Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Yahoo Messenger/other

Register Points Site Spy New Posts Donate Unanswered Posts Members Search

>>> Get Paid to Hang Out Here! Activity = Points = Prizes. Want to Know More? <<<

Reply
< 1 2 3 >
 
LinkBack Thread Tools
  #11  
Old 11-01-2008, 02:40 AM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 01:30 AM
Posts: 4,905
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Yahoo Messenger/other
Slow down mate. The posts have to be approved by a moderator because they have links in them.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #12  
Old 11-01-2008, 02:44 AM
Warrenisit's Avatar
CJ Member
 
Warrenisit is offline
 
Join Date: Jan 2008
Last Online: 28-09-2008 08:42 AM
Posts: 37
iTrader: (0)
Warrenisit is on a distinguished road
Default Yahoo Messenger/other
Sorry bro....I started a new thread with the new info cause I thought this was full or something. It's awaiting approval right now.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #13  
Old 11-01-2008, 02:44 AM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 01:30 AM
Posts: 4,905
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Yahoo Messenger/other
Well I screwed up and deleted all of them.

Please post the information one more time. I will get it approved as soon as I see it.

EDIT: Never mind I see the other post and will merge it into this one.
__________________
.
.
Last edited by evilfantasy : 11-01-2008 at 02:46 AM.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #14  
Old 11-01-2008, 02:56 AM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 01:30 AM
Posts: 4,905
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Yahoo Messenger/other
OK it's sorted out.

The logs look fine.

How is the computer now?

Final steps to secure the work you have done.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally.

Please download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • When finished exit out of OTMoveIt2
This is a good time to clear your infected system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and click Next.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Next to System Restore click Clean up...
This will remove all restore points except the new one you just created.

Check out this post for tips and free tools to keep you safe in the future.

Also see this post for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #15  
Old 11-01-2008, 03:08 AM
Warrenisit's Avatar
CJ Member
 
Warrenisit is offline
 
Join Date: Jan 2008
Last Online: 28-09-2008 08:42 AM
Posts: 37
iTrader: (0)
Warrenisit is on a distinguished road
Default Yahoo Messenger/other
My documents still is open when my comp reboots and when I click on a name in my yahoo IM to call my comp still restarts. Weird. What could this be? I appreciate all the help.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #16  
Old 11-01-2008, 03:12 AM
Warrenisit's Avatar
CJ Member
 
Warrenisit is offline
 
Join Date: Jan 2008
Last Online: 28-09-2008 08:42 AM
Posts: 37
iTrader: (0)
Warrenisit is on a distinguished road
Default Yahoo Messenger/other
Honestly, I constantly scan my comp and am always looking to keep it secure. I never download smut but the one time I F!#$@^& did BAM!
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #17  
Old 11-01-2008, 03:28 AM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 01:30 AM
Posts: 4,905
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Yahoo Messenger/other
Lets take a closer look.


Download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open
    • main.txt <- this one will be maximized
    • and extra.txt <- this one will be minimized
  • Add the contents of main.txt in your post.
  • Also add extra.txt to your post.
  • The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

What DSS will do:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #18  
Old 11-01-2008, 03:40 AM
Warrenisit's Avatar
CJ Member
 
Warrenisit is offline
 
Join Date: Jan 2008
Last Online: 28-09-2008 08:42 AM
Posts: 37
iTrader: (0)
Warrenisit is on a distinguished road
Default Yahoo Messenger/other
Here's half of the Main one.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-10 21:33:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-01-11 03:33:09 UTC - RP55 - Deckard's System Scanner Restore Point
54: 2008-01-11 02:15:03 UTC - RP54 - Software Distribution Service 3.0
53: 2008-01-11 01:51:02 UTC - RP53 - Software Distribution Service 3.0
52: 2008-01-10 12:34:15 UTC - RP52 - Software Distribution Service 3.0
51: 2008-01-10 02:24:41 UTC - RP51 - Removed SpyZooka


-- First Restore Point --
1: 2007-12-19 20:01:09 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:05 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 4564 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071229-185531-989 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080110-185623-928 O21 - SSODL: bklgvsf - {91B4E850-CB64-4E58-A6D7-CB77098ABE11} - (no file)
backup-20080110-185624-467 O21 - SSODL: ampkfst - {DE891973-DFFB-4992-8CFE-7C98636EE248} - C:\WINDOWS\ampkfst.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: USB Cable Modem
Device ID: USB\VID_07B2&PID_5101\0012C97DCC0B
Manufacturer:
Name: USB Cable Modem
PNP Device ID: USB\VID_07B2&PID_5101\0012C97DCC0B
Service:


