" ["BitDefender"]
"BDAgent" = ""C:\Program Files\BitDefender\BitDefen der 2008\bdagent.exe"" ["BitDefender S.R.L."]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe" -start" ["InstallShield Software Corporation"]
"ISUSPM Startup" = "c:\PROGRA~1\COMMON~1\INST AL~1\UPDAT E~1\isuspm .exe -startup" ["InstallShield Software Corporation"]
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Explorer\ Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7 695ECA0567 0}\(Defaul t) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Compan ion\Instal ls\cpn\yt. dll" ["Yahoo! Inc."]
{5BAB4B5B-68BC-4B02-94D6-2 FC0DE4A789 7}\(Defaul t) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrv c.dll" ["Yahoo! Inc."]
{761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3}\(Defaul t) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24- 00a0c9068f f3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E- 00AA0030EB C8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\htico ns.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906- E49FADC173 CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{280CFDE1-1354-4431-92F3- 03073BA593 FB}" = "TotalConverter Context Menu Shell Extension"
-> {HKLM...CLSID} = "TotalConverter Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TotalAudioConverter\ axTotalCon verter.dll " [empty string]
"{e57ce731-33e8-4c51-8354- bb4de9d215 d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpu i.dll" [MS]
"{00020D75-0000-0000-C000- 0000000000 46}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFI CE11\MLSHE XT.DLL" [MS]
"{0006F045-0000-0000-C000- 0000000000 46}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFI CE11\OLKFS TUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF- 0050048385 97}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll " [MS]
"{993BE281-6695-4BA5-8A2A- 7AACBFAAB6 9E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICR OS~1\OFFIC E12\msoshe xt.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5- 9B7F8279FF 97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICR OS~1\OFFIC E12\msoshe xt.dll" [MS]
"{5464D816-CF16-4784-B9F3- 75C0DB52B4 99}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI .dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \ShellServ iceObjectD elayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7- 94D524869D B5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDSh ServiceObj .dll" [MS]
HKLM\Software\Microsoft\Wi ndows NT\CurrentVersion\Winlogon \Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROT OCOLS\Filt er\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672- 00B0D022E9 45}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.D LL" [MS]
HKLM\Software\Classes\*\sh ellex\Cont extMenuHan dlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1- 7B39C6103B 7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
TotalConverter\(Default) = "{280CFDE1-1354-4431-92F3- 03073BA593 FB}"
-> {HKLM...CLSID} = "TotalConverter Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TotalAudioConverter\ axTotalCon verter.dll " [empty string]
WinExpert\(Default) = "{19741013-C829-11D1-8233- 0020AF3E97 A9}"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\conte xt.dll" ["SuperLogix"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906- E49FADC173 CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3- 75C0DB52B4 99}"
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI .dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Dire ctory\shel lex\Contex tMenuHandl ers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1- 7B39C6103B 7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906- E49FADC173 CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Fold er\shellex \ContextMe nuHandlers \
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1- 7B39C6103B 7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinExpert\(Default) = "{19741013-C829-11D1-8233- 0020AF3E97 A9}"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\conte xt.dll" ["SuperLogix"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906- E49FADC173 CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-------------------------- ---------- ---------- -
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Policies\ Explorer\
"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Policies\ System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-------------------------- ---
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Explorer\ ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\In ternet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Microsoft\Inter net Explorer\Internet Explorer Wallpaper.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ss3df o.scr" [MS]
Startup items in "David" & "All Users" startup folders:
-------------------------- ---------- ---------- ---------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Wireless Connection Manager" -> shortcut to: "C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe" [" "]
Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" [file not found]
Winsock2 Service Provider DLLs:
-------------------------- -----
Namespace Service Providers
HKLM\System\CurrentControl Set\Servic es\Winsock 2\Paramete rs\NameSpa ce_Catalog 5\Catalog_ Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\msw sock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\win rnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\msw sock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]
Transport Service Providers
HKLM\System\CurrentControl Set\Servic es\Winsock 2\Paramete rs\Protoco l_Catalog9 \Catalog_E ntries\ {++}
0000000000##\PackedCatalog Item (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msws ock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvp sp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
-------------------------- ----------
Toolbars
HKCU\Software\Microsoft\In ternet Explorer\Toolbar\WebBrowse r\
"{EF99BD32-C1FB-11D2-892F- 0090271D4F 88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Compan ion\Instal ls\cpn\yt. dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\In ternet Explorer\Toolbar\
"{381FFDE8-2394-4F90-B10D- FC6124A40F 8C}" = "IEToolbar"
-> {HKLM...CLSID} = "BitDefender Toolbar"
\InProcServer32\(Default) = "C:\Program Files\BitDefender\BitDefen der 2008\IEToolbar.dll" ["Bitdefender"]
"{EF99BD32-C1FB-11D2-892F- 0090271D4F 88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Compan ion\Instal ls\cpn\yt. dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\In ternet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSI D\{FF059E3 1-CC5A-4E2 E-BF3B-96E 929D65503} \(Default) = "&Research"
Implemented Categories\{00021493-0000- 0000-C000- 0000000000 46}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFI CE11\REFIE BAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\In ternet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003- ABCDEFFEDC BC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin \npjpi160_ 03.dll" ["Sun Microsystems, Inc."]
{5BAB4B5B-68BC-4B02-94D6-2 FC0DE4A789 7}\
"ButtonText" = "Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6- 2FC0DE4A78 97}"
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrv c.dll" ["Yahoo! Inc."]
{85D1F590-48F4-11D9-9669-0 800200C9A6 6}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{92780B25-18CC-41C8-B9BE-3 C9C571A826 3}\
"ButtonText" = "Research"
{E2E2DD38-D088-4134-82B7-F 2BA3849658 3}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-0 0C04F79568 3}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe " [MS]
Miscellaneous IE Hijack Points
-------------------------- ----
HKCU\Software\Microsoft\In ternet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F- 0090271D4F 88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Compan ion\Instal ls\cpn\yt. dll" ["Yahoo! Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
-------------------------- ---------- ---------- ---------- ----------
Atheros Configuration Service, ACS, "C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe" ["Atheros"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2e vxx.exe" ["ATI Technologies Inc."]
BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\BitDefender\BitDefen der Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common Files\BitDefender\BitDefen der Update Service\livesrv.exe" /service" ["BitDefender S.R.L."]
BitDefender Threat Scanner, scan, "C:\WINDOWS\System32\svcho st.exe -kbdx" {"C:\Program Files\Common Files\BitDefender\BitDefen der Threat Scanner\scan.dll" ["BitDefender"]}
BitDefender Virus Shield, VSSERV, ""C:\Program Files\BitDefender\BitDefen der 2008\vsserv.exe" /service" ["BitDefender S.R.L."]
Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe rvice.exe" " ["Diskeeper Corporation"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBC ES.EXE" ["Lexmark International, Inc."]
Print Monitors:
---------------
HKLM\System\CurrentControl Set\Contro l\Print\Mo nitors\
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2007-10-16 18:04:59)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 30 seconds.
---------- (total run time: 73 seconds)
--------------------------
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
--------------------------
HKCU\Software\Microsoft\Wi
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmo
"Yahoo! Pager" = ""C:\PROGRA~1\Yahoo!\MESSE
HKLM\Software\Microsoft\Wi
"BitDefender Antiphishing Helper" = ""C:\Program Files\BitDefender\BitDefen
"BDAgent" = ""C:\Program Files\BitDefender\BitDefen
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\Update
"ISUSPM Startup" = "c:\PROGRA~1\COMMON~1\INST
HKLM\Software\Microsoft\Wi
{02478D38-C3F9-4efb-9B51-7
-> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Compan
{5BAB4B5B-68BC-4B02-94D6-2
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrv
{761497BB-D6F0-462C-B6EB-D
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin
HKLM\Software\Microsoft\Wi
"{42071714-76d4-11d1-8b24-
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\htico
"{B41DB860-8EE4-11D2-9906-
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{280CFDE1-1354-4431-92F3-
-> {HKLM...CLSID} = "TotalConverter Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TotalAudioConverter\
"{e57ce731-33e8-4c51-8354-
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpu
"{00020D75-0000-0000-C000-
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFI
"{0006F045-0000-0000-C000-
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFI
"{42042206-2D85-11D3-8CFF-
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
"{993BE281-6695-4BA5-8A2A-
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICR
"{C41662BB-1FA0-4CE0-8DC5-
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICR
"{5464D816-CF16-4784-B9F3-
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI
HKLM\Software\Microsoft\Wi
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDSh
HKLM\Software\Microsoft\Wi
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROT
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.D
HKLM\Software\Classes\*\sh
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll"
TotalConverter\(Default) = "{280CFDE1-1354-4431-92F3-
-> {HKLM...CLSID} = "TotalConverter Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TotalAudioConverter\
WinExpert\(Default) = "{19741013-C829-11D1-8233-
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\conte
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI
HKLM\Software\Classes\Dire
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll"
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Fold
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll"
WinExpert\(Default) = "{19741013-C829-11D1-8233-
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\conte
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
--------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Wi
"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Wi
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
--------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Wi
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\In
"Wallpaper" = "%APPDATA%\Microsoft\Inter
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\David\Application
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ss3df
Startup items in "David" & "All Users" startup folders:
--------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Wireless Connection Manager" -> shortcut to: "C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe" [" "]
Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" [file not found]
Winsock2 Service Provider DLLs:
--------------------------
Namespace Service Providers
HKLM\System\CurrentControl
000000000001\LibraryPath = "%SystemRoot%\System32\msw
000000000002\LibraryPath = "%SystemRoot%\System32\win
000000000003\LibraryPath = "%SystemRoot%\System32\msw
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll"
Transport Service Providers
HKLM\System\CurrentControl
0000000000##\PackedCatalog
%SystemRoot%\system32\msws
%SystemRoot%\system32\rsvp
Toolbars, Explorer Bars, Extensions:
--------------------------
Toolbars
HKCU\Software\Microsoft\In
"{EF99BD32-C1FB-11D2-892F-
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Compan
HKLM\Software\Microsoft\In
"{381FFDE8-2394-4F90-B10D-
-> {HKLM...CLSID} = "BitDefender Toolbar"
\InProcServer32\(Default) = "C:\Program Files\BitDefender\BitDefen
"{EF99BD32-C1FB-11D2-892F-
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Compan
Explorer Bars
HKLM\Software\Microsoft\In
HKLM\Software\Classes\CLSI
Implemented Categories\{00021493-0000-
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFI
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\In
{08B0E5C0-4FCB-11CF-AAA5-0
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin
{5BAB4B5B-68BC-4B02-94D6-2
"ButtonText" = "Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrv
{85D1F590-48F4-11D9-9669-0
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{92780B25-18CC-41C8-B9BE-3
"ButtonText" = "Research"
{E2E2DD38-D088-4134-82B7-F
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-0
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe
Miscellaneous IE Hijack Points
--------------------------
HKCU\Software\Microsoft\In
<<H>> "{EF99BD32-C1FB-11D2-892F-
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Compan
Running Services (Display Name, Service Name, Path {Service DLL}):
--------------------------
Atheros Configuration Service, ACS, "C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe" ["Atheros"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2e
BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\BitDefender\BitDefen
BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common Files\BitDefender\BitDefen
BitDefender Threat Scanner, scan, "C:\WINDOWS\System32\svcho
BitDefender Virus Shield, VSSERV, ""C:\Program Files\BitDefender\BitDefen
Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBC
Print Monitors:
---------------
HKLM\System\CurrentControl
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2007-10-16 18:04:59)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 30 seconds.
---------- (total run time: 73 seconds)
ASKER
Detail from the program any you are the two reports main.txt and extra.txt
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ------
Deckard's System Scanner v20071014.68
Run by David on 2007-10-16 19:20:38
Computer is in Normal Mode.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
-- HijackThis (run as David.exe) -------------------------- ---------- ---------- -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:55 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\LEXBCE S.EXE
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\LEXPPS .EXE
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefen der 2008\bdagent.exe
C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe rvice.exe
C:\WINDOWS\system32\devldr 32.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Common Files\BitDefender\BitDefen der Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefen der 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefen der Update Service\livesrv.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\David\Desktop\dss .exe
C:\PROGRA~1\TRENDM~1\HIJAC K~1\David. exe
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2 FC0DE4A789 7} - C:\Program Files\Yahoo!\Common\yiesrv c.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-F C6124A40F8 C} - C:\Program Files\BitDefender\BitDefen der 2008\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefen der 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefen der 2008\bdagent.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\isuspm. exe -startup
O4 - HKLM\..\RunServices: [Microsoft Update Machine] tvgyiy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN ~1\YAHOOM~ 1.EXE" -quiet
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2 FC0DE4A789 7} - C:\Program Files\Yahoo!\Common\yiesrv c.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0 800200c9a6 6} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0 800200c9a6 6} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D 3488ABDDC6 B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-0 0195EC8D5F 9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9 BD8C29F7F7 5} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8 226143CFC0 A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0 0105AA9B6A E} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-f a1d4f56a2a b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth elper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D 4730F4EE49 9} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E 099162EEEC 5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0 0805F499D9 3} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg ag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe rvice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ ice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCE S.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefen der Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefen der 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefen der Communicator\xcommsvr.exe
--
End of file - 7429 bytes
-- Files created between 2007-09-16 and 2007-10-16 -------------------------- ---
2007-10-16 19:20:49 0 d-------- C:\Program Files\Trend Micro
2007-10-16 17:35:42 0 dr-h----- C:\Documents and Settings\David\Recent
2007-10-16 05:35:19 0 d-------- C:\WINDOWS\system32\Kasper sky Lab
2007-10-16 05:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
2007-10-16 05:22:48 0 d-------- C:\Program Files\Uninstall Tool
2007-10-16 00:30:22 0 d-------- C:\Documents and Settings\David\Application Data\Bitdefender
2007-10-16 00:30:08 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-15 22:01:40 81984 --a------ C:\WINDOWS\system32\bdod.b in
2007-10-15 22:01:01 0 d-------- C:\Program Files\BitDefender
2007-10-15 22:00:27 0 d-------- C:\Program Files\Common Files\BitDefender
2007-10-15 17:04:34 0 d-------- C:\WINDOWS\BDOSCAN8
2007-10-15 04:37:47 0 d-------- C:\Program Files\SonicWallES
2007-10-15 00:07:14 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-14 17:13:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 13:43:41 0 d-------- C:\WINDOWS\system32\ZoneLa bs
2007-10-14 00:46:30 0 d-------- C:\KAV
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\zts2.exe
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\system32\vcmgcd 32.dll
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\system32\iifgfg f.dll
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\rundll16.exe
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\rundl132.dll
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\logo1_.exe
2007-10-13 04:17:28 0 d-------- C:\Program Files\Wise Registry Cleaner
2007-10-13 04:16:49 0 d-------- C:\Program Files\Aezay Productions
2007-10-13 04:10:22 0 d-------- C:\Program Files\AusLogics Registry Defrag
2007-10-12 22:49:54 0 d-------- C:\Documents and Settings\David\Application Data\foobar2000
2007-10-12 22:49:50 0 d-------- C:\Program Files\foobar2000
2007-10-12 17:55:16 0 d-------- C:\Program Files\Common Files\Scansoft Shared
2007-10-12 17:55:16 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-10-12 17:55:02 0 d-------- C:\Program Files\Nuance
2007-10-12 16:44:57 0 d-------- C:\Program Files\Easy Duplicate Finder
2007-10-12 16:43:40 0 d-------- C:\Program Files\Duplicate Music Files Finder
2007-10-12 16:24:08 0 --a------ C:\WINDOWS\system32\suupda te.dat
2007-10-12 16:24:08 0 --a------ C:\WINDOWS\system32\mssuru n.dat
2007-10-12 16:24:08 269824 --a------ C:\WINDOWS\system32\baksm. dll
2007-10-12 16:23:59 2281472 --a------ C:\WINDOWS\system32\vbsbak .dat <Not Verified; SuperLogix; Super Utilities>
2007-10-12 16:23:59 42 --a------ C:\WINDOWS\system32\vb6soc k.dll
2007-10-12 16:23:59 269824 --a------ C:\WINDOWS\system32\superm enuhook.dl l
2007-10-12 16:23:59 0 d-------- C:\WINDOWS\system32\IOSUBS YS
2007-10-12 16:23:59 43936 --a------ C:\WINDOWS\system32\driver s\HWFProt. sys <Not Verified; Alfa Corporation; AlfaFP (TM) 2003 Ansi Build for Windows NT/2K>
2007-10-12 16:23:59 591872 --a------ C:\WINDOWS\system32\contex t.dll <Not Verified; SuperLogix; Enhancement to context menu>
2007-10-12 16:23:59 269824 --a------ C:\WINDOWS\system32\baksm. dat
2007-10-12 16:23:59 0 d-------- C:\Program Files\SuperLogix
2007-10-12 15:36:47 0 d-------- C:\Program Files\Mgutil
2007-10-12 04:06:18 0 d-------- C:\Program Files\Wise Disk Cleaner
2007-10-11 23:59:00 0 d-------- C:\Program Files\SpywareBlaster
2007-10-11 22:58:27 28672 --a------ C:\WINDOWS\system32\driver s\CO_Mon.s ys