-- Files created between 2007-12-10 and 2008-01-10 -----------------------------

2008-01-10 20:23:45 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-01-10 19:04:33 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-01-10 18:47:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-10 17:26:16 0 d-------- C:\Program Files\Helper
2008-01-10 12:36:41 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-10 12:36:41 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-10 12:36:41 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-10 12:36:41 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-10 12:36:41 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-10 12:36:41 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-10 12:36:41 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-10 12:36:41 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-10 12:36:41 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-10 12:36:41 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-10 12:36:41 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-10 12:36:41 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-10 12:36:41 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-10 12:36:41 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-10 06:33:49 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-09 20:23:52 0 d-------- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
2008-01-09 20:20:50 0 d-------- C:\Program Files\Common Files\PC Tools
2008-01-09 20:20:47 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-01-09 20:17:59 0 d-------- C:\Program Files\ThreatFire
2008-01-09 20:17:59 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-09 19:34:38 728 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-09 19:34:01 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 19:34:01 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-09 19:34:01 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-09 19:34:01 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-09 19:34:01 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 19:05:54 0 d-------- C:\Program Files\SpyZooka
2008-01-08 04:32:33 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-07 21:54:30 0 d-------- C:\Program Files\Alwil Software
2008-01-07 21:34:30 0 --a------ C:\Install
2008-01-07 21:24:11 2 --a------ C:\-927745117
2008-01-07 21:24:07 54764 --a------ C:\WINDOWS\system32\mp32s.sys
2008-01-07 21:24:05 58880 --a------ C:\ydpgtbtq.exe
2008-01-07 21:24:05 54272 --a------ C:\einedoyg.exe
2008-01-07 21:24:04 81656 --a------ C:\dawkopdj.exe
2008-01-07 21:15:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-07 21:15:20 0 d-------- C:\Program Files\Spyware Doctor
2008-01-07 21:15:20 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-01-07 20:06:41 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-07 20:05:50 0 d-------- C:\Program Files\BitDefender
2008-01-07 19:29:28 0 d-------- C:\Program Files\Common Files\BitDefender
2008-01-07 03:54:03 90112 --a------ C:\WINDOWS\foxflpd.exe
2008-01-06 11:20:44 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-01-06 11:18:24 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-06 11:13:47 0 d-------- C:\WINDOWS\Profiles
2008-01-06 11:13:45 0 d-------- C:\WINDOWS\system32\Adobe
2008-01-06 11:13:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-06 11:13:44 0 d-------- C:\Documents and Settings\Owner\Application Data\InterTrust
2008-01-06 11:13:23 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-01-06 11:12:58 2973696 -----n--- C:\WINDOWS\NuNinst.exe <Not Verified; Nero AG; Nero Web Engine>
2008-01-06 11:12:55 8704 -----n--- C:\WINDOWS\system32\drivers\InCDrec.sys <Not Verified; Nero AG; InCD>
2008-01-06 11:12:55 29696 -----n--- C:\WINDOWS\system32\drivers\InCDpass.sys <Not Verified; Nero AG; InCD>
2008-01-06 11:12:55 99584 -----n--- C:\WINDOWS\system32\drivers\InCDfs.sys <Not Verified; Nero AG; InCD>
2008-01-06 11:12:55 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-06 11:12:54 28672 -----n--- C:\WINDOWS\system32\drivers\InCDrm.sys <Not Verified; Nero AG; EasyWrite Reader>
2008-01-06 11:12:53 0 d-------- C:\WINDOWS\InCD
2008-01-06 11:12:53 0 d-------- C:\Program Files\Ahead
2008-01-06 11:11:03 0 d-------- C:\Program Files\CyberLink
2008-01-06 11:10:49 0 d-------- C:\MyWorks
2008-01-06 11:10:38 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-01-06 11:10:37 0 d-------- C:\Program Files\CyberLink DVD Solution
2008-01-03 18:56:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-02 09:01:50 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-01-02 09:01:50 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-01-02 09:01:50 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-01-02 09:01:48 0 d-------- C:\Program Files\VSO
2008-01-02 01:45:08 0 d-------- C:\WINDOWS\Sun
2008-01-02 01:45:08 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-01-02 01:44:33 0 d-------- C:\Program Files\Java