2007-10-11 18:57:35 0 d-------- C:\Program Files\QuickTime
2007-10-11 18:40:32 0 d-------- C:\WINDOWS\Sun
2007-10-11 18:40:32 0 d-------- C:\Documents and Settings\David\Application Data\Sun
2007-10-11 18:40:06 0 d-------- C:\Program Files\Java
2007-10-11 18:39:56 0 d-------- C:\Program Files\Common Files\Java
2007-10-11 18:34:58 0 d-------- C:\Documents and Settings\David\.housecall6 .6
2007-10-11 12:24:05 0 d-------- C:\Program Files\TotalAudioConverter
2007-10-10 19:58:42 0 d-------- C:\Program Files\MSECache
2007-10-10 19:52:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-10 19:52:10 0 d-------- C:\WINDOWS\SHELLNEW
2007-10-10 19:51:10 0 d-------- C:\Program Files\Microsoft.NET
2007-10-09 16:20:53 0 d-------- C:\Documents and Settings\David\Application Data\Ahead
2007-10-09 16:15:57 0 d-------- C:\Program Files\Nero
2007-10-09 16:15:57 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-09 16:07:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-09 15:25:25 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-09 04:09:23 0 d-------- C:\Program Files\Seagate
2007-10-09 03:33:33 0 d-------- C:\Documents and Settings\David\Application Data\uTorrent
2007-10-09 02:36:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 01:53:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-08 01:18:26 0 d-------- C:\Program Files\Bonjour
2007-10-08 01:10:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-08 00:57:25 0 d-------- C:\Program Files\MagicISO
2007-10-08 00:39:32 639224 --a------ C:\WINDOWS\system32\driver s\sptd.sys
2007-10-07 00:17:29 237636 --a------ C:\WINDOWS\system32\wsimd. dll <Not Verified; Atheros Communications, Inc.; wsimd>
2007-10-07 00:17:29 245830 --a------ C:\WINDOWS\system32\wsfwDS .dll <Not Verified; Atheros Communications, Inc.; wsfwds>
2007-10-07 00:17:29 53248 -ra------ C:\WINDOWS\system32\dsaNac .dll <Not Verified; Devicescape, Inc.; Devicescape NAC Notify DLL>
2007-10-07 00:17:29 1253432 -ra------ C:\WINDOWS\system32\dsa.dl l <Not Verified; Devicescape; Devicescape Windows WPA Supplicant (Core 0.4.3)>
2007-10-07 00:17:29 0 d-------- C:\WINDOWS\pcidevice
2007-10-07 00:17:29 0 d-------- C:\Program Files\D-Link
2007-10-06 18:44:54 0 d-------- C:\Documents and Settings\David\Application Data\Nero
2007-10-06 18:42:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-05 19:41:15 0 d-------- C:\Program Files\Marvell
2007-10-05 19:37:24 5824 --a------ C:\WINDOWS\system32\driver s\ASUSHWIO .SYS
2007-10-04 13:52:54 399872 --a------ C:\WINDOWS\c4dstand.dll
2007-10-04 13:52:53 438272 --a------ C:\WINDOWS\c4dll.dll <Not Verified; Sequiter Software Inc.; CodeBase>
2007-10-04 13:52:39 98304 --a------ C:\WINDOWS\system32\tsccvi d.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2007-10-04 13:52:39 0 d-------- C:\Program Files\LearnKey
2007-10-04 13:52:36 487936 --a------ C:\WINDOWS\LkUnInst.exe <Not Verified; LearnKey, Inc.; >
2007-10-03 22:55:26 0 d-------- C:\temp
2007-10-02 20:58:47 0 d-------- C:\WINDOWS\PAC207
2007-10-02 00:18:12 1075 --a------ C:\Documents and Settings\David\Application Data\SAS7_000.DAT
2007-10-01 19:09:02 0 d-------- C:\Documents and Settings\David\Application Data\Nuance
2007-10-01 19:03:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nuance
2007-10-01 17:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-01 17:17:35 0 d-------- C:\WINDOWS\speech
2007-10-01 02:24:27 0 d------c- C:\WINDOWS\system32\DRVSTO RE
2007-10-01 02:23:46 0 d-------- C:\Program Files\MSXML 4.0
2007-10-01 01:53:31 0 d-------- C:\Program Files\Anark
2007-09-30 23:56:43 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-09-30 23:56:38 0 d-------- C:\Documents and Settings\David\WINDOWS
2007-09-28 23:05:33 0 d-------- C:\Program Files\MSXML 6.0
2007-09-28 20:57:19 0 d-------- C:\WINDOWS\system32\XPSVie wer
2007-09-28 20:56:58 0 d-------- C:\Program Files\Reference Assemblies
2007-09-28 20:52:33 0 d-------- C:\WINDOWS\system32\URTTem p
2007-09-28 20:33:08 0 d-------- C:\Program Files\MTV Networks
2007-09-28 20:33:04 0 d-------- C:\WINDOWS\Downloaded Installations
2007-09-28 20:09:30 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-28 20:08:23 0 d-------- C:\WINDOWS\system32\LogFil es
2007-09-28 20:08:23 0 d-------- C:\WINDOWS\system32\driver s\UMDF
2007-09-28 20:00:19 0 d-------- C:\WINDOWS\network diagnostic
2007-09-28 19:59:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-09-28 19:35:44 0 d-------- C:\Program Files\Diskeeper Corporation
2007-09-28 16:52:49 0 d--hs---- C:\Diskeeper
2007-09-28 16:09:53 0 d-------- C:\Documents and Settings\David\Application Data\Softplicity
2007-09-28 01:39:11 0 d-------- C:\WINDOWS\Wallpaper Of Wow
2007-09-27 22:22:02 0 d-------- C:\Documents and Settings\David\Application Data\Yahoo!
2007-09-27 22:09:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-27 22:07:44 0 d-------- C:\Program Files\Yahoo!
2007-09-27 19:19:21 29696 -----n--- C:\WINDOWS\system32\dev32. exe <Not Verified; ALi Coporation; Install Program>
2007-09-27 19:19:16 163840 -----n--- C:\WINDOWS\system32\coin52 88.dll <Not Verified; ULi Electronics Inc.; Coinstaller Dynamic Link Library>
2007-09-27 18:01:51 0 d-------- C:\Program Files\MSBuild
2007-09-27 17:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-27 17:19:07 0 d-------- C:\Documents and Settings\David\Application Data\Adobe
2007-09-27 17:11:35 0 d-------- C:\Documents and Settings\David\Application Data\Media Player Classic
2007-09-27 17:10:34 217088 --a------ C:\WINDOWS\system32\yv12vf w.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-09-27 17:10:34 282624 --a------ C:\WINDOWS\system32\xvidvf w.dll
2007-09-27 17:10:34 1559040 --a------ C:\WINDOWS\system32\xvidco re.dll
2007-09-27 17:10:33 3596288 --a------ C:\WINDOWS\system32\qt-dx3 31.dll
2007-09-27 17:10:33 73728 --a------ C:\WINDOWS\system32\dpl100 .dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-09-27 17:10:33 740442 --a------ C:\WINDOWS\system32\divx.d ll <Not Verified; DivX, Inc.; DivX®>
2007-09-27 17:10:32 7680 --a------ C:\WINDOWS\system32\ff_vfw .dll
2007-09-27 17:10:31 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-27 17:03:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-27 17:03:24 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-27 17:00:32 0 d-------- C:\WINDOWS\pss
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Tem plates
2007-09-27 16:47:23 0 dr------- C:\Documents and Settings\Administrator\Sta rt Menu
2007-09-27 16:47:23 0 dr-h----- C:\Documents and Settings\Administrator\Sen dTo
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Rec ent
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Pri ntHood
2007-09-27 16:47:23 524288 --ah----- C:\Documents and Settings\Administrator\NTU SER.DAT
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Net Hood
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Loc al Settings
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Fav orites
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Des ktop
2007-09-27 16:47:23 0 d---s---- C:\Documents and Settings\Administrator\Coo kies
2007-09-27 16:47:23 0 dr-h----- C:\Documents and Settings\Administrator\App lication Data
2007-09-27 16:47:23 0 d---s---- C:\Documents and Settings\Administrator\App lication Data\Microsoft
2007-09-27 16:32:20 0 d-------- C:\Documents and Settings\David\Application Data\Macromedia
2007-09-27 16:02:50 830 --a------ C:\WINDOWS\system32\instal ler.bat
2007-09-27 15:44:50 851456 --a------ C:\WINDOWS\system32\WGA.ex e
2007-09-27 15:44:30 512 --a------ C:\ScanSectorLog.dat
2007-09-27 14:36:47 0 d-------- C:\Program Files\DAMN NFO Viewer
2007-09-27 14:36:15 0 d-------- C:\Documents and Settings\David\Application Data\WinRAR
2007-09-27 14:06:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-09-27 14:06:57 0 d-------- C:\Documents and Settings\David\Application Data\Azureus
2007-09-27 14:06:07 0 d-------- C:\Program Files\Azureus
2007-09-27 13:54:35 4212 ---h----- C:\WINDOWS\system32\zllict bl.dat
2007-09-27 13:54:26 11264 --a------ C:\WINDOWS\system32\SpOrde r.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-09-27 13:53:49 0 d-------- C:\WINDOWS\Internet Logs
2007-09-27 13:49:08 0 d-------- C:\WINDOWS\system32\appmgm t
2007-09-27 13:25:13 0 d-------- C:\WINDOWS\system32\PreIns tall
2007-09-27 13:25:12 0 d--h----- C:\WINDOWS\$hf_mig$
2007-09-27 13:23:03 0 d--hs---- C:\Documents and Settings\David\UserData
2007-09-27 13:21:20 0 d-------- C:\WINDOWS\system32\Softwa reDistribu tion
2007-09-27 13:09:06 40636 -ra------ C:\WINDOWS\system32\driver s\WLANGEN. bin
2007-09-27 13:09:06 912 -ra------ C:\WINDOWS\system32\driver s\RADIO15. bin
2007-09-27 13:09:06 964 -ra------ C:\WINDOWS\system32\driver s\RADIO11. bin
2007-09-27 13:09:06 936 -ra------ C:\WINDOWS\system32\driver s\RADIO0d. bin
2007-09-27 13:09:06 255360 -ra------ C:\WINDOWS\system32\driver s\AIRPLUS. sys <Not Verified; D-Link; D-Link AirPlus 22 Mbps Wireless Network Adapter>
2007-09-27 13:09:06 40636 -ra------ C:\WINDOWS\system\WLANGEN. bin
2007-09-27 13:09:06 912 -ra------ C:\WINDOWS\system\RADIO15. bin
2007-09-27 13:09:06 964 -ra------ C:\WINDOWS\system\RADIO11. bin
2007-09-27 13:09:06 936 -ra------ C:\WINDOWS\system\RADIO0d. bin
2007-09-27 12:59:50 0 d-------- C:\Program Files\AllToAVI
2007-09-27 12:59:21 0 d-------- C:\Documents and Settings\David\Application Data\TuneUp Software
2007-09-27 12:56:18 0 d-------- C:\Program Files\Lavalys
2007-09-27 12:55:13 0 d-------- C:\Program Files\DSC Driver
2007-09-27 12:35:45 0 d-------- C:\WINDOWS\system32\Reinst allBackups
2007-09-27 12:35:44 0 d-------- C:\WINDOWS\system32\Data
2007-09-27 12:35:36 49152 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-09-27 12:24:35 593920 -----n--- C:\WINDOWS\system32\ati2sg ag.exe <Not Verified; ; ATI Smart>
2007-09-27 12:24:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-27 12:24:16 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-27 12:24:11 0 d-------- C:\ATI
2007-09-27 12:23:27 0 d-------- C:\Documents and Settings\David\Application Data\Identities
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\Templates
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\Start Menu
2007-09-27 12:23:20 0 dr-h----- C:\Documents and Settings\David\SendTo
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\PrintHood
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\NetHood
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\My Documents
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\Local Settings
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\Favorites
2007-09-27 12:23:20 0 d-------- C:\Documents and Settings\David\Desktop
2007-09-27 12:23:20 0 d--hs---- C:\Documents and Settings\David\Cookies
2007-09-27 12:23:20 0 dr-h----- C:\Documents and Settings\David\Application Data
2007-09-27 12:23:19 4456448 --a------ C:\Documents and Settings\David\NTUSER.DAT
2007-09-27 12:22:37 0 d-------- C:\WINDOWS\SoftwareDistrib ution
2007-09-27 12:22:36 0 d---s---- C:\WINDOWS\system32\Micros oft
2007-09-27 12:22:36 0 d-------- C:\WINDOWS\Prefetch
2007-09-27 12:22:35 229376 --ah----- C:\Documents and Settings\LocalService\NTUS ER.DAT
2007-09-27 12:22:35 0 d--h----- C:\Documents and Settings\LocalService\Loca l Settings
2007-09-27 12:22:35 0 d--hs---- C:\Documents and Settings\LocalService\Cook ies
2007-09-27 12:22:35 0 d-------- C:\Documents and Settings\LocalService\Appl ication Data
2007-09-27 12:22:35 0 d---s---- C:\Documents and Settings\LocalService\Appl ication Data\Microsoft
2007-09-27 12:18:04 229376 --ah----- C:\Documents and Settings\NetworkService\NT USER.DAT
2007-09-27 12:18:04 0 d--h----- C:\Documents and Settings\NetworkService\Lo cal Settings
2007-09-27 12:18:04 0 d--hs---- C:\Documents and Settings\NetworkService\Co okies
2007-09-27 12:18:04 0 d-------- C:\Documents and Settings\NetworkService\Ap plication Data
2007-09-27 12:18:04 0 d---s---- C:\Documents and Settings\NetworkService\Ap plication Data\Microsoft
2007-09-27 12:14:59 0 d-------- C:\WINDOWS\system32\xircom
2007-09-27 12:14:59 0 d-------- C:\Program Files\microsoft frontpage
2007-09-27 12:14:51 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-09-27 12:14:47 0 -rahs---- C:\MSDOS.SYS
2007-09-27 12:14:47 0 -rahs---- C:\IO.SYS
2007-09-27 12:14:47 0 --a------ C:\CONFIG.SYS
2007-09-27 12:14:47 0 -----n--- C:\AUTOEXEC.BAT
2007-09-27 12:14:03 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-09-27 12:13:57 0 d-------- C:\WINDOWS\Offline Web Pages
2007-09-27 12:13:57 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-09-27 12:13:48 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-27 12:13:34 0 d-------- C:\WINDOWS\system32\Direct X
2007-09-27 12:13:04 0 d---s---- C:\WINDOWS\Tasks
2007-09-27 12:13:03 0 d-------- C:\Program Files\Common Files\MSSoap
2007-09-27 12:12:59 0 d-------- C:\WINDOWS\system32\Macrom ed
2007-09-27 12:12:59 0 d-------- C:\WINDOWS\srchasst
2007-09-27 12:12:51 0 d-------- C:\Program Files\Movie Maker
2007-09-27 12:12:43 0 d-------- C:\WINDOWS\system32\Restor e
2007-09-27 12:12:14 21640 --a------ C:\WINDOWS\system32\emptyr egdb.dat
2007-09-27 12:12:02 0 d-------- C:\WINDOWS\Registration
2007-09-27 12:11:57 0 d-------- C:\Program Files\Online Services
2007-09-27 12:11:52 0 d-------- C:\Program Files\Messenger
2007-09-27 12:11:48 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-27 12:11:12 0 d-------- C:\Program Files\Windows NT
2007-09-27 12:11:09 0 d-------- C:\WINDOWS\system32\MsDtc
2007-09-27 12:11:07 0 d-------- C:\WINDOWS\system32\Com
2007-09-27 08:05:30 0 d--hs---- C:\WINDOWS\Installer
2007-09-27 08:05:30 0 d-------- C:\Program Files\Common Files\ODBC
2007-09-27 08:05:27 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-09-27 08:05:26 0 d-------- C:\Program Files
2007-09-27 08:05:26 0 d-------- C:\Program Files\Common Files
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-09-27 08:05:05 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Local Settings
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-09-27 08:05:05 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\All Users\Documents
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-09-27 08:04:47 0 d-------- C:\WINDOWS\system32\CatRoo t2
2007-09-27 08:04:47 0 d-------- C:\WINDOWS\system32\CatRoo t
2007-09-27 08:04:41 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-09-27 08:04:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-09-27 08:04:41 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-09-27 08:04:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-09-27 08:04:04 0 d-------- C:\Documents and Settings
2007-09-27 08:04:03 0 d--hs---- C:\System Volume Information
2007-09-27 07:57:20 0 d-------- C:\WINDOWS
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\WinSxS
2007-09-27 07:57:20 0 dr------- C:\WINDOWS\Web
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\twain_32
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\wins
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\wbem
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\usmt
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\spool
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ShellE xt
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\Setup
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ras
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\oobe
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\npp
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\mui
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\inetsr v
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\IME
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\icsxml
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ias
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\export
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver s
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver s\etc
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver s\disdn
2007-09-27 07:57:20 0 d------c- C:\WINDOWS\system32\dllcac he
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\dhcp
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\config
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\3com_d mi
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\3076
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\2052
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1054
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1042
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1041
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1037
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1033
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1031
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1028
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1025
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\security
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Resources
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Provisioning
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\PeerNet
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\pchealth
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\mui
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\msapps
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\msagent
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Media
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\java
2007-09-27 07:57:20 0 d--h----- C:\WINDOWS\inf
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\ime
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Help
2007-09-27 07:57:20 0 dr--s---- C:\WINDOWS\Fonts
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\ehome
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Driver Cache
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Debug
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Cursors
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Connection Wizard
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Config
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\AppPatch
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\addins
-- Find3M Report -------------------------- ---------- ---------- ---------- -------
2007-09-27 08:05:05 62 --ahs---- C:\Documents and Settings\David\Application Data\desktop.ini
2007-07-20 15:54:30 77824 --a------ C:\WINDOWS\system32\xcomm. dll <Not Verified; Softwin; Softwin BitDefender Communicator>
-- Registry Dump -------------------------- ---------- ---------- ---------- -------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefen der 2008\IEShow.exe" [08/27/2007 03:24 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefen der 2008\bdagent.exe" [10/01/2007 03:23 PM]
"ISUSScheduler"="C:\Progra m Files\Common Files\InstallShield\Update Service\is sch.exe" [02/16/2005 04:15 PM]
"ISUSPM Startup"="c:\PROGRA~1\COMM ON~1\INSTA L~1\UPDATE ~1\isuspm. exe" [02/16/2005 04:15 PM]
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run]
"ctfmon.exe"="C:\WINDOWS\s ystem32\ct fmon.exe" [08/04/2004 08:00 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo! \MESSEN~1\ YAHOOM~1.e xe" [08/30/2007 05:43 PM]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows \currentve rsion\runs ervices]
"Microsoft Update Machine"=tvgyiy.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe [10/7/2007 12:17:30 AM]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows \currentve rsion\poli cies\explo rer]
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_USERS\.default\softw are\micros oft\window s\currentv ersion\pol icies\expl orer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=01
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupfold er\C:^Docu ments and Settings^All Users^Start Menu^Programs^Startup^Icat ch(VI) SnapDetect.lnk]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ BgMonitor_ {79662E04- 7C6C-4d9f- 84C7-88D8A 56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonito r.exe"
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ DNS7remind er]
"C:\Program Files\Nuance\NaturallySpea king9\Prog ram\ereg.e xe" -r "C:\Program Files\Nuance\NaturallySpea king9\Prog ram\ereg.i ni"
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ GrooveMoni tor]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\ISUSPM. exe -startup
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ Microsoft Update Machine]
famrbe.exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ NBKeyScan]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ NeroFilter Check]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck. exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ PWRISOVM.E XE]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ SSBkgdUpda te]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd update.exe -Embedding -boot
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\Yah ooMessenge r.exe" -quiet
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ YSearchPro tection]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\services]
"BITS"=2 (0x2)
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows nt\currentversion\svchost]
bdx scan
-- End of Deckard's System Scanner: finished at 2007-10-16 19:23:21 ------------
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
-- System Information -------------------------- ---------- ---------- ---------- --
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 Processor 3700+
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2047.23 MiB / 1569.67 MiB
Pagefile Memory (total/avail): 3939.66 MiB / 3554.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.43 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 66.06 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 158.02 GiB free.