2008-01-02 01:44:05 0 d-------- C:\Program Files\Common Files\Java
2008-01-01 10:13:53 0 d-------- C:\Documents and Settings\Owner\.dvdcss
2007-12-31 23:32:13 225280 --a------ C:\WINDOWS\system32\KPDPMUI.dll <Not Verified; Eastman Kodak Company; Kodak EasyShare printer>
2007-12-31 23:32:13 290816 --a------ C:\WINDOWS\system32\KPDPM.dll <Not Verified; Eastman Kodak Company; Kodak EasyShare printer>
2007-12-31 23:31:45 0 d-------- C:\Program Files\Common Files\Kodak
2007-12-31 23:31:36 0 d-------- C:\KPCMS
2007-12-29 23:12:57 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-29 21:22:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-29 21:21:49 0 d-------- C:\Program Files\Real
2007-12-29 21:21:46 0 d-------- C:\Program Files\Common Files\Real
2007-12-29 21:21:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-12-29 18:59:48 0 d-------- C:\Program Files\CCleaner
2007-12-29 05:25:32 0 d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2007-12-29 05:25:08 11776 --a------ C:\WINDOWS\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
2007-12-29 05:24:29 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-12-29 05:12:18 0 d-------- C:\Program Files\Trend Micro
2007-12-29 05:06:39 0 d-------- C:\WINDOWS\Pixart
2007-12-29 05:06:37 0 d-------- C:\Program Files\CIF USB Camera
2007-12-29 04:48:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-29 04:47:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-29 04:47:48 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-29 04:47:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 22:54:50 0 d-------- C:\Program Files\Microsoft Works
2007-12-22 22:50:41 0 d-------- C:\WINDOWS\SHELLNEW
2007-12-22 22:49:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-22 22:49:21 0 dr-h----- C:\MSOCache
2007-12-22 22:07:49 0 d-------- C:\Program Files\Microsoft Small Business
2007-12-22 22:05:25 0 d-------- C:\Program Files\Microsoft.NET
2007-12-22 22:03:53 0 d-------- C:\Program Files\Microsoft SQL Server
2007-12-22 21:44:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-22 21:44:18 0 d-------- C:\Program Files\Uniblue
2007-12-21 17:27:23 0 d-------- C:\81580206dda5769dd93d
2007-12-21 10:26:41 15721 --a------ C:\logfile
2007-12-21 01:21:38 0 d-------- C:\Program Files\MediaCoder
2007-12-21 01:06:52 0 d-------- C:\Program Files\MSXML 4.0
2007-12-20 20:09:25 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-20 18:44:07 0 d-------- C:\WINDOWS\system32\PreInstall
2007-12-20 17:40:11 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-12-20 12:57:41 0 d-------- C:\Program Files\PeerGuardian2
2007-12-20 12:34:19 0 d-------- C:\Program Files\uTorrent
2007-12-20 12:34:13 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-19 20:01:47 0 d-------- C:\Program Files\Snood
2007-12-19 19:54:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-19 19:46:54 0 d-------- C:\Program Files\Master of Defense
2007-12-19 19:35:32 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-19 19:35:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2007-12-19 19:35:32 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-19 19:29:18 0 d-------- C:\TempDVD
2007-12-19 19:29:14 0 d-------- C:\Program Files\dvdSanta
2007-12-19 19:18:53 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-19 19:18:00 0 d-------- C:\ba96c27ff82a21f9c0763e
2007-12-19 19:17:56 0 d-------- C:\WINDOWS\system32\LogFiles
2007-12-19 19:17:56 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-19 19:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-19 19:09:24 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-12-19 19:09:18 0 d-------- C:\WINDOWS\system32\QuickTime
2007-12-19 19:09:18 0 d-------- C:\Program Files\QuickTime
2007-12-19 19:09:18 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-19 19:09:08 0 d-------- C:\WINDOWS\system32\BWKDLogs
2007-12-19 19:08:45 0 d-------- C:\WINDOWS\system32\color
2007-12-19 19:07:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-19 19:07:27 0 d-------- C:\Program Files\Kodak
2007-12-19 18:34:58 1397 --a------ C:\WINDOWS\mozver.dat
2007-12-19 18:17:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-12-19 18:17:04 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-19 18:17:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-12-19 18:07:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-12-19 18:07:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-12-19 18:06:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-19 18:05:13 0 d-------- C:\Program Files\Yahoo!
2007-12-19 14:53:29 0 d-------- C:\WINDOWS\system32\Lang
2007-12-19 14:49:21 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-19 14:49:16 0 d-------- C:\Documents and Settings\LocalService\Application
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #19  
Old 11-01-2008, 03:41 AM
Warrenisit's Avatar
CJ Member
 
Warrenisit is offline
 
Join Date: Jan 2008
Last Online: 28-09-2008 08:42 AM
Posts: 37
iTrader: (0)
Warrenisit is on a distinguished road
Default Yahoo Messenger/other
The second half of Main

Data\AVG7
2007-12-19 14:49:02 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-19 14:47:16 0 d-------- C:\Program Files\Lavasoft
2007-12-19 14:39:53 0 d-------- C:\Program Files\S3
2007-12-19 14:38:50 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-12-19 14:38:30 0 d-------- C:\WINDOWS\system32\RTCOM
2007-12-19 14:37:43 0 d-------- C:\Program Files\Realtek
2007-12-19 14:37:33 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-12-19 14:37:32 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-12-19 14:37:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-19 14:36:57 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-12-19 14:36:41 0 d-------- C:\Program Files\VIA
2007-12-19 14:36:31 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-19 14:36:07 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-12-19 14:00:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-12-19 14:00:39 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2007-12-19 14:00:39 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2007-12-19 14:00:39 0 d--h----- C:\Documents and Settings\Owner\NetHood
2007-12-19 14:00:39 0 dr------- C:\Documents and Settings\Owner\My Documents
2007-12-19 14:00:39 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2007-12-19 14:00:39 0 dr------- C:\Documents and Settings\Owner\Favorites
2007-12-19 14:00:39 0 d-------- C:\Documents and Settings\Owner\Desktop
2007-12-19 14:00:39 0 d---s---- C:\Documents and Settings\Owner\Cookies
2007-12-19 14:00:39 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2007-12-19 14:00:38 0 d--h----- C:\Documents and Settings\Owner\Templates
2007-12-19 14:00:38 0 dr------- C:\Documents and Settings\Owner\Start Menu
2007-12-19 14:00:38 2883584 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT
2007-12-19 14:00:33 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-12-19 14:00:22 0 d-------- C:\WINDOWS\Prefetch
2007-12-19 14:00:16 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-12-19 14:00:15 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-12-19 14:00:15 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-12-19 14:00:15 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-12-19 14:00:15 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-12-19 14:00:15 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-12-19 13:57:11 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-12-19 13:57:11 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-12-19 13:57:11 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-12-19 13:57:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-12-19 13:57:11 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-12-19 13:54:29 0 d-------- C:\WINDOWS\system32\xircom
2007-12-19 13:54:29 0 d-------- C:\Program Files\microsoft frontpage
2007-12-19 13:54:27 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-12-19 13:54:19 0 d--h----- C:\WINDOWS\$hf_mig$
2007-12-19 13:54:00 0 -rahs---- C:\MSDOS.SYS
2007-12-19 13:54:00 0 -rahs---- C:\IO.SYS
2007-12-19 13:54:00 0 --a------ C:\CONFIG.SYS
2007-12-19 13:54:00 0 --a------ C:\AUTOEXEC.BAT
2007-12-19 13:53:00 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-12-19 13:52:52 0 dr------- C:\WINDOWS\Offline Web Pages
2007-12-19 13:52:52 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-12-19 13:52:42 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-19 13:52:25 0 d-------- C:\WINDOWS\system32\DirectX
2007-12-19 13:51:57 0 d---s---- C:\WINDOWS\Tasks
2007-12-19 13:51:56 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-19 13:51:53 0 d-------- C:\WINDOWS\srchasst
2007-12-19 13:51:52 0 d-------- C:\WINDOWS\system32\Macromed
2007-12-19 13:51:46 0 d-------- C:\Program Files\Movie Maker
2007-12-19 13:51:39 0 d-------- C:\WINDOWS\system32\Restore
2007-12-19 13:51:25 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-19 13:51:09 0 d-------- C:\WINDOWS\Registration
2007-12-19 13:50:45 0 d-------- C:\Program Files\Online Services
2007-12-19 13:50:41 0 d-------- C:\Program Files\Messenger
2007-12-19 13:50:38 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-19 13:50:06 0 d-------- C:\Program Files\Windows NT
2007-12-19 13:50:02 0 d-------- C:\WINDOWS\system32\MsDtc
2007-12-19 13:50:01 0 d-------- C:\WINDOWS\system32\Com
2007-12-19 07:29:47 0 d--hs---- C:\WINDOWS\Installer
2007-12-19 07:29:47 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-19 07:29:43 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-19 07:29:42 0 dr------- C:\Program Files
2007-12-19 07:29:42 0 d-------- C:\Program Files\Common Files
2007-12-19 07:29:17 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-12-19 07:29:17 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-12-19 07:29:17 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-12-19 07:29:17 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-12-19 07:29:17 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-12-19 07:29:17 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-12-19 07:29:17 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-12-19 07:29:17 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-12-19 07:29:17 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-12-19 07:29:17 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-12-19 07:29:17 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-12-19 07:29:17 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-12-19 07:29:17 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-12-19 07:29:17 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-12-19 07:29:17 0 dr------- C:\Documents and Settings\All Users\Documents
2007-12-19 07:29:17 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-12-19 07:27:26 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-12-19 07:27:26 0 d-------- C:\WINDOWS\system32\CatRoot
2007-12-19 07:27:21 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-12-19 07:27:21 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-12-19 07:27:21 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-12-19 07:27:21 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-12-19 07:26:54 0 d-------- C:\Documents and Settings
2007-12-19 07:26:53 0 d--hs---- C:\System Volume Information
2007-12-19 07:18:58 0 d-------- C:\WINDOWS
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\WinSxS
2007-12-19 07:18:58 0 dr------- C:\WINDOWS\Web
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\twain_32
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\wins
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\wbem
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\usmt
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\spool
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\ShellExt
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\Setup
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\ras
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\oobe
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\npp
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\mui
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\inetsrv
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\IME
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\icsxml
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\ias
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\export
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\drivers
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-12-19 07:18:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\dhcp
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\config
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\3076
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\2052
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\1054
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\1042
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\1041
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\1037
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\1033
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\1031
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\1028
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system32\1025
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\system
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\security
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\Resources
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\repair
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\Provisioning
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\PeerNet
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\pchealth
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\mui
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\msapps
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\msagent
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\Media
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\java
2007-12-19 07:18:58 0 d--h----- C:\WINDOWS\inf
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\ime
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\Help
2007-12-19 07:18:58 0 dr--s---- C:\WINDOWS\Fonts
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\Driver Cache
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\Debug
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\Cursors
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\Connection Wizard
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\Config
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\AppPatch
2007-12-19 07:18:58 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-01-02 09:02:00 34 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2008-01-02 09:01:52 1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2008-01-02 09:01:52 7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2007-12-19 07:29:17 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [12/20/2007 11:13 AM]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [12/31/2007 09:16 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PowerBar"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ClearRecentDocsOnExit"=00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,useri nit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"