E: is Fixed (NTFS) - 232.88 GiB total, 9.18 GiB free.
F: is CDROM (CDFS)
G: is Removable (FAT)
\\.\PHYSICALDRIVE0 - WDC WD2500JB-00GVA0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - E:
\\.\PHYSICALDRIVE2 - ST325041 0AS SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - D:
\\.\PHYSICALDRIVE1 - ST380811 AS SCSI Disk Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
\\.\PHYSICALDRIVE3 - Kingston DataTraveler 2.0 USB Device - 1898.31 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 1898.27 MiB - G:
-- Security Center -------------------------- ---------- ---------- ---------- -----
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntivirusOverride is set.
FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender)
[HKLM\System\CurrentContro lSet\Servi ces\Shared Access\Par ameters\Fi rewallPoli cy\DomainP rofile\Aut horizedApp lications\ List]
"%windir%\\system32\\sessm gr.exe"="% windir%\\s ystem32\\s essmgr.exe :*:enabled :@xpsp2res .dll,-2201 9"
"%windir%\\Network Diagnostic\\xpnetdiag.exe" ="%windir% \\Network Diagnostic\\xpnetdiag.exe: *:Enabled: @xpsp3res. dll,-20000 "
[HKLM\System\CurrentContro lSet\Servi ces\Shared Access\Par ameters\Fi rewallPoli cy\Standar dProfile\A uthorizedA pplication s\List]
"%windir%\\system32\\sessm gr.exe"="% windir%\\s ystem32\\s essmgr.exe :*:enabled :@xpsp2res .dll,-2201 9"
"C:\\Program Files\\Yahoo!\\Messenger\\ YahooMesse nger.exe"= "C:\\Progr am Files\\Yahoo!\\Messenger\\ YahooMesse nger.exe:* :Enabled:Y ahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\ YServer.ex e"="C:\\Pr ogram Files\\Yahoo!\\Messenger\\ YServer.ex e:*:Enable d:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe" ="%windir% \\Network Diagnostic\\xpnetdiag.exe: *:Enabled: @xpsp3res. dll,-20000 "
"C:\\Program Files\\Azureus\\Azureus.ex e"="C:\\Pr ogram Files\\Azureus\\Azureus.ex e:*:Enable d:Azureus"
"C:\\Program Files\\Bonjour\\mDNSRespon der.exe"=" C:\\Progra m Files\\Bonjour\\mDNSRespon der.exe:*: Enabled:Bo njour"
"C:\\Program Files\\uTorrent\\utorrent. exe"="C:\\ Program Files\\uTorrent\\utorrent. exe:*:Enab led:µTorre nt"
"C:\\WINDOWS\\system32\\tv gyiy.exe"= "C:\\WINDO WS\\system 32\\tvgyiy .exe:*:Dis abled:tvgy iy"
-- Environment Variables -------------------------- ---------- ---------- ---------
ALLUSERSPROFILE=C:\Documen ts and Settings\All Users
APPDATA=C:\Documents and Settings\David\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Prog ram Files\Common Files
COMPUTERNAME=DAVID-DESKTOP
ComSpec=C:\WINDOWS\system3 2\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\David
LOGONSERVER=\\DAVID-DESKTO P
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C :\WINDOWS; C:\WINDOWS \System32\ Wbem;C:\Pr ogram Files\Diskeeper Corporation\Diskeeper\
PATHEXT=.COM;.EXE;.BAT;.CM D;.VBS;.VB E;.JS;.JSE ;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\David\LOC ALS~1\Temp
TMP=C:\DOCUME~1\David\LOCA LS~1\Temp
USERDOMAIN=DAVID-DESKTOP
USERNAME=David
USERPROFILE=C:\Documents and Settings\David
windir=C:\WINDOWS
-- User Profiles -------------------------- ---------- ---------- ---------- -------
David [I](admin)[/I]
Administrator [I](new local, admin)[/I]
-- Add/Remove Programs -------------------------- ---------- ---------- ---------- -
--> rundll32.exe setupapi.dll,InstallHinfSe ction DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.in f
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D -F862228A6 B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF -1E9AF4EA0 A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5 -D0E5D4831 394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA -5AB681A36 A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86 -4AC4ACD9F C1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA -9170EABEC 59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628 -94388B063 C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A -ECB6B4F2E CD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968 -B77F0FF47 5B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71 -C2F2940EB 029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F -7144877A3 2E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C -7BC878561 24D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4 -D4F22D21F 0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7 -C7E9C38DB FC2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434 -9E72A2894 31B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76 -991F6AB66 245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6 -C364617C6 078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB -F492BAA9C 48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB -398DC480F C05}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F -4D46604D2 462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2 -D4F169117 183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2 -6C8FA8E03 312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552 -7841F48D4 2D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862 -A74A173C2 5C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935 -D7A10EDFD 3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7 -1450E523C 923}
AllToAVI v4 r5394 --> C:\Program Files\AllToAVI\uninst.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiie xx.dll,_In fEngUnInst allINFFile _RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudioConverter --> "C:\Program Files\TotalAudioConverter\ unins000.e xe"
AusLogics Registry Defrag --> "C:\Program Files\AusLogics Registry Defrag\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.ex e
BitDefender Internet Security 2008 --> MsiExec.exe /I{E48949FB-95D7-4818-B45A -DE52BE556 547}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000 -0000000FF 1CE}
D-Link RangeBooster N DWA-542 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTA L~1\PROFES ~1\RunTime \11\50\Int el32\Ctor. dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{6F6F39E3-D24D -4EEE-9AEA -DEDAF9913 85D}\setup .exe" -l0x9 -removeonly
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\ drivers\w3 2x86\3\DLB CUN5C.EXE -dDell Photo Printer 720
Diskeeper 2007 Pro Premier --> MsiExec.exe /X{6EEE934B-F292-4995-95BF -4AE871AC4 2E8}
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E -38C5076A7 DBA}
Duplicate Music Files Finder 1.5.5 --> "C:\Program Files\Duplicate Music Files Finder\unins000.exe"
Easy Duplicate Finder v. 1.4.3.0 --> "C:\Program Files\Easy Duplicate Finder\unins000.exe"
EVEREST Ultimate Edition v2.80 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
foobar2000 v0.9.4.3 --> "C:\Program Files\foobar2000\uninstall .exe"
Images of Ireland Theme for Windows XP --> MsiExec.exe /X{E3387EAB-DFD3-4894-9F4C -B27669D35 ED8}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B -00B0D0160 030}
K-Lite Codec Pack 3.4.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kasper sky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macrom ed\Flash\U ninstFl.ex e
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWIS E.EXE C:\PROGRA~1\MagicISO\INSTA LL.LOG
Magic Utilities 2007 Version 5.30 --> "C:\Program Files\Mgutil\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A -A6A2ABF06 C6B}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE -015004838 3C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF -B2585E8E7 6B7}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7 -972D3C8CE D9E}
Nero 7 Essentials --> MsiExec.exe /I{9FB8CAC0-CCF6-47C9-8EDE -3AC69FD61 033}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0 -410ECF7F7 0A5}
Registry Commander v1.04 --> "C:\Program Files\Aezay Productions\Registry Commander\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins 000.exe"
Super Utilities Pro 7.66 --> "C:\Program Files\SuperLogix\Super Utilities\unins000.exe"
ULi Sata Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTA L~1\engine \6\INTEL3~ 1\Ctor.dll ,LaunchSet up "C:\Program Files\InstallShield Installation Information\{FDC53DC6-137A -4541-BFA2 -A9BAE4A7F E99}\setup .exe"
Uninstall Tool --> "C:\Program Files\Uninstall Tool\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4 -86DD3D22E 333}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D -67A4067FC 6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\ UNIN_Y~1.E XE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr 32 /u C:\PROGRA~1\Yahoo!\Common\ YINSTH~1.D LL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr 32 /u /s C:\PROGRA~1\Yahoo!\Common\ YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~ 1\UNWISE.E XE /U C:\PROGRA~1\Yahoo!\MESSEN~ 1\INSTALL. LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\ unyt.exe
-- Application Event Log -------------------------- ---------- ---------- ---------
Event Record #/Type1460 / Warning
Event Submitted/Written: 10/16/2007 03:52:44 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE- 0150048383 C9}', feature 'ProductNonBootFiles' failed during request for component '{22056900-C842-11D1-A0DD- 00A0C90542 77}'
Event Record #/Type1459 / Warning
Event Submitted/Written: 10/16/2007 03:52:44 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE- 0150048383 C9}', feature 'ProductNonBootFiles', component '{EED59264-D37E-4F24-A622- EA5AB43D0E AC}' failed. The resource 'C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA \OPA11.BAK ' does not exist.
Event Record #/Type1458 / Error
Event Submitted/Written: 10/16/2007 03:45:38 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WiseDiskCleaner.exe, version 2.7.1.83, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1380 / Error
Event Submitted/Written: 10/14/2007 11:38:42 PM
Event ID/Source: 11921 / MsiInstaller
Event Description:
Product: Kaspersky Anti-Virus 7.0 -- Error 1921.Service Kaspersky Anti-Virus 7.0 (AVP) could not be stopped. Verify that you have sufficient privileges to stop system services.
Event Record #/Type1375 / Error
Event Submitted/Written: 10/14/2007 05:47:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nero.exe, version 7.7.5.1, faulting module unknown, version 0.0.0.0, fault address 0x08080774.
Processing media-specific event for [nero.exe!ws!]
-- Security Event Log -------------------------- ---------- ---------- ---------- --
No Errors/Warnings found.
-- System Event Log -------------------------- ---------- ---------- ---------- ----
Event Record #/Type5815 / Warning
Event Submitted/Written: 10/16/2007 02:49:19 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type5798 / Error
Event Submitted/Written: 10/16/2007 05:17:30 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3 328366B909 7}
Event Record #/Type5797 / Error
Event Submitted/Written: 10/16/2007 05:17:30 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3 328366B909 7}
Event Record #/Type5796 / Error
Event Submitted/Written: 10/16/2007 05:17:30 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3 328366B909 7}
Event Record #/Type5764 / Warning
Event Submitted/Written: 10/16/2007 03:58:09 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\JOHN-DESKTOP on the network \Device\NetBT_Tcpip_{F159D 5D5-E846-4 1AD-8002-F 3357B5B7AC 1}.
The data is the error code.
-- End of Deckard's System Scanner: finished at 2007-10-16 19:19:54 ------------
--------------------------
Deckard's System Scanner v20071014.68
Run by David on 2007-10-16 19:20:38
Computer is in Normal Mode.
--------------------------
-- HijackThis (run as David.exe) --------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:55 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\LEXBCE
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\LEXPPS
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefen
C:\Program Files\Common Files\InstallShield\Update
C:\WINDOWS\system32\ctfmon
C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
C:\WINDOWS\system32\devldr
C:\WINDOWS\system32\svchos
C:\Program Files\Common Files\BitDefender\BitDefen
C:\Program Files\BitDefender\BitDefen
C:\Program Files\Common Files\BitDefender\BitDefen
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\notepad.exe
C:\Documents and Settings\David\Desktop\dss
C:\PROGRA~1\TRENDM~1\HIJAC
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-F
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefen
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefen
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA
O4 - HKLM\..\RunServices: [Microsoft Update Machine] tvgyiy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {0D41B8C5-2599-4893-8183-0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9
O16 - DPF: {215B8138-A3CF-44C5-803F-8
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefen
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefen
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefen
--
End of file - 7429 bytes
-- Files created between 2007-09-16 and 2007-10-16 --------------------------
2007-10-16 19:20:49 0 d-------- C:\Program Files\Trend Micro
2007-10-16 17:35:42 0 dr-h----- C:\Documents and Settings\David\Recent
2007-10-16 05:35:19 0 d-------- C:\WINDOWS\system32\Kasper
2007-10-16 05:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
2007-10-16 05:22:48 0 d-------- C:\Program Files\Uninstall Tool
2007-10-16 00:30:22 0 d-------- C:\Documents and Settings\David\Application
2007-10-16 00:30:08 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-15 22:01:40 81984 --a------ C:\WINDOWS\system32\bdod.b
2007-10-15 22:01:01 0 d-------- C:\Program Files\BitDefender
2007-10-15 22:00:27 0 d-------- C:\Program Files\Common Files\BitDefender
2007-10-15 17:04:34 0 d-------- C:\WINDOWS\BDOSCAN8
2007-10-15 04:37:47 0 d-------- C:\Program Files\SonicWallES
2007-10-15 00:07:14 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-14 17:13:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 13:43:41 0 d-------- C:\WINDOWS\system32\ZoneLa
2007-10-14 00:46:30 0 d-------- C:\KAV
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\zts2.exe
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\system32\vcmgcd
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\system32\iifgfg
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\rundll16.exe
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\rundl132.dll
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\logo1_.exe
2007-10-13 04:17:28 0 d-------- C:\Program Files\Wise Registry Cleaner
2007-10-13 04:16:49 0 d-------- C:\Program Files\Aezay Productions
2007-10-13 04:10:22 0 d-------- C:\Program Files\AusLogics Registry Defrag
2007-10-12 22:49:54 0 d-------- C:\Documents and Settings\David\Application
2007-10-12 22:49:50 0 d-------- C:\Program Files\foobar2000
2007-10-12 17:55:16 0 d-------- C:\Program Files\Common Files\Scansoft Shared
2007-10-12 17:55:16 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-10-12 17:55:02 0 d-------- C:\Program Files\Nuance
2007-10-12 16:44:57 0 d-------- C:\Program Files\Easy Duplicate Finder
2007-10-12 16:43:40 0 d-------- C:\Program Files\Duplicate Music Files Finder
2007-10-12 16:24:08 0 --a------ C:\WINDOWS\system32\suupda
2007-10-12 16:24:08 0 --a------ C:\WINDOWS\system32\mssuru
2007-10-12 16:24:08 269824 --a------ C:\WINDOWS\system32\baksm.
2007-10-12 16:23:59 2281472 --a------ C:\WINDOWS\system32\vbsbak
2007-10-12 16:23:59 42 --a------ C:\WINDOWS\system32\vb6soc
2007-10-12 16:23:59 269824 --a------ C:\WINDOWS\system32\superm
2007-10-12 16:23:59 0 d-------- C:\WINDOWS\system32\IOSUBS
2007-10-12 16:23:59 43936 --a------ C:\WINDOWS\system32\driver
2007-10-12 16:23:59 591872 --a------ C:\WINDOWS\system32\contex
2007-10-12 16:23:59 269824 --a------ C:\WINDOWS\system32\baksm.
2007-10-12 16:23:59 0 d-------- C:\Program Files\SuperLogix
2007-10-12 15:36:47 0 d-------- C:\Program Files\Mgutil
2007-10-12 04:06:18 0 d-------- C:\Program Files\Wise Disk Cleaner
2007-10-11 23:59:00 0 d-------- C:\Program Files\SpywareBlaster
2007-10-11 22:58:27 28672 --a------ C:\WINDOWS\system32\driver
2007-10-11 18:57:35 0 d-------- C:\Program Files\QuickTime
2007-10-11 18:40:32 0 d-------- C:\WINDOWS\Sun
2007-10-11 18:40:32 0 d-------- C:\Documents and Settings\David\Application
2007-10-11 18:40:06 0 d-------- C:\Program Files\Java
2007-10-11 18:39:56 0 d-------- C:\Program Files\Common Files\Java
2007-10-11 18:34:58 0 d-------- C:\Documents and Settings\David\.housecall6
2007-10-11 12:24:05 0 d-------- C:\Program Files\TotalAudioConverter
2007-10-10 19:58:42 0 d-------- C:\Program Files\MSECache
2007-10-10 19:52:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-10 19:52:10 0 d-------- C:\WINDOWS\SHELLNEW
2007-10-10 19:51:10 0 d-------- C:\Program Files\Microsoft.NET
2007-10-09 16:20:53 0 d-------- C:\Documents and Settings\David\Application
2007-10-09 16:15:57 0 d-------- C:\Program Files\Nero
2007-10-09 16:15:57 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-09 16:07:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-09 15:25:25 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-09 04:09:23 0 d-------- C:\Program Files\Seagate
2007-10-09 03:33:33 0 d-------- C:\Documents and Settings\David\Application
2007-10-09 02:36:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 01:53:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-08 01:18:26 0 d-------- C:\Program Files\Bonjour
2007-10-08 01:10:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-08 00:57:25 0 d-------- C:\Program Files\MagicISO
2007-10-08 00:39:32 639224 --a------ C:\WINDOWS\system32\driver
2007-10-07 00:17:29 237636 --a------ C:\WINDOWS\system32\wsimd.
2007-10-07 00:17:29 245830 --a------ C:\WINDOWS\system32\wsfwDS
2007-10-07 00:17:29 53248 -ra------ C:\WINDOWS\system32\dsaNac
2007-10-07 00:17:29 1253432 -ra------ C:\WINDOWS\system32\dsa.dl
2007-10-07 00:17:29 0 d-------- C:\WINDOWS\pcidevice
2007-10-07 00:17:29 0 d-------- C:\Program Files\D-Link
2007-10-06 18:44:54 0 d-------- C:\Documents and Settings\David\Application
2007-10-06 18:42:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-05 19:41:15 0 d-------- C:\Program Files\Marvell
2007-10-05 19:37:24 5824 --a------ C:\WINDOWS\system32\driver
2007-10-04 13:52:54 399872 --a------ C:\WINDOWS\c4dstand.dll
2007-10-04 13:52:53 438272 --a------ C:\WINDOWS\c4dll.dll <Not Verified; Sequiter Software Inc.; CodeBase>
2007-10-04 13:52:39 98304 --a------ C:\WINDOWS\system32\tsccvi
2007-10-04 13:52:39 0 d-------- C:\Program Files\LearnKey
2007-10-04 13:52:36 487936 --a------ C:\WINDOWS\LkUnInst.exe <Not Verified; LearnKey, Inc.; >
2007-10-03 22:55:26 0 d-------- C:\temp
2007-10-02 20:58:47 0 d-------- C:\WINDOWS\PAC207
2007-10-02 00:18:12 1075 --a------ C:\Documents and Settings\David\Application
2007-10-01 19:09:02 0 d-------- C:\Documents and Settings\David\Application
2007-10-01 19:03:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nuance
2007-10-01 17:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-01 17:17:35 0 d-------- C:\WINDOWS\speech
2007-10-01 02:24:27 0 d------c- C:\WINDOWS\system32\DRVSTO
2007-10-01 02:23:46 0 d-------- C:\Program Files\MSXML 4.0
2007-10-01 01:53:31 0 d-------- C:\Program Files\Anark
2007-09-30 23:56:43 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-09-30 23:56:38 0 d-------- C:\Documents and Settings\David\WINDOWS
2007-09-28 23:05:33 0 d-------- C:\Program Files\MSXML 6.0
2007-09-28 20:57:19 0 d-------- C:\WINDOWS\system32\XPSVie
2007-09-28 20:56:58 0 d-------- C:\Program Files\Reference Assemblies
2007-09-28 20:52:33 0 d-------- C:\WINDOWS\system32\URTTem
2007-09-28 20:33:08 0 d-------- C:\Program Files\MTV Networks
2007-09-28 20:33:04 0 d-------- C:\WINDOWS\Downloaded Installations
2007-09-28 20:09:30 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-28 20:08:23 0 d-------- C:\WINDOWS\system32\LogFil
2007-09-28 20:08:23 0 d-------- C:\WINDOWS\system32\driver
2007-09-28 20:00:19 0 d-------- C:\WINDOWS\network diagnostic
2007-09-28 19:59:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-09-28 19:35:44 0 d-------- C:\Program Files\Diskeeper Corporation
2007-09-28 16:52:49 0 d--hs---- C:\Diskeeper
2007-09-28 16:09:53 0 d-------- C:\Documents and Settings\David\Application
2007-09-28 01:39:11 0 d-------- C:\WINDOWS\Wallpaper Of Wow
2007-09-27 22:22:02 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 22:09:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-27 22:07:44 0 d-------- C:\Program Files\Yahoo!
2007-09-27 19:19:21 29696 -----n--- C:\WINDOWS\system32\dev32.
2007-09-27 19:19:16 163840 -----n--- C:\WINDOWS\system32\coin52
2007-09-27 18:01:51 0 d-------- C:\Program Files\MSBuild
2007-09-27 17:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-27 17:19:07 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 17:11:35 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 17:10:34 217088 --a------ C:\WINDOWS\system32\yv12vf
2007-09-27 17:10:34 282624 --a------ C:\WINDOWS\system32\xvidvf
2007-09-27 17:10:34 1559040 --a------ C:\WINDOWS\system32\xvidco
2007-09-27 17:10:33 3596288 --a------ C:\WINDOWS\system32\qt-dx3
2007-09-27 17:10:33 73728 --a------ C:\WINDOWS\system32\dpl100
2007-09-27 17:10:33 740442 --a------ C:\WINDOWS\system32\divx.d
2007-09-27 17:10:32 7680 --a------ C:\WINDOWS\system32\ff_vfw
2007-09-27 17:10:31 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-27 17:03:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-27 17:03:24 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-27 17:00:32 0 d-------- C:\WINDOWS\pss
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Tem
2007-09-27 16:47:23 0 dr------- C:\Documents and Settings\Administrator\Sta
2007-09-27 16:47:23 0 dr-h----- C:\Documents and Settings\Administrator\Sen
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Rec
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Pri
2007-09-27 16:47:23 524288 --ah----- C:\Documents and Settings\Administrator\NTU
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Net
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Loc
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Fav
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Des
2007-09-27 16:47:23 0 d---s---- C:\Documents and Settings\Administrator\Coo
2007-09-27 16:47:23 0 dr-h----- C:\Documents and Settings\Administrator\App
2007-09-27 16:47:23 0 d---s---- C:\Documents and Settings\Administrator\App
2007-09-27 16:32:20 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 16:02:50 830 --a------ C:\WINDOWS\system32\instal
2007-09-27 15:44:50 851456 --a------ C:\WINDOWS\system32\WGA.ex
2007-09-27 15:44:30 512 --a------ C:\ScanSectorLog.dat
2007-09-27 14:36:47 0 d-------- C:\Program Files\DAMN NFO Viewer
2007-09-27 14:36:15 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 14:06:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-09-27 14:06:57 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 14:06:07 0 d-------- C:\Program Files\Azureus
2007-09-27 13:54:35 4212 ---h----- C:\WINDOWS\system32\zllict
2007-09-27 13:54:26 11264 --a------ C:\WINDOWS\system32\SpOrde
2007-09-27 13:53:49 0 d-------- C:\WINDOWS\Internet Logs
2007-09-27 13:49:08 0 d-------- C:\WINDOWS\system32\appmgm
2007-09-27 13:25:13 0 d-------- C:\WINDOWS\system32\PreIns
2007-09-27 13:25:12 0 d--h----- C:\WINDOWS\$hf_mig$
2007-09-27 13:23:03 0 d--hs---- C:\Documents and Settings\David\UserData
2007-09-27 13:21:20 0 d-------- C:\WINDOWS\system32\Softwa
2007-09-27 13:09:06 40636 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 912 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 964 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 936 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 255360 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 40636 -ra------ C:\WINDOWS\system\WLANGEN.
2007-09-27 13:09:06 912 -ra------ C:\WINDOWS\system\RADIO15.
2007-09-27 13:09:06 964 -ra------ C:\WINDOWS\system\RADIO11.
2007-09-27 13:09:06 936 -ra------ C:\WINDOWS\system\RADIO0d.
2007-09-27 12:59:50 0 d-------- C:\Program Files\AllToAVI
2007-09-27 12:59:21 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 12:56:18 0 d-------- C:\Program Files\Lavalys
2007-09-27 12:55:13 0 d-------- C:\Program Files\DSC Driver
2007-09-27 12:35:45 0 d-------- C:\WINDOWS\system32\Reinst
2007-09-27 12:35:44 0 d-------- C:\WINDOWS\system32\Data
2007-09-27 12:35:36 49152 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-09-27 12:24:35 593920 -----n--- C:\WINDOWS\system32\ati2sg
2007-09-27 12:24:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-27 12:24:16 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-27 12:24:11 0 d-------- C:\ATI
2007-09-27 12:23:27 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\Templates
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\Start Menu
2007-09-27 12:23:20 0 dr-h----- C:\Documents and Settings\David\SendTo
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\PrintHood
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\NetHood
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\My Documents
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\Local Settings
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\Favorites
2007-09-27 12:23:20 0 d-------- C:\Documents and Settings\David\Desktop
2007-09-27 12:23:20 0 d--hs---- C:\Documents and Settings\David\Cookies
2007-09-27 12:23:20 0 dr-h----- C:\Documents and Settings\David\Application
2007-09-27 12:23:19 4456448 --a------ C:\Documents and Settings\David\NTUSER.DAT
2007-09-27 12:22:37 0 d-------- C:\WINDOWS\SoftwareDistrib
2007-09-27 12:22:36 0 d---s---- C:\WINDOWS\system32\Micros
2007-09-27 12:22:36 0 d-------- C:\WINDOWS\Prefetch
2007-09-27 12:22:35 229376 --ah----- C:\Documents and Settings\LocalService\NTUS
2007-09-27 12:22:35 0 d--h----- C:\Documents and Settings\LocalService\Loca
2007-09-27 12:22:35 0 d--hs---- C:\Documents and Settings\LocalService\Cook
2007-09-27 12:22:35 0 d-------- C:\Documents and Settings\LocalService\Appl
2007-09-27 12:22:35 0 d---s---- C:\Documents and Settings\LocalService\Appl
2007-09-27 12:18:04 229376 --ah----- C:\Documents and Settings\NetworkService\NT
2007-09-27 12:18:04 0 d--h----- C:\Documents and Settings\NetworkService\Lo
2007-09-27 12:18:04 0 d--hs---- C:\Documents and Settings\NetworkService\Co
2007-09-27 12:18:04 0 d-------- C:\Documents and Settings\NetworkService\Ap
2007-09-27 12:18:04 0 d---s---- C:\Documents and Settings\NetworkService\Ap
2007-09-27 12:14:59 0 d-------- C:\WINDOWS\system32\xircom
2007-09-27 12:14:59 0 d-------- C:\Program Files\microsoft frontpage
2007-09-27 12:14:51 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-09-27 12:14:47 0 -rahs---- C:\MSDOS.SYS
2007-09-27 12:14:47 0 -rahs---- C:\IO.SYS
2007-09-27 12:14:47 0 --a------ C:\CONFIG.SYS
2007-09-27 12:14:47 0 -----n--- C:\AUTOEXEC.BAT
2007-09-27 12:14:03 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-09-27 12:13:57 0 d-------- C:\WINDOWS\Offline Web Pages
2007-09-27 12:13:57 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-09-27 12:13:48 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-27 12:13:34 0 d-------- C:\WINDOWS\system32\Direct
2007-09-27 12:13:04 0 d---s---- C:\WINDOWS\Tasks
2007-09-27 12:13:03 0 d-------- C:\Program Files\Common Files\MSSoap
2007-09-27 12:12:59 0 d-------- C:\WINDOWS\system32\Macrom
2007-09-27 12:12:59 0 d-------- C:\WINDOWS\srchasst
2007-09-27 12:12:51 0 d-------- C:\Program Files\Movie Maker
2007-09-27 12:12:43 0 d-------- C:\WINDOWS\system32\Restor
2007-09-27 12:12:14 21640 --a------ C:\WINDOWS\system32\emptyr
2007-09-27 12:12:02 0 d-------- C:\WINDOWS\Registration
2007-09-27 12:11:57 0 d-------- C:\Program Files\Online Services
2007-09-27 12:11:52 0 d-------- C:\Program Files\Messenger
2007-09-27 12:11:48 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-27 12:11:12 0 d-------- C:\Program Files\Windows NT
2007-09-27 12:11:09 0 d-------- C:\WINDOWS\system32\MsDtc
2007-09-27 12:11:07 0 d-------- C:\WINDOWS\system32\Com
2007-09-27 08:05:30 0 d--hs---- C:\WINDOWS\Installer
2007-09-27 08:05:30 0 d-------- C:\Program Files\Common Files\ODBC
2007-09-27 08:05:27 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-09-27 08:05:26 0 d-------- C:\Program Files
2007-09-27 08:05:26 0 d-------- C:\Program Files\Common Files
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-09-27 08:05:05 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Local Settings
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-09-27 08:05:05 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\All Users\Documents
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-09-27 08:04:47 0 d-------- C:\WINDOWS\system32\CatRoo
2007-09-27 08:04:47 0 d-------- C:\WINDOWS\system32\CatRoo
2007-09-27 08:04:41 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-09-27 08:04:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-09-27 08:04:41 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-09-27 08:04:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-09-27 08:04:04 0 d-------- C:\Documents and Settings
2007-09-27 08:04:03 0 d--hs---- C:\System Volume Information
2007-09-27 07:57:20 0 d-------- C:\WINDOWS
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\WinSxS
2007-09-27 07:57:20 0 dr------- C:\WINDOWS\Web
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\twain_32
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\wins
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\wbem
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\usmt
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\spool
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ShellE
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\Setup
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ras
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\oobe
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\npp
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\mui
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\inetsr
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\IME
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\icsxml
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ias
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\export
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver
2007-09-27 07:57:20 0 d------c- C:\WINDOWS\system32\dllcac
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\dhcp
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\config
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\3com_d
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\3076
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\2052
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1054
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1042
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1041
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1037
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1033
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1031
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1028
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1025
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\security
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Resources
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Provisioning
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\PeerNet
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\pchealth
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\mui
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\msapps
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\msagent
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Media
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\java
2007-09-27 07:57:20 0 d--h----- C:\WINDOWS\inf
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\ime
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Help
2007-09-27 07:57:20 0 dr--s---- C:\WINDOWS\Fonts
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\ehome
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Driver Cache
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Debug
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Cursors
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Connection Wizard
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Config
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\AppPatch
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\addins
-- Find3M Report --------------------------
2007-09-27 08:05:05 62 --ahs---- C:\Documents and Settings\David\Application
2007-07-20 15:54:30 77824 --a------ C:\WINDOWS\system32\xcomm.
-- Registry Dump --------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWA
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefen
"BDAgent"="C:\Program Files\BitDefender\BitDefen
"ISUSScheduler"="C:\Progra
"ISUSPM Startup"="c:\PROGRA~1\COMM
[HKEY_CURRENT_USER\SOFTWAR
"ctfmon.exe"="C:\WINDOWS\s
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!