-- End of Deckard's System Scanner: finished at 2008-01-10 21:36:57 ------------
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #20  
Old 11-01-2008, 03:41 AM
Warrenisit's Avatar
CJ Member
 
Warrenisit is offline
 
Join Date: Jan 2008
Last Online: 28-09-2008 08:42 AM
Posts: 37
iTrader: (0)
Warrenisit is on a distinguished road
Default Yahoo Messenger/other
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU E4400 @ 2.00GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU E4400 @ 2.00GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 895.17 MiB / 557.22 MiB
Pagefile Memory (total/avail): 2168.09 MiB / 1840.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1895.89 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 37.27 GiB total, 10.23 GiB free.
D: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75CLB0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: PC Tools Firewall Plus v3.0.0 (PC Tools)
FW: Bitdefender Firewall v8.0 (BitDefender) Disabled
AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled
AV: avast! antivirus 4.7.1098 [VPS 080110-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Disabled:EasyShare"
"C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win99.exe"=" C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win99.exe:*:E nabled:win99"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WARREN1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\WARREN1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=WARREN1
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-aware 6 Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,Run Setup
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CIF USB Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}\Setup.exe" -l0x9
ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
dvdSanta 4.00 --> "C:\Program Files\dvdSanta\unins000.exe"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\s puninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140011_a6aefb7\Se tup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Master of Defense (remove only) --> C:\Program Files\Master of Defense\Uninstall.exe
MediaCoder 0.6.0 --> C:\Program Files\MediaCoder\uninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2007 --> "c:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PC Tools Firewall Plus 3.0 --> "C:\Program Files\PC Tools Firewall Plus\unins000.exe"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Snood for Windows version 3.52-W --> "C:\Program Files\Snood\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
ThreatFire 3.0 --> "C:\Program Files\ThreatFire\unins000.exe"
Uniblue SpeedUpMyPC --> "C:\Program Files\Uniblue\SpeedUpMyPC\unins000.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0071 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1467 / Error
Event Submitted/Written: 01/10/2008 09:36:27 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type1466 / Error
Event Submitted/Written: 01/10/2008 09:36:00 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type1465 / Error
Event Submitted/Written: 01/10/2008 09:36:00 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type1464 / Error
Event Submitted/Written: 01/10/2008 09:36:00 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type1463 / Error
Event Submitted/Written: 01/10/2008 09:36:00 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3494 / Warning
Event Submitted/Written: 01/10/2008 09:27:50 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3477 / Error
Event Submitted/Written: 01/10/2008 09:05:20 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.100.13 on the
Network Card with network address 001BFCF59F5F.

Event Record #/Type3476 / Warning