[HKEY_LOCAL_MACHINE\softwa
"Microsoft Update Machine"=tvgyiy.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe [10/7/2007 12:17:30 AM]
[HKEY_LOCAL_MACHINE\softwa
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_USERS\.default\softw
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=01
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\softwa
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonito
[HKEY_LOCAL_MACHINE\softwa
"C:\Program Files\Nuance\NaturallySpea
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
C:\PROGRA~1\COMMON~1\INSTA
[HKEY_LOCAL_MACHINE\softwa
famrbe.exe
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd
[HKEY_LOCAL_MACHINE\softwa
"C:\Program Files\Yahoo!\Messenger\Yah
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
"BITS"=2 (0x2)
[HKEY_LOCAL_MACHINE\softwa
bdx scan
-- End of Deckard's System Scanner: finished at 2007-10-16 19:23:21 ------------
--------------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------
-- System Information --------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 Processor 3700+
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2047.23 MiB / 1569.67 MiB
Pagefile Memory (total/avail): 3939.66 MiB / 3554.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.43 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 66.06 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 158.02 GiB free.
E: is Fixed (NTFS) - 232.88 GiB total, 9.18 GiB free.
F: is CDROM (CDFS)
G: is Removable (FAT)
\\.\PHYSICALDRIVE0 - WDC WD2500JB-00GVA0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - E:
\\.\PHYSICALDRIVE2 - ST325041 0AS SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - D:
\\.\PHYSICALDRIVE1 - ST380811 AS SCSI Disk Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
\\.\PHYSICALDRIVE3 - Kingston DataTraveler 2.0 USB Device - 1898.31 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 1898.27 MiB - G:
-- Security Center --------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntivirusOverride is set.
FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender)
[HKLM\System\CurrentContro
"%windir%\\system32\\sessm
"%windir%\\Network Diagnostic\\xpnetdiag.exe"
[HKLM\System\CurrentContro
"%windir%\\system32\\sessm
"C:\\Program Files\\Yahoo!\\Messenger\\
"C:\\Program Files\\Yahoo!\\Messenger\\
"%windir%\\Network Diagnostic\\xpnetdiag.exe"
"C:\\Program Files\\Azureus\\Azureus.ex
"C:\\Program Files\\Bonjour\\mDNSRespon
"C:\\Program Files\\uTorrent\\utorrent.
"C:\\WINDOWS\\system32\\tv
-- Environment Variables --------------------------
ALLUSERSPROFILE=C:\Documen
APPDATA=C:\Documents and Settings\David\Application
CLIENTNAME=Console
CommonProgramFiles=C:\Prog
COMPUTERNAME=DAVID-DESKTOP
ComSpec=C:\WINDOWS\system3
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\David
LOGONSERVER=\\DAVID-DESKTO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C
PATHEXT=.COM;.EXE;.BAT;.CM
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\David\LOC
TMP=C:\DOCUME~1\David\LOCA
USERDOMAIN=DAVID-DESKTOP
USERNAME=David
USERPROFILE=C:\Documents and Settings\David
windir=C:\WINDOWS
-- User Profiles --------------------------
David [I](admin)[/I]
Administrator [I](new local, admin)[/I]
-- Add/Remove Programs --------------------------
--> rundll32.exe setupapi.dll,InstallHinfSe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7
AllToAVI v4 r5394 --> C:\Program Files\AllToAVI\uninst.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiie
AudioConverter --> "C:\Program Files\TotalAudioConverter\
AusLogics Registry Defrag --> "C:\Program Files\AusLogics Registry Defrag\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.ex
BitDefender Internet Security 2008 --> MsiExec.exe /I{E48949FB-95D7-4818-B45A
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000
D-Link RangeBooster N DWA-542 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTA
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\
Diskeeper 2007 Pro Premier --> MsiExec.exe /X{6EEE934B-F292-4995-95BF
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E
Duplicate Music Files Finder 1.5.5 --> "C:\Program Files\Duplicate Music Files Finder\unins000.exe"
Easy Duplicate Finder v. 1.4.3.0 --> "C:\Program Files\Easy Duplicate Finder\unins000.exe"
EVEREST Ultimate Edition v2.80 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
foobar2000 v0.9.4.3 --> "C:\Program Files\foobar2000\uninstall
Images of Ireland Theme for Windows XP --> MsiExec.exe /X{E3387EAB-DFD3-4894-9F4C
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B
K-Lite Codec Pack 3.4.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kasper
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macrom
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWIS
Magic Utilities 2007 Version 5.30 --> "C:\Program Files\Mgutil\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7
Nero 7 Essentials --> MsiExec.exe /I{9FB8CAC0-CCF6-47C9-8EDE
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0
Registry Commander v1.04 --> "C:\Program Files\Aezay Productions\Registry Commander\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins
Super Utilities Pro 7.66 --> "C:\Program Files\SuperLogix\Super Utilities\unins000.exe"
ULi Sata Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTA
Uninstall Tool --> "C:\Program Files\Uninstall Tool\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\
-- Application Event Log --------------------------
Event Record #/Type1460 / Warning
Event Submitted/Written: 10/16/2007 03:52:44 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-
Event Record #/Type1459 / Warning
Event Submitted/Written: 10/16/2007 03:52:44 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-
Event Record #/Type1458 / Error
Event Submitted/Written: 10/16/2007 03:45:38 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WiseDiskCleaner.exe, version 2.7.1.83, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1380 / Error
Event Submitted/Written: 10/14/2007 11:38:42 PM
Event ID/Source: 11921 / MsiInstaller
Event Description:
Product: Kaspersky Anti-Virus 7.0 -- Error 1921.Service Kaspersky Anti-Virus 7.0 (AVP) could not be stopped. Verify that you have sufficient privileges to stop system services.
Event Record #/Type1375 / Error
Event Submitted/Written: 10/14/2007 05:47:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nero.exe, version 7.7.5.1, faulting module unknown, version 0.0.0.0, fault address 0x08080774.
Processing media-specific event for [nero.exe!ws!]
-- Security Event Log --------------------------
No Errors/Warnings found.
-- System Event Log --------------------------
Event Record #/Type5815 / Warning
Event Submitted/Written: 10/16/2007 02:49:19 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type5798 / Error
Event Submitted/Written: 10/16/2007 05:17:30 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3
Event Record #/Type5797 / Error
Event Submitted/Written: 10/16/2007 05:17:30 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3
Event Record #/Type5796 / Error
Event Submitted/Written: 10/16/2007 05:17:30 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3
Event Record #/Type5764 / Warning
Event Submitted/Written: 10/16/2007 03:58:09 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\JOHN-DESKTOP on the network \Device\NetBT_Tcpip_{F159D
The data is the error code.
-- End of Deckard's System Scanner: finished at 2007-10-16 19:19:54 ------------
Yes, it's definitely a backdoor SDBot.
Please download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.
A text file should automatically open, so please copy the contents and post them here. We also need you to post a new HijackThis log.
Please download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.
A text file should automatically open, so please copy the contents and post them here. We also need you to post a new HijackThis log.
EDIT: Instead of posting a HijackThis log at the end please post another Deckards Scanner Log.
Thanks,
Dave
Thanks,
Dave
ASKER
Dave,
No Thank you for your help. I running the SDFix fix tool. When you run Deckards it will ask you if it can install and run HijackThis. Is this normal? Looks like it found something. How radicial is this trojan and how can I ensure their is nothing else resident and laying in incoignito on my PC?
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --------
SDFix: Version 1.109
Run by David on Tue 10/16/2007 at 08:10 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\regedit.com - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchos t.exe
No streams found.
C:\WINDOWS\system32\ntoskr nl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system \currentco ntrolset\s ervices\sh aredaccess \parameter s\firewall policy\sta ndardprofi le\authori zedapplica tions\list ]
"%windir%\\system32\\sessm gr.exe"="% windir%\\s ystem32\\s essmgr.exe :*:enabled :@xpsp2res .dll,-2201 9"
"C:\\Program Files\\Yahoo!\\Messenger\\ YahooMesse nger.exe"= "C:\\Progr am Files\\Yahoo!\\Messenger\\ YahooMesse nger.exe:* :Enabled:Y ahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\ YServer.ex e"="C:\\Pr ogram Files\\Yahoo!\\Messenger\\ YServer.ex e:*:Enable d:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe" ="%windir% \\Network Diagnostic\\xpnetdiag.exe: *:Enabled: @xpsp3res. dll,-20000 "
"C:\\Program Files\\Azureus\\Azureus.ex e"="C:\\Pr ogram Files\\Azureus\\Azureus.ex e:*:Enable d:Azureus"
"C:\\Program Files\\Bonjour\\mDNSRespon der.exe"=" C:\\Progra m Files\\Bonjour\\mDNSRespon der.exe:*: Enabled:Bo njour"
"C:\\Program Files\\uTorrent\\utorrent. exe"="C:\\ Program Files\\uTorrent\\utorrent. exe:*:Enab led:æTorre nt"
"C:\\WINDOWS\\system32\\tv gyiy.exe"= "C:\\WINDO WS\\system 32\\tvgyiy .exe:*:Dis abled:tvgy iy"
[HKEY_LOCAL_MACHINE\system \currentco ntrolset\s ervices\sh aredaccess \parameter s\firewall policy\dom ainprofile \authorize dapplicati ons\list]
"%windir%\\system32\\sessm gr.exe"="% windir%\\s ystem32\\s essmgr.exe :*:enabled :@xpsp2res .dll,-2201 9"
"%windir%\\Network Diagnostic\\xpnetdiag.exe" ="%windir% \\Network Diagnostic\\xpnetdiag.exe: *:Enabled: @xpsp3res. dll,-20000 "
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.z ip
Files with Hidden Attributes:
Fri 12 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tm p"
Finished!
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----
Deckard's System Scanner v20071014.68
Run by David on 2007-10-16 20:17:34
Computer is in Normal Mode.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
-- HijackThis (run as David.exe) -------------------------- ---------- ---------- -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:38 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\LEXBCE S.EXE
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\LEXPPS .EXE
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe rvice.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Common Files\BitDefender\BitDefen der Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefen der Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefen der 2008\vsserv.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\wuaucl t.exe
C:\Program Files\BitDefender\BitDefen der 2008\bdagent.exe
C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\devldr 32.exe
C:\Documents and Settings\David\Desktop\dss .exe
C:\PROGRA~1\TRENDM~1\HIJAC K~1\David. exe
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2 FC0DE4A789 7} - C:\Program Files\Yahoo!\Common\yiesrv c.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-F C6124A40F8 C} - C:\Program Files\BitDefender\BitDefen der 2008\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefen der 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefen der 2008\bdagent.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\isuspm. exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\Yah ooMessenge r.exe" -quiet
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2 FC0DE4A789 7} - C:\Program Files\Yahoo!\Common\yiesrv c.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0 800200c9a6 6} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0 800200c9a6 6} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D 3488ABDDC6 B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-0 0195EC8D5F 9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9 BD8C29F7F7 5} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8 226143CFC0 A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0 0105AA9B6A E} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-f a1d4f56a2a b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth elper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D 4730F4EE49 9} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E 099162EEEC 5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0 0805F499D9 3} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg ag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe rvice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ ice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCE S.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefen der Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefen der 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefen der Communicator\xcommsvr.exe
--
End of file - 7385 bytes
-- Files created between 2007-09-16 and 2007-10-16 -------------------------- ---
2007-10-16 20:09:55 0 d-------- C:\WINDOWS\ERUNT
2007-10-16 20:03:34 0 dr-h----- C:\Documents and Settings\David\Recent
2007-10-16 19:20:49 0 d-------- C:\Program Files\Trend Micro
2007-10-16 05:35:19 0 d-------- C:\WINDOWS\system32\Kasper sky Lab
2007-10-16 05:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
2007-10-16 05:22:48 0 d-------- C:\Program Files\Uninstall Tool
2007-10-16 00:30:22 0 d-------- C:\Documents and Settings\David\Application Data\Bitdefender
2007-10-16 00:30:08 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-15 22:01:40 81984 --a------ C:\WINDOWS\system32\bdod.b in
2007-10-15 22:01:01 0 d-------- C:\Program Files\BitDefender
2007-10-15 22:00:27 0 d-------- C:\Program Files\Common Files\BitDefender
2007-10-15 17:04:34 0 d-------- C:\WINDOWS\BDOSCAN8
2007-10-15 04:37:47 0 d-------- C:\Program Files\SonicWallES
2007-10-15 00:07:14 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-14 17:13:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 13:43:41 0 d-------- C:\WINDOWS\system32\ZoneLa bs
2007-10-14 00:46:30 0 d-------- C:\KAV
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\zts2.exe
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\system32\vcmgcd 32.dll
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\system32\iifgfg f.dll
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\rundll16.exe
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\rundl132.dll
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\logo1_.exe
2007-10-13 04:17:28 0 d-------- C:\Program Files\Wise Registry Cleaner
2007-10-13 04:16:49 0 d-------- C:\Program Files\Aezay Productions
2007-10-13 04:10:22 0 d-------- C:\Program Files\AusLogics Registry Defrag
2007-10-12 22:49:54 0 d-------- C:\Documents and Settings\David\Application Data\foobar2000
2007-10-12 22:49:50 0 d-------- C:\Program Files\foobar2000
2007-10-12 17:55:16 0 d-------- C:\Program Files\Common Files\Scansoft Shared
2007-10-12 17:55:16 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-10-12 17:55:02 0 d-------- C:\Program Files\Nuance
2007-10-12 16:44:57 0 d-------- C:\Program Files\Easy Duplicate Finder
2007-10-12 16:43:40 0 d-------- C:\Program Files\Duplicate Music Files Finder
2007-10-12 16:24:08 0 --a------ C:\WINDOWS\system32\suupda te.dat
2007-10-12 16:24:08 0 --a------ C:\WINDOWS\system32\mssuru n.dat
2007-10-12 16:24:08 269824 --a------ C:\WINDOWS\system32\baksm. dll
2007-10-12 16:23:59 2281472 --a------ C:\WINDOWS\system32\vbsbak .dat <Not Verified; SuperLogix; Super Utilities>
2007-10-12 16:23:59 42 --a------ C:\WINDOWS\system32\vb6soc k.dll
2007-10-12 16:23:59 269824 --a------ C:\WINDOWS\system32\superm enuhook.dl l
2007-10-12 16:23:59 0 d-------- C:\WINDOWS\system32\IOSUBS YS
2007-10-12 16:23:59 43936 --a------ C:\WINDOWS\system32\driver s\HWFProt. sys <Not Verified; Alfa Corporation; AlfaFP (TM) 2003 Ansi Build for Windows NT/2K>
2007-10-12 16:23:59 591872 --a------ C:\WINDOWS\system32\contex t.dll <Not Verified; SuperLogix; Enhancement to context menu>
2007-10-12 16:23:59 269824 --a------ C:\WINDOWS\system32\baksm. dat
2007-10-12 16:23:59 0 d-------- C:\Program Files\SuperLogix
2007-10-12 15:36:47 0 d-------- C:\Program Files\Mgutil
2007-10-12 04:06:18 0 d-------- C:\Program Files\Wise Disk Cleaner
2007-10-11 23:59:00 0 d-------- C:\Program Files\SpywareBlaster
2007-10-11 22:58:27 28672 --a------ C:\WINDOWS\system32\driver s\CO_Mon.s ys
2007-10-11 18:57:35 0 d-------- C:\Program Files\QuickTime
2007-10-11 18:40:32 0 d-------- C:\WINDOWS\Sun
2007-10-11 18:40:32 0 d-------- C:\Documents and Settings\David\Application Data\Sun
2007-10-11 18:40:06 0 d-------- C:\Program Files\Java
2007-10-11 18:39:56 0 d-------- C:\Program Files\Common Files\Java
2007-10-11 18:34:58 0 d-------- C:\Documents and Settings\David\.housecall6 .6
2007-10-11 12:24:05 0 d-------- C:\Program Files\TotalAudioConverter
2007-10-10 19:58:42 0 d-------- C:\Program Files\MSECache
2007-10-10 19:52:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-10 19:52:10 0 d-------- C:\WINDOWS\SHELLNEW
2007-10-10 19:51:10 0 d-------- C:\Program Files\Microsoft.NET
2007-10-09 16:20:53 0 d-------- C:\Documents and Settings\David\Application Data\Ahead
2007-10-09 16:15:57 0 d-------- C:\Program Files\Nero
2007-10-09 16:15:57 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-09 16:07:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-09 15:25:25 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-09 04:09:23 0 d-------- C:\Program Files\Seagate
2007-10-09 03:33:33 0 d-------- C:\Documents and Settings\David\Application Data\uTorrent
2007-10-09 02:36:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 01:53:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-08 01:18:26 0 d-------- C:\Program Files\Bonjour
2007-10-08 01:10:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-08 00:57:25 0 d-------- C:\Program Files\MagicISO
2007-10-08 00:39:32 639224 --a------ C:\WINDOWS\system32\driver s\sptd.sys
2007-10-07 00:17:29 237636 --a------ C:\WINDOWS\system32\wsimd. dll <Not Verified; Atheros Communications, Inc.; wsimd>
2007-10-07 00:17:29 245830 --a------ C:\WINDOWS\system32\wsfwDS .dll <Not Verified; Atheros Communications, Inc.; wsfwds>
2007-10-07 00:17:29 53248 -ra------ C:\WINDOWS\system32\dsaNac .dll <Not Verified; Devicescape, Inc.; Devicescape NAC Notify DLL>
2007-10-07 00:17:29 1253432 -ra------ C:\WINDOWS\system32\dsa.dl l <Not Verified; Devicescape; Devicescape Windows WPA Supplicant (Core 0.4.3)>
2007-10-07 00:17:29 0 d-------- C:\WINDOWS\pcidevice
2007-10-07 00:17:29 0 d-------- C:\Program Files\D-Link
2007-10-06 18:44:54 0 d-------- C:\Documents and Settings\David\Application Data\Nero
2007-10-06 18:42:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-05 19:41:15 0 d-------- C:\Program Files\Marvell
2007-10-05 19:37:24 5824 --a------ C:\WINDOWS\system32\driver s\ASUSHWIO .SYS
2007-10-04 13:52:54 399872 --a------ C:\WINDOWS\c4dstand.dll
2007-10-04 13:52:53 438272 --a------ C:\WINDOWS\c4dll.dll <Not Verified; Sequiter Software Inc.; CodeBase>
2007-10-04 13:52:39 98304 --a------ C:\WINDOWS\system32\tsccvi d.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2007-10-04 13:52:39 0 d-------- C:\Program Files\LearnKey
2007-10-04 13:52:36 487936 --a------ C:\WINDOWS\LkUnInst.exe <Not Verified; LearnKey, Inc.; >
2007-10-03 22:55:26 0 d-------- C:\temp
2007-10-02 20:58:47 0 d-------- C:\WINDOWS\PAC207
2007-10-02 00:18:12 1075 --a------ C:\Documents and Settings\David\Application Data\SAS7_000.DAT
2007-10-01 19:09:02 0 d-------- C:\Documents and Settings\David\Application Data\Nuance
2007-10-01 19:03:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nuance
2007-10-01 17:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-01 17:17:35 0 d-------- C:\WINDOWS\speech
2007-10-01 02:24:27 0 d------c- C:\WINDOWS\system32\DRVSTO RE
2007-10-01 02:23:46 0 d-------- C:\Program Files\MSXML 4.0
2007-10-01 01:53:31 0 d-------- C:\Program Files\Anark
2007-09-30 23:56:43 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-09-30 23:56:38 0 d-------- C:\Documents and Settings\David\WINDOWS
2007-09-28 23:05:33 0 d-------- C:\Program Files\MSXML 6.0
2007-09-28 20:57:19 0 d-------- C:\WINDOWS\system32\XPSVie wer
2007-09-28 20:56:58 0 d-------- C:\Program Files\Reference Assemblies
2007-09-28 20:52:33 0 d-------- C:\WINDOWS\system32\URTTem p
2007-09-28 20:33:08 0 d-------- C:\Program Files\MTV Networks
2007-09-28 20:33:04 0 d-------- C:\WINDOWS\Downloaded Installations
2007-09-28 20:09:30 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-28 20:08:23 0 d-------- C:\WINDOWS\system32\LogFil es
2007-09-28 20:08:23 0 d-------- C:\WINDOWS\system32\driver s\UMDF
2007-09-28 20:00:19 0 d-------- C:\WINDOWS\network diagnostic
2007-09-28 19:59:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-09-28 19:35:44 0 d-------- C:\Program Files\Diskeeper Corporation
2007-09-28 16:52:49 0 d--hs---- C:\Diskeeper
2007-09-28 16:09:53 0 d-------- C:\Documents and Settings\David\Application Data\Softplicity
2007-09-28 01:39:11 0 d-------- C:\WINDOWS\Wallpaper Of Wow
2007-09-27 22:22:02 0 d-------- C:\Documents and Settings\David\Application Data\Yahoo!
2007-09-27 22:09:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-27 22:07:44 0 d-------- C:\Program Files\Yahoo!
2007-09-27 19:19:21 29696 -----n--- C:\WINDOWS\system32\dev32. exe <Not Verified; ALi Coporation; Install Program>
2007-09-27 19:19:16 163840 -----n--- C:\WINDOWS\system32\coin52 88.dll <Not Verified; ULi Electronics Inc.; Coinstaller Dynamic Link Library>
2007-09-27 18:01:51 0 d-------- C:\Program Files\MSBuild
2007-09-27 17:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-27 17:19:07 0 d-------- C:\Documents and Settings\David\Application Data\Adobe
2007-09-27 17:11:35 0 d-------- C:\Documents and Settings\David\Application Data\Media Player Classic
2007-09-27 17:10:34 217088 --a------ C:\WINDOWS\system32\yv12vf w.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-09-27 17:10:34 282624 --a------ C:\WINDOWS\system32\xvidvf w.dll
2007-09-27 17:10:34 1559040 --a------ C:\WINDOWS\system32\xvidco re.dll
2007-09-27 17:10:33 3596288 --a------ C:\WINDOWS\system32\qt-dx3 31.dll
2007-09-27 17:10:33 73728 --a------ C:\WINDOWS\system32\dpl100 .dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-09-27 17:10:33 740442 --a------ C:\WINDOWS\system32\divx.d ll <Not Verified; DivX, Inc.; DivX®>
2007-09-27 17:10:32 7680 --a------ C:\WINDOWS\system32\ff_vfw .dll
2007-09-27 17:10:31 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-27 17:03:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-27 17:03:24 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-27 17:00:32 0 d-------- C:\WINDOWS\pss
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Tem plates
2007-09-27 16:47:23 0 dr------- C:\Documents and Settings\Administrator\Sta rt Menu
2007-09-27 16:47:23 0 dr-h----- C:\Documents and Settings\Administrator\Sen dTo
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Rec ent
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Pri ntHood
2007-09-27 16:47:23 524288 --ah----- C:\Documents and Settings\Administrator\NTU SER.DAT
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Net Hood
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Loc al Settings
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Fav orites
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Des ktop
2007-09-27 16:47:23 0 d---s---- C:\Documents and Settings\Administrator\Coo kies
2007-09-27 16:47:23 0 dr-h----- C:\Documents and Settings\Administrator\App lication Data
2007-09-27 16:47:23 0 d---s---- C:\Documents and Settings\Administrator\App lication Data\Microsoft
2007-09-27 16:32:20 0 d-------- C:\Documents and Settings\David\Application Data\Macromedia
2007-09-27 16:02:50 830 --a------ C:\WINDOWS\system32\instal ler.bat
2007-09-27 15:44:50 851456 --a------ C:\WINDOWS\system32\WGA.ex e
2007-09-27 15:44:30 512 --a------ C:\ScanSectorLog.dat
2007-09-27 14:36:47 0 d-------- C:\Program Files\DAMN NFO Viewer
2007-09-27 14:36:15 0 d-------- C:\Documents and Settings\David\Application Data\WinRAR
2007-09-27 14:06:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-09-27 14:06:57 0 d-------- C:\Documents and Settings\David\Application Data\Azureus
2007-09-27 14:06:07 0 d-------- C:\Program Files\Azureus
2007-09-27 13:54:35 4212 ---h----- C:\WINDOWS\system32\zllict bl.dat
2007-09-27 13:54:26 11264 --a------ C:\WINDOWS\system32\SpOrde r.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-09-27 13:53:49 0 d-------- C:\WINDOWS\Internet Logs
2007-09-27 13:49:08 0 d-------- C:\WINDOWS\system32\appmgm t
2007-09-27 13:25:13 0 d-------- C:\WINDOWS\system32\PreIns tall
2007-09-27 13:25:12 0 d--h----- C:\WINDOWS\$hf_mig$
2007-09-27 13:23:03 0 d--hs---- C:\Documents and Settings\David\UserData
2007-09-27 13:21:20 0 d-------- C:\WINDOWS\system32\Softwa reDistribu tion
2007-09-27 13:09:06 40636 -ra------ C:\WINDOWS\system32\driver s\WLANGEN. bin
2007-09-27 13:09:06 912 -ra------ C:\WINDOWS\system32\driver s\RADIO15. bin
2007-09-27 13:09:06 964 -ra------ C:\WINDOWS\system32\driver s\RADIO11. bin
2007-09-27 13:09:06 936 -ra------ C:\WINDOWS\system32\driver s\RADIO0d. bin
2007-09-27 13:09:06 255360 -ra------ C:\WINDOWS\system32\driver s\AIRPLUS. sys <Not Verified; D-Link; D-Link AirPlus 22 Mbps Wireless Network Adapter>
2007-09-27 13:09:06 40636 -ra------ C:\WINDOWS\system\WLANGEN. bin
2007-09-27 13:09:06 912 -ra------ C:\WINDOWS\system\RADIO15. bin
2007-09-27 13:09:06 964 -ra------ C:\WINDOWS\system\RADIO11. bin
2007-09-27 13:09:06 936 -ra------ C:\WINDOWS\system\RADIO0d. bin
2007-09-27 12:59:50 0 d-------- C:\Program Files\AllToAVI
2007-09-27 12:59:21 0 d-------- C:\Documents and Settings\David\Application Data\TuneUp Software
2007-09-27 12:56:18 0 d-------- C:\Program Files\Lavalys
2007-09-27 12:55:13 0 d-------- C:\Program Files\DSC Driver
2007-09-27 12:35:45 0 d-------- C:\WINDOWS\system32\Reinst allBackups
2007-09-27 12:35:44 0 d-------- C:\WINDOWS\system32\Data
2007-09-27 12:35:36 49152 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-09-27 12:24:35 593920 -----n--- C:\WINDOWS\system32\ati2sg ag.exe <Not Verified; ; ATI Smart>
2007-09-27 12:24:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-27 12:24:16 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-27 12:24:11 0 d-------- C:\ATI
2007-09-27 12:23:27 0 d-------- C:\Documents and Settings\David\Application Data\Identities
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\Templates
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\Start Menu
2007-09-27 12:23:20 0 dr-h----- C:\Documents and Settings\David\SendTo
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\PrintHood
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\NetHood
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\My Documents
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\Local Settings
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\Favorites
2007-09-27 12:23:20 0 d-------- C:\Documents and Settings\David\Desktop
2007-09-27 12:23:20 0 d--hs---- C:\Documents and Settings\David\Cookies
2007-09-27 12:23:20 0 dr-h----- C:\Documents and Settings\David\Application Data
2007-09-27 12:23:19 4456448 --a------ C:\Documents and Settings\David\NTUSER.DAT
2007-09-27 12:22:37 0 d-------- C:\WINDOWS\SoftwareDistrib ution
2007-09-27 12:22:36 0 d---s---- C:\WINDOWS\system32\Micros oft
2007-09-27 12:22:36 0 d-------- C:\WINDOWS\Prefetch
2007-09-27 12:22:35 229376 --ah----- C:\Documents and Settings\LocalService\NTUS ER.DAT
2007-09-27 12:22:35 0 d--h----- C:\Documents and Settings\LocalService\Loca l Settings
2007-09-27 12:22:35 0 d--hs---- C:\Documents and Settings\LocalService\Cook ies
2007-09-27 12:22:35 0 d-------- C:\Documents and Settings\LocalService\Appl ication Data
2007-09-27 12:22:35 0 d---s---- C:\Documents and Settings\LocalService\Appl ication Data\Microsoft
2007-09-27 12:18:04 229376 --ah----- C:\Documents and Settings\NetworkService\NT USER.DAT
2007-09-27 12:18:04 0 d--h----- C:\Documents and Settings\NetworkService\Lo cal Settings
2007-09-27 12:18:04 0 d--hs---- C:\Documents and Settings\NetworkService\Co okies
2007-09-27 12:18:04 0 d-------- C:\Documents and Settings\NetworkService\Ap plication Data
2007-09-27 12:18:04 0 d---s---- C:\Documents and Settings\NetworkService\Ap plication Data\Microsoft
2007-09-27 12:14:59 0 d-------- C:\WINDOWS\system32\xircom
2007-09-27 12:14:59 0 d-------- C:\Program Files\microsoft frontpage
2007-09-27 12:14:51 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-09-27 12:14:47 0 -rahs---- C:\MSDOS.SYS
2007-09-27 12:14:47 0 -rahs---- C:\IO.SYS
2007-09-27 12:14:47 0 --a------ C:\CONFIG.SYS
2007-09-27 12:14:47 0 -----n--- C:\AUTOEXEC.BAT
2007-09-27 12:14:03 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-09-27 12:13:57 0 d-------- C:\WINDOWS\Offline Web Pages
2007-09-27 12:13:57 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-09-27 12:13:48 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-27 12:13:34 0 d-------- C:\WINDOWS\system32\Direct X
2007-09-27 12:13:04 0 d---s---- C:\WINDOWS\Tasks
2007-09-27 12:13:03 0 d-------- C:\Program Files\Common Files\MSSoap
2007-09-27 12:12:59 0 d-------- C:\WINDOWS\system32\Macrom ed
2007-09-27 12:12:59 0 d-------- C:\WINDOWS\srchasst
2007-09-27 12:12:51 0 d-------- C:\Program Files\Movie Maker
2007-09-27 12:12:43 0 d-------- C:\WINDOWS\system32\Restor e
2007-09-27 12:12:14 21640 --a------ C:\WINDOWS\system32\emptyr egdb.dat
2007-09-27 12:12:02 0 d-------- C:\WINDOWS\Registration
2007-09-27 12:11:57 0 d-------- C:\Program Files\Online Services
2007-09-27 12:11:52 0 d-------- C:\Program Files\Messenger
2007-09-27 12:11:48 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-27 12:11:12 0 d-------- C:\Program Files\Windows NT
2007-09-27 12:11:09 0 d-------- C:\WINDOWS\system32\MsDtc
2007-09-27 12:11:07 0 d-------- C:\WINDOWS\system32\Com
2007-09-27 08:05:30 0 d--hs---- C:\WINDOWS\Installer
2007-09-27 08:05:30 0 d-------- C:\Program Files\Common Files\ODBC
2007-09-27 08:05:27 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-09-27 08:05:26 0 d-------- C:\Program Files
2007-09-27 08:05:26 0 d-------- C:\Program Files\Common Files
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-09-27 08:05:05 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Local Settings
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-09-27 08:05:05 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\All Users\Documents
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-09-27 08:04:47 0 d-------- C:\WINDOWS\system32\CatRoo t2
2007-09-27 08:04:47 0 d-------- C:\WINDOWS\system32\CatRoo t
2007-09-27 08:04:41 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-09-27 08:04:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-09-27 08:04:41 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-09-27 08:04:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-09-27 08:04:04 0 d-------- C:\Documents and Settings
2007-09-27 08:04:03 0 d--hs---- C:\System Volume Information
2007-09-27 07:57:20 0 d-------- C:\WINDOWS
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\WinSxS
2007-09-27 07:57:20 0 dr------- C:\WINDOWS\Web
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\twain_32
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\wins
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\wbem
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\usmt
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\spool
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ShellE xt
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\Setup
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ras
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\oobe
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\npp
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\mui
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\inetsr v
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\IME
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\icsxml
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ias
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\export
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver s
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver s\etc
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver s\disdn
2007-09-27 07:57:20 0 d------c- C:\WINDOWS\system32\dllcac he
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\dhcp
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\config
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\3com_d mi
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\3076
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\2052
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1054
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1042
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1041
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1037
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1033
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1031
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1028
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1025
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\security
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Resources
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Provisioning
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\PeerNet
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\pchealth
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\mui
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\msapps
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\msagent
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Media
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\java
2007-09-27 07:57:20 0 d--h----- C:\WINDOWS\inf
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\ime
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Help
2007-09-27 07:57:20 0 dr--s---- C:\WINDOWS\Fonts
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\ehome
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Driver Cache
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Debug
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Cursors
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Connection Wizard
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Config
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\AppPatch
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\addins
-- Find3M Report -------------------------- ---------- ---------- ---------- -------
2007-09-27 08:05:05 62 --ahs---- C:\Documents and Settings\David\Application Data\desktop.ini
2007-07-20 15:54:30 77824 --a------ C:\WINDOWS\system32\xcomm. dll <Not Verified; Softwin; Softwin BitDefender Communicator>
-- Registry Dump -------------------------- ---------- ---------- ---------- -------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefen der 2008\IEShow.exe" [08/27/2007 03:24 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefen der 2008\bdagent.exe" [10/01/2007 03:23 PM]
"ISUSScheduler"="C:\Progra m Files\Common Files\InstallShield\Update Service\is sch.exe" [02/16/2005 04:15 PM]
"ISUSPM Startup"="c:\PROGRA~1\COMM ON~1\INSTA L~1\UPDATE ~1\isuspm. exe" [02/16/2005 04:15 PM]
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run]
"ctfmon.exe"="C:\WINDOWS\s ystem32\ct fmon.exe" [08/04/2004 08:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\Yah ooMessenge r.exe" [08/30/2007 05:43 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe [10/7/2007 12:17:30 AM]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows \currentve rsion\poli cies\explo rer]
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_USERS\.default\softw are\micros oft\window s\currentv ersion\pol icies\expl orer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=01
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupfold er\C:^Docu ments and Settings^All Users^Start Menu^Programs^Startup^Icat ch(VI) SnapDetect.lnk]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ BgMonitor_ {79662E04- 7C6C-4d9f- 84C7-88D8A 56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonito r.exe"
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ DNS7remind er]
"C:\Program Files\Nuance\NaturallySpea king9\Prog ram\ereg.e xe" -r "C:\Program Files\Nuance\NaturallySpea king9\Prog ram\ereg.i ni"
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ GrooveMoni tor]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\ISUSPM. exe -startup
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ Microsoft Update Machine]
famrbe.exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ NBKeyScan]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ NeroFilter Check]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck. exe
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ PWRISOVM.E XE]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ SSBkgdUpda te]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd update.exe -Embedding -boot
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\Yah ooMessenge r.exe" -quiet
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ YSearchPro tection]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\services]
"BITS"=2 (0x2)
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows nt\currentversion\svchost]
bdx scan
-- End of Deckard's System Scanner: finished at 2007-10-16 20:20:15 ------------
No Thank you for your help. I running the SDFix fix tool. When you run Deckards it will ask you if it can install and run HijackThis. Is this normal? Looks like it found something. How radicial is this trojan and how can I ensure their is nothing else resident and laying in incoignito on my PC?
--------------------------
SDFix: Version 1.109
Run by David on Tue 10/16/2007 at 08:10 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\regedit.com - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchos
No streams found.
C:\WINDOWS\system32\ntoskr
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system
"%windir%\\system32\\sessm
"C:\\Program Files\\Yahoo!\\Messenger\\
"C:\\Program Files\\Yahoo!\\Messenger\\
"%windir%\\Network Diagnostic\\xpnetdiag.exe"
"C:\\Program Files\\Azureus\\Azureus.ex
"C:\\Program Files\\Bonjour\\mDNSRespon
"C:\\Program Files\\uTorrent\\utorrent.
"C:\\WINDOWS\\system32\\tv
[HKEY_LOCAL_MACHINE\system
"%windir%\\system32\\sessm
"%windir%\\Network Diagnostic\\xpnetdiag.exe"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.z
Files with Hidden Attributes:
Fri 12 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tm
Finished!
--------------------------
Deckard's System Scanner v20071014.68
Run by David on 2007-10-16 20:17:34
Computer is in Normal Mode.
--------------------------
-- HijackThis (run as David.exe) --------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:38 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\LEXBCE
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\LEXPPS
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
C:\WINDOWS\system32\svchos
C:\Program Files\Common Files\BitDefender\BitDefen
C:\Program Files\Common Files\BitDefender\BitDefen
C:\Program Files\BitDefender\BitDefen
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\wuaucl
C:\Program Files\BitDefender\BitDefen
C:\Program Files\Common Files\InstallShield\Update
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\devldr
C:\Documents and Settings\David\Desktop\dss
C:\PROGRA~1\TRENDM~1\HIJAC
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-F
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefen
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefen
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\Yah
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {0D41B8C5-2599-4893-8183-0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9
O16 - DPF: {215B8138-A3CF-44C5-803F-8
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefen
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefen
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefen
--
End of file - 7385 bytes
-- Files created between 2007-09-16 and 2007-10-16 --------------------------
2007-10-16 20:09:55 0 d-------- C:\WINDOWS\ERUNT
2007-10-16 20:03:34 0 dr-h----- C:\Documents and Settings\David\Recent
2007-10-16 19:20:49 0 d-------- C:\Program Files\Trend Micro
2007-10-16 05:35:19 0 d-------- C:\WINDOWS\system32\Kasper
2007-10-16 05:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
2007-10-16 05:22:48 0 d-------- C:\Program Files\Uninstall Tool
2007-10-16 00:30:22 0 d-------- C:\Documents and Settings\David\Application
2007-10-16 00:30:08 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-15 22:01:40 81984 --a------ C:\WINDOWS\system32\bdod.b
2007-10-15 22:01:01 0 d-------- C:\Program Files\BitDefender
2007-10-15 22:00:27 0 d-------- C:\Program Files\Common Files\BitDefender
2007-10-15 17:04:34 0 d-------- C:\WINDOWS\BDOSCAN8
2007-10-15 04:37:47 0 d-------- C:\Program Files\SonicWallES
2007-10-15 00:07:14 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-14 17:13:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 13:43:41 0 d-------- C:\WINDOWS\system32\ZoneLa
2007-10-14 00:46:30 0 d-------- C:\KAV
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\zts2.exe
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\system32\vcmgcd
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\system32\iifgfg
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\rundll16.exe
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\rundl132.dll
2007-10-13 14:06:14 0 d-a------ C:\WINDOWS\logo1_.exe
2007-10-13 04:17:28 0 d-------- C:\Program Files\Wise Registry Cleaner
2007-10-13 04:16:49 0 d-------- C:\Program Files\Aezay Productions
2007-10-13 04:10:22 0 d-------- C:\Program Files\AusLogics Registry Defrag
2007-10-12 22:49:54 0 d-------- C:\Documents and Settings\David\Application
2007-10-12 22:49:50 0 d-------- C:\Program Files\foobar2000
2007-10-12 17:55:16 0 d-------- C:\Program Files\Common Files\Scansoft Shared
2007-10-12 17:55:16 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-10-12 17:55:02 0 d-------- C:\Program Files\Nuance
2007-10-12 16:44:57 0 d-------- C:\Program Files\Easy Duplicate Finder
2007-10-12 16:43:40 0 d-------- C:\Program Files\Duplicate Music Files Finder
2007-10-12 16:24:08 0 --a------ C:\WINDOWS\system32\suupda
2007-10-12 16:24:08 0 --a------ C:\WINDOWS\system32\mssuru
2007-10-12 16:24:08 269824 --a------ C:\WINDOWS\system32\baksm.
2007-10-12 16:23:59 2281472 --a------ C:\WINDOWS\system32\vbsbak
2007-10-12 16:23:59 42 --a------ C:\WINDOWS\system32\vb6soc
2007-10-12 16:23:59 269824 --a------ C:\WINDOWS\system32\superm
2007-10-12 16:23:59 0 d-------- C:\WINDOWS\system32\IOSUBS
2007-10-12 16:23:59 43936 --a------ C:\WINDOWS\system32\driver
2007-10-12 16:23:59 591872 --a------ C:\WINDOWS\system32\contex
2007-10-12 16:23:59 269824 --a------ C:\WINDOWS\system32\baksm.
2007-10-12 16:23:59 0 d-------- C:\Program Files\SuperLogix
2007-10-12 15:36:47 0 d-------- C:\Program Files\Mgutil
2007-10-12 04:06:18 0 d-------- C:\Program Files\Wise Disk Cleaner
2007-10-11 23:59:00 0 d-------- C:\Program Files\SpywareBlaster
2007-10-11 22:58:27 28672 --a------ C:\WINDOWS\system32\driver
2007-10-11 18:57:35 0 d-------- C:\Program Files\QuickTime
2007-10-11 18:40:32 0 d-------- C:\WINDOWS\Sun
2007-10-11 18:40:32 0 d-------- C:\Documents and Settings\David\Application
2007-10-11 18:40:06 0 d-------- C:\Program Files\Java
2007-10-11 18:39:56 0 d-------- C:\Program Files\Common Files\Java
2007-10-11 18:34:58 0 d-------- C:\Documents and Settings\David\.housecall6
2007-10-11 12:24:05 0 d-------- C:\Program Files\TotalAudioConverter
2007-10-10 19:58:42 0 d-------- C:\Program Files\MSECache
2007-10-10 19:52:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-10 19:52:10 0 d-------- C:\WINDOWS\SHELLNEW
2007-10-10 19:51:10 0 d-------- C:\Program Files\Microsoft.NET
2007-10-09 16:20:53 0 d-------- C:\Documents and Settings\David\Application
2007-10-09 16:15:57 0 d-------- C:\Program Files\Nero
2007-10-09 16:15:57 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-09 16:07:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-09 15:25:25 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-09 04:09:23 0 d-------- C:\Program Files\Seagate
2007-10-09 03:33:33 0 d-------- C:\Documents and Settings\David\Application
2007-10-09 02:36:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 01:53:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-08 01:18:26 0 d-------- C:\Program Files\Bonjour
2007-10-08 01:10:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-08 00:57:25 0 d-------- C:\Program Files\MagicISO
2007-10-08 00:39:32 639224 --a------ C:\WINDOWS\system32\driver
2007-10-07 00:17:29 237636 --a------ C:\WINDOWS\system32\wsimd.
2007-10-07 00:17:29 245830 --a------ C:\WINDOWS\system32\wsfwDS
2007-10-07 00:17:29 53248 -ra------ C:\WINDOWS\system32\dsaNac
2007-10-07 00:17:29 1253432 -ra------ C:\WINDOWS\system32\dsa.dl
2007-10-07 00:17:29 0 d-------- C:\WINDOWS\pcidevice
2007-10-07 00:17:29 0 d-------- C:\Program Files\D-Link
2007-10-06 18:44:54 0 d-------- C:\Documents and Settings\David\Application
2007-10-06 18:42:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-05 19:41:15 0 d-------- C:\Program Files\Marvell
2007-10-05 19:37:24 5824 --a------ C:\WINDOWS\system32\driver
2007-10-04 13:52:54 399872 --a------ C:\WINDOWS\c4dstand.dll
2007-10-04 13:52:53 438272 --a------ C:\WINDOWS\c4dll.dll <Not Verified; Sequiter Software Inc.; CodeBase>
2007-10-04 13:52:39 98304 --a------ C:\WINDOWS\system32\tsccvi
2007-10-04 13:52:39 0 d-------- C:\Program Files\LearnKey
2007-10-04 13:52:36 487936 --a------ C:\WINDOWS\LkUnInst.exe <Not Verified; LearnKey, Inc.; >
2007-10-03 22:55:26 0 d-------- C:\temp
2007-10-02 20:58:47 0 d-------- C:\WINDOWS\PAC207
2007-10-02 00:18:12 1075 --a------ C:\Documents and Settings\David\Application
2007-10-01 19:09:02 0 d-------- C:\Documents and Settings\David\Application
2007-10-01 19:03:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nuance
2007-10-01 17:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-01 17:17:35 0 d-------- C:\WINDOWS\speech
2007-10-01 02:24:27 0 d------c- C:\WINDOWS\system32\DRVSTO
2007-10-01 02:23:46 0 d-------- C:\Program Files\MSXML 4.0
2007-10-01 01:53:31 0 d-------- C:\Program Files\Anark
2007-09-30 23:56:43 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-09-30 23:56:38 0 d-------- C:\Documents and Settings\David\WINDOWS
2007-09-28 23:05:33 0 d-------- C:\Program Files\MSXML 6.0
2007-09-28 20:57:19 0 d-------- C:\WINDOWS\system32\XPSVie
2007-09-28 20:56:58 0 d-------- C:\Program Files\Reference Assemblies
2007-09-28 20:52:33 0 d-------- C:\WINDOWS\system32\URTTem
2007-09-28 20:33:08 0 d-------- C:\Program Files\MTV Networks
2007-09-28 20:33:04 0 d-------- C:\WINDOWS\Downloaded Installations
2007-09-28 20:09:30 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-28 20:08:23 0 d-------- C:\WINDOWS\system32\LogFil
2007-09-28 20:08:23 0 d-------- C:\WINDOWS\system32\driver
2007-09-28 20:00:19 0 d-------- C:\WINDOWS\network diagnostic
2007-09-28 19:59:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-09-28 19:35:44 0 d-------- C:\Program Files\Diskeeper Corporation
2007-09-28 16:52:49 0 d--hs---- C:\Diskeeper
2007-09-28 16:09:53 0 d-------- C:\Documents and Settings\David\Application
2007-09-28 01:39:11 0 d-------- C:\WINDOWS\Wallpaper Of Wow
2007-09-27 22:22:02 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 22:09:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-27 22:07:44 0 d-------- C:\Program Files\Yahoo!
2007-09-27 19:19:21 29696 -----n--- C:\WINDOWS\system32\dev32.
2007-09-27 19:19:16 163840 -----n--- C:\WINDOWS\system32\coin52
2007-09-27 18:01:51 0 d-------- C:\Program Files\MSBuild
2007-09-27 17:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-27 17:19:07 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 17:11:35 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 17:10:34 217088 --a------ C:\WINDOWS\system32\yv12vf
2007-09-27 17:10:34 282624 --a------ C:\WINDOWS\system32\xvidvf
2007-09-27 17:10:34 1559040 --a------ C:\WINDOWS\system32\xvidco
2007-09-27 17:10:33 3596288 --a------ C:\WINDOWS\system32\qt-dx3
2007-09-27 17:10:33 73728 --a------ C:\WINDOWS\system32\dpl100
2007-09-27 17:10:33 740442 --a------ C:\WINDOWS\system32\divx.d
2007-09-27 17:10:32 7680 --a------ C:\WINDOWS\system32\ff_vfw
2007-09-27 17:10:31 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-27 17:03:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-27 17:03:24 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-27 17:00:32 0 d-------- C:\WINDOWS\pss
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Tem
2007-09-27 16:47:23 0 dr------- C:\Documents and Settings\Administrator\Sta
2007-09-27 16:47:23 0 dr-h----- C:\Documents and Settings\Administrator\Sen
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Rec
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Pri
2007-09-27 16:47:23 524288 --ah----- C:\Documents and Settings\Administrator\NTU
2007-09-27 16:47:23 0 d--h----- C:\Documents and Settings\Administrator\Net
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Loc
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Fav
2007-09-27 16:47:23 0 d-------- C:\Documents and Settings\Administrator\Des
2007-09-27 16:47:23 0 d---s---- C:\Documents and Settings\Administrator\Coo
2007-09-27 16:47:23 0 dr-h----- C:\Documents and Settings\Administrator\App
2007-09-27 16:47:23 0 d---s---- C:\Documents and Settings\Administrator\App
2007-09-27 16:32:20 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 16:02:50 830 --a------ C:\WINDOWS\system32\instal
2007-09-27 15:44:50 851456 --a------ C:\WINDOWS\system32\WGA.ex
2007-09-27 15:44:30 512 --a------ C:\ScanSectorLog.dat
2007-09-27 14:36:47 0 d-------- C:\Program Files\DAMN NFO Viewer
2007-09-27 14:36:15 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 14:06:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-09-27 14:06:57 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 14:06:07 0 d-------- C:\Program Files\Azureus
2007-09-27 13:54:35 4212 ---h----- C:\WINDOWS\system32\zllict
2007-09-27 13:54:26 11264 --a------ C:\WINDOWS\system32\SpOrde
2007-09-27 13:53:49 0 d-------- C:\WINDOWS\Internet Logs
2007-09-27 13:49:08 0 d-------- C:\WINDOWS\system32\appmgm
2007-09-27 13:25:13 0 d-------- C:\WINDOWS\system32\PreIns
2007-09-27 13:25:12 0 d--h----- C:\WINDOWS\$hf_mig$
2007-09-27 13:23:03 0 d--hs---- C:\Documents and Settings\David\UserData
2007-09-27 13:21:20 0 d-------- C:\WINDOWS\system32\Softwa
2007-09-27 13:09:06 40636 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 912 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 964 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 936 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 255360 -ra------ C:\WINDOWS\system32\driver
2007-09-27 13:09:06 40636 -ra------ C:\WINDOWS\system\WLANGEN.
2007-09-27 13:09:06 912 -ra------ C:\WINDOWS\system\RADIO15.
2007-09-27 13:09:06 964 -ra------ C:\WINDOWS\system\RADIO11.
2007-09-27 13:09:06 936 -ra------ C:\WINDOWS\system\RADIO0d.
2007-09-27 12:59:50 0 d-------- C:\Program Files\AllToAVI
2007-09-27 12:59:21 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 12:56:18 0 d-------- C:\Program Files\Lavalys
2007-09-27 12:55:13 0 d-------- C:\Program Files\DSC Driver
2007-09-27 12:35:45 0 d-------- C:\WINDOWS\system32\Reinst
2007-09-27 12:35:44 0 d-------- C:\WINDOWS\system32\Data
2007-09-27 12:35:36 49152 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-09-27 12:24:35 593920 -----n--- C:\WINDOWS\system32\ati2sg
2007-09-27 12:24:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-27 12:24:16 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-27 12:24:11 0 d-------- C:\ATI
2007-09-27 12:23:27 0 d-------- C:\Documents and Settings\David\Application
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\Templates
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\Start Menu
2007-09-27 12:23:20 0 dr-h----- C:\Documents and Settings\David\SendTo
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\PrintHood
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\NetHood
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\My Documents
2007-09-27 12:23:20 0 d--h----- C:\Documents and Settings\David\Local Settings
2007-09-27 12:23:20 0 dr------- C:\Documents and Settings\David\Favorites
2007-09-27 12:23:20 0 d-------- C:\Documents and Settings\David\Desktop
2007-09-27 12:23:20 0 d--hs---- C:\Documents and Settings\David\Cookies
2007-09-27 12:23:20 0 dr-h----- C:\Documents and Settings\David\Application
2007-09-27 12:23:19 4456448 --a------ C:\Documents and Settings\David\NTUSER.DAT
2007-09-27 12:22:37 0 d-------- C:\WINDOWS\SoftwareDistrib
2007-09-27 12:22:36 0 d---s---- C:\WINDOWS\system32\Micros
2007-09-27 12:22:36 0 d-------- C:\WINDOWS\Prefetch
2007-09-27 12:22:35 229376 --ah----- C:\Documents and Settings\LocalService\NTUS
2007-09-27 12:22:35 0 d--h----- C:\Documents and Settings\LocalService\Loca
2007-09-27 12:22:35 0 d--hs---- C:\Documents and Settings\LocalService\Cook
2007-09-27 12:22:35 0 d-------- C:\Documents and Settings\LocalService\Appl
2007-09-27 12:22:35 0 d---s---- C:\Documents and Settings\LocalService\Appl
2007-09-27 12:18:04 229376 --ah----- C:\Documents and Settings\NetworkService\NT
2007-09-27 12:18:04 0 d--h----- C:\Documents and Settings\NetworkService\Lo
2007-09-27 12:18:04 0 d--hs---- C:\Documents and Settings\NetworkService\Co
2007-09-27 12:18:04 0 d-------- C:\Documents and Settings\NetworkService\Ap
2007-09-27 12:18:04 0 d---s---- C:\Documents and Settings\NetworkService\Ap
2007-09-27 12:14:59 0 d-------- C:\WINDOWS\system32\xircom
2007-09-27 12:14:59 0 d-------- C:\Program Files\microsoft frontpage
2007-09-27 12:14:51 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-09-27 12:14:47 0 -rahs---- C:\MSDOS.SYS
2007-09-27 12:14:47 0 -rahs---- C:\IO.SYS
2007-09-27 12:14:47 0 --a------ C:\CONFIG.SYS
2007-09-27 12:14:47 0 -----n--- C:\AUTOEXEC.BAT
2007-09-27 12:14:03 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-09-27 12:13:57 0 d-------- C:\WINDOWS\Offline Web Pages
2007-09-27 12:13:57 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-09-27 12:13:48 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-27 12:13:34 0 d-------- C:\WINDOWS\system32\Direct
2007-09-27 12:13:04 0 d---s---- C:\WINDOWS\Tasks
2007-09-27 12:13:03 0 d-------- C:\Program Files\Common Files\MSSoap
2007-09-27 12:12:59 0 d-------- C:\WINDOWS\system32\Macrom
2007-09-27 12:12:59 0 d-------- C:\WINDOWS\srchasst
2007-09-27 12:12:51 0 d-------- C:\Program Files\Movie Maker
2007-09-27 12:12:43 0 d-------- C:\WINDOWS\system32\Restor
2007-09-27 12:12:14 21640 --a------ C:\WINDOWS\system32\emptyr
2007-09-27 12:12:02 0 d-------- C:\WINDOWS\Registration
2007-09-27 12:11:57 0 d-------- C:\Program Files\Online Services
2007-09-27 12:11:52 0 d-------- C:\Program Files\Messenger
2007-09-27 12:11:48 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-27 12:11:12 0 d-------- C:\Program Files\Windows NT
2007-09-27 12:11:09 0 d-------- C:\WINDOWS\system32\MsDtc
2007-09-27 12:11:07 0 d-------- C:\WINDOWS\system32\Com
2007-09-27 08:05:30 0 d--hs---- C:\WINDOWS\Installer
2007-09-27 08:05:30 0 d-------- C:\Program Files\Common Files\ODBC
2007-09-27 08:05:27 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-09-27 08:05:26 0 d-------- C:\Program Files
2007-09-27 08:05:26 0 d-------- C:\Program Files\Common Files
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-09-27 08:05:05 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Local Settings
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-09-27 08:05:05 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-09-27 08:05:05 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-09-27 08:05:05 0 dr------- C:\Documents and Settings\All Users\Documents
2007-09-27 08:05:05 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-09-27 08:04:47 0 d-------- C:\WINDOWS\system32\CatRoo
2007-09-27 08:04:47 0 d-------- C:\WINDOWS\system32\CatRoo
2007-09-27 08:04:41 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-09-27 08:04:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-09-27 08:04:41 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-09-27 08:04:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-09-27 08:04:04 0 d-------- C:\Documents and Settings
2007-09-27 08:04:03 0 d--hs---- C:\System Volume Information
2007-09-27 07:57:20 0 d-------- C:\WINDOWS
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\WinSxS
2007-09-27 07:57:20 0 dr------- C:\WINDOWS\Web
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\twain_32
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\wins
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\wbem
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\usmt
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\spool
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ShellE
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\Setup
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ras
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\oobe
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\npp
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\mui
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\inetsr
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\IME
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\icsxml
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\ias
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\export
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\driver
2007-09-27 07:57:20 0 d------c- C:\WINDOWS\system32\dllcac
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\dhcp
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\config
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\3com_d
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\3076
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\2052
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1054
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1042
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1041
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1037
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1033
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1031
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1028
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system32\1025
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\system
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\security
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Resources
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Provisioning
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\PeerNet
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\pchealth
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\mui
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\msapps
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\msagent
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Media
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\java
2007-09-27 07:57:20 0 d--h----- C:\WINDOWS\inf
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\ime
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Help
2007-09-27 07:57:20 0 dr--s---- C:\WINDOWS\Fonts
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\ehome
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Driver Cache
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Debug
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Cursors
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Connection Wizard
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\Config
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\AppPatch
2007-09-27 07:57:20 0 d-------- C:\WINDOWS\addins
-- Find3M Report --------------------------
2007-09-27 08:05:05 62 --ahs---- C:\Documents and Settings\David\Application
2007-07-20 15:54:30 77824 --a------ C:\WINDOWS\system32\xcomm.
-- Registry Dump --------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWA
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefen
"BDAgent"="C:\Program Files\BitDefender\BitDefen
"ISUSScheduler"="C:\Progra
"ISUSPM Startup"="c:\PROGRA~1\COMM
[HKEY_CURRENT_USER\SOFTWAR
"ctfmon.exe"="C:\WINDOWS\s
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\Yah
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe [10/7/2007 12:17:30 AM]
[HKEY_LOCAL_MACHINE\softwa
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_USERS\.default\softw
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=01
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\softwa
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonito
[HKEY_LOCAL_MACHINE\softwa
"C:\Program Files\Nuance\NaturallySpea
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
C:\PROGRA~1\COMMON~1\INSTA
[HKEY_LOCAL_MACHINE\softwa
famrbe.exe
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd
[HKEY_LOCAL_MACHINE\softwa
"C:\Program Files\Yahoo!\Messenger\Yah
[HKEY_LOCAL_MACHINE\softwa
[HKEY_LOCAL_MACHINE\softwa
"BITS"=2 (0x2)
[HKEY_LOCAL_MACHINE\softwa
bdx scan
-- End of Deckard's System Scanner: finished at 2007-10-16 20:20:15 ------------
>"When you run Deckards it will ask you if it can install and run HijackThis. Is this normal? Looks like it found something."<
Yes, HJT is run as part of the DSS scan.
>'How radicial is this trojan and how can I ensure their is nothing else resident and laying in incoignito on my PC?"<
Well, it's a backdoor. Any time one of these are present there should be some concern that there may be things we can't see. Some would consider this kind of discovery a reason to reformat and install fresh. In some cases I agree with this. But we also have good tools to deal with these infections, like SDFix and others. We also would want to run some other scans.
One of the concerns I have now is you have another one of these disabled with msconfig. We can see it from your DSS log.
-----------------------
[HKEY_LOCAL_MACHINE\softwa re\microso ft\shared tools\msconfig\startupreg\ Microsoft Update Machine]
famrbe.exe
-----------------------
So don't make any changes with msconfig. There is a couple of other items in there too that I need to research. At this point I would recommend running Combofix and getting a log. We can also use combofix as a script tool to remove the malicious entries waiting to do damage from msconfig.
Download and Run ComboFix
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Disconnect from the Internet, than disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply with a HijackThis log.
HijackThis can be downloaded here:
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Yes, HJT is run as part of the DSS scan.
>'How radicial is this trojan and how can I ensure their is nothing else resident and laying in incoignito on my PC?"<
Well, it's a backdoor. Any time one of these are present there should be some concern that there may be things we can't see. Some would consider this kind of discovery a reason to reformat and install fresh. In some cases I agree with this. But we also have good tools to deal with these infections, like SDFix and others. We also would want to run some other scans.
One of the concerns I have now is you have another one of these disabled with msconfig. We can see it from your DSS log.
-----------------------
[HKEY_LOCAL_MACHINE\softwa
famrbe.exe
-----------------------
So don't make any changes with msconfig. There is a couple of other items in there too that I need to research. At this point I would recommend running Combofix and getting a log. We can also use combofix as a script tool to remove the malicious entries waiting to do damage from msconfig.
Download and Run ComboFix
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Disconnect from the Internet, than disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply with a HijackThis log.
HijackThis can be downloaded here:
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Okay no problem rpggamergirl. Will have them use http://www.ee-stuff.com.
I'm obviously used to working in the forums where we have them post everything for all to see. I'll adjust accordingly here.
Thanks,
Dave
I'm obviously used to working in the forums where we have them post everything for all to see. I'll adjust accordingly here.
Thanks,
Dave
Thanks for understanding Dave, I know it's a little different here at EE. It's kinda "question and answer" site.
EE prefers that no logs are posted in the questions.
At least, it's better now that there's a Hijackthis zone for hijackthis logs, they didn't used to, :)
Keep up the good work!
~rpg
EE prefers that no logs are posted in the questions.
At least, it's better now that there's a Hijackthis zone for hijackthis logs, they didn't used to, :)
Keep up the good work!
~rpg
ASKER
Sorry for the delay
ComboFix Log Link -
https://filedb.experts-exchange.com/incoming/ee-stuff/5051-ComboFix-log.txt
HijackThis Log Link -
https://filedb.experts-exchange.com/incoming/ee-stuff/5052-HijackThis-Log.txt
https://filedb.experts-exchange.com/incoming/ee-stuff/5051-ComboFix-log.txthttps://filedb.experts-exchange.com/incoming/ee-stuff/5052-HijackThis-Log.txt
https://filedb.experts-exchange.com/incoming/ee-stuff/5053-log22txt.txt
ComboFix Log Link -
https://filedb.experts-exchange.com/incoming/ee-stuff/5051-ComboFix-log.txt
HijackThis Log Link -
https://filedb.experts-exchange.com/incoming/ee-stuff/5052-HijackThis-Log.txt
https://filedb.experts-exchange.com/incoming/ee-stuff/5051-ComboFix-log.txthttps://filedb.experts-exchange.com/incoming/ee-stuff/5052-HijackThis-Log.txt
https://filedb.experts-exchange.com/incoming/ee-stuff/5053-log22txt.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
- Hey no problem I'm just trying to follow the sites rules, I was the person who decided to copy and paste one of my logs directly into this thread to begin with. This was something that I overlooked in the rules section. I did not mean for you to get into any trouble.
- I created the CFScript.txt file and ran it with ComboFix. Please see below for a link to this log file. I also did a search with making sure that everything you mentioned above is checked: search system folders, search hidden files and folders, search subfolders. My search results did not find any files by the name of famrbe.exe and tvgyiy.exe.
https://filedb.experts-exchange.com/incoming/ee-stuff/5053-log22txt.txt
- Please let me know how the log file looks (cross my fingers and hope its clean)& I would like to thank you in advance for all of your hard work and time youve put in to help resolve my issue. My computer has definitely smoothed out and isnt laggy anymore like it was before. Awesome!
- Question what antivirus/ anti-spyware and personal firewall should I be using??? Since it seems that all of them pick up something that the other one cant... If that suggestion can be made.
- Is it safe for people to look at my log files online like this?
- I created the CFScript.txt file and ran it with ComboFix. Please see below for a link to this log file. I also did a search with making sure that everything you mentioned above is checked: search system folders, search hidden files and folders, search subfolders. My search results did not find any files by the name of famrbe.exe and tvgyiy.exe.
https://filedb.experts-exchange.com/incoming/ee-stuff/5053-log22txt.txt
- Please let me know how the log file looks (cross my fingers and hope its clean)& I would like to thank you in advance for all of your hard work and time youve put in to help resolve my issue. My computer has definitely smoothed out and isnt laggy anymore like it was before. Awesome!
- Question what antivirus/ anti-spyware and personal firewall should I be using??? Since it seems that all of them pick up something that the other one cant... If that suggestion can be made.
- Is it safe for people to look at my log files online like this?
>"- Question what antivirus/ anti-spyware and personal firewall should I be using??? Since it seems that all of them pick up something that the other one cant... If that suggestion can be made."<
Well ask 10 people this question and you'll probably get 10 different answers. No, there is not one of them that will find "everything". Bit Defender gets good reviews and I believe is solid. But it does not include a Firewall does it. I would recommend adding that as the Windows Firewall is weak at best. Here are a couple of free ideas. I'm using Sunbelt right now and am happy with it.
http://www.sunbelt-software.com/Kerio-Download.cfm - Sunbelt Personal Firewall
http://www.agnitum.com/products/outpost/index.php - Outpost Firewall
>" - Is it safe for people to look at my log files online like this?"<
Well I've never seen or heard of any issues around it. There is nothing that is really helpful to a hacker like an IP address or anything. So I believe you're OK.
Log looks clean. I would recommend an online scan like Kaspersky. It will not fix anything but t's very thorough. You can upload the log that it produces and I'll take a look at it. It will likely take a long time to run on your computer so set it to run overnight or at a time when you don't need it.
Using Internet Explorer, run Kaspersky Online Scanner
http://www.kaspersky.com/virusscanner
Well ask 10 people this question and you'll probably get 10 different answers. No, there is not one of them that will find "everything". Bit Defender gets good reviews and I believe is solid. But it does not include a Firewall does it. I would recommend adding that as the Windows Firewall is weak at best. Here are a couple of free ideas. I'm using Sunbelt right now and am happy with it.
http://www.sunbelt-software.com/Kerio-Download.cfm - Sunbelt Personal Firewall
http://www.agnitum.com/products/outpost/index.php - Outpost Firewall
>" - Is it safe for people to look at my log files online like this?"<
Well I've never seen or heard of any issues around it. There is nothing that is really helpful to a hacker like an IP address or anything. So I believe you're OK.
Log looks clean. I would recommend an online scan like Kaspersky. It will not fix anything but t's very thorough. You can upload the log that it produces and I'll take a look at it. It will likely take a long time to run on your computer so set it to run overnight or at a time when you don't need it.
Using Internet Explorer, run Kaspersky Online Scanner
http://www.kaspersky.com/virusscanner
ASKER
IndiGenus,
You're right everyone does have an opinion about something.... actually the BitDefender software I was using was their Internet security suite which came with an antivirus, anti-spyware engine and a personal firewall. I have since uninstalled BitDefender and I have installed the Sun Belt personal firewall which I like a lot better It seems to have more direct control over the applications on your computer that are trying to reach out to net. Just using a trial version of the firewall and Kaspersky's antivirus.
- Oh, I did do a couple of online virus scans that came up CLEAN... YOU DA MAN!! Now I'd need to learn how to read scripts files that are produced by hijackthis and similar software when system scans are performed.
You're right everyone does have an opinion about something.... actually the BitDefender software I was using was their Internet security suite which came with an antivirus, anti-spyware engine and a personal firewall. I have since uninstalled BitDefender and I have installed the Sun Belt personal firewall which I like a lot better It seems to have more direct control over the applications on your computer that are trying to reach out to net. Just using a trial version of the firewall and Kaspersky's antivirus.
- Oh, I did do a couple of online virus scans that came up CLEAN... YOU DA MAN!! Now I'd need to learn how to read scripts files that are produced by hijackthis and similar software when system scans are performed.
There are several good places to learn how to interpret HJT logs and advise on cleanup and prevention. It requires a fair amount of study and work but if you are motivated these are the places to learn.
Malware Removal University: http://forum.malwareremoval.com/viewtopic.php?t=233
Geek U: http://www.geekstogo.com/forum/Would-like-to-learn-to-fight-malware-t4817.html
There are other good places too.
Malware Removal University: http://forum.malwareremoval.com/viewtopic.php?t=233
Geek U: http://www.geekstogo.com/forum/Would-like-to-learn-to-fight-malware-t4817.html
There are other good places too.
Download Deckard's System Scanner (DSS) and save it to your Desktop.
http://www.techsupportforum.com/sectools/Deckard/dss.exe
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads. main.txt and extra.tx -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.