Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack this, root kit revealer, dss included

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack this, root kit revealer, dss included

Unread postby betty » October 24th, 2007, 3:46 pm

My original topic was archived after I went out of town, so here's the link to it :)

http://www.malwareremoval.com/forum/viewtop ... highlight=

And my logs to follow :)

Thanks for any help
betty
Active Member
 
Posts: 6
Joined: September 25th, 2007, 8:41 am
Advertisement
Register to Remove

Unread postby betty » October 24th, 2007, 3:47 pm

DSS LOG

Deckard's System Scanner v20071014.68
Run by Main on 2007-10-24 14:37:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2007-10-24 18:37:46 UTC - RP140 - Deckard's System Scanner Restore Point
92: 2007-10-24 15:37:28 UTC - RP139 - System Checkpoint
91: 2007-10-23 14:57:30 UTC - RP138 - System Checkpoint
90: 2007-10-22 12:37:12 UTC - RP137 - System Checkpoint
89: 2007-10-21 09:59:13 UTC - RP136 - System Checkpoint


-- First Restore Point --
1: 2007-07-27 01:30:08 UTC - RP48 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Main.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:39:13 PM, on 24/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Main\My Documents\dss.exe
C:\PROGRA~1\HIJACK~1\Main.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 4647896437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4647886687
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ActiveFax-Server-Service (ActiveFaxServiceNT) - ActFax Communication - C:\Program Files\ActiveFax\Server\ActSrvNT.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S3 ActiveFaxServiceNT (ActiveFax-Server-Service) - c:\program files\activefax\server\actsrvnt.exe <Not Verified; ActFax Communication; ActiveFax>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-09-24 and 2007-10-24 -----------------------------

2007-10-24 14:24:32 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-10-24 14:23:43 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-10-12 08:57:50 0 d-------- C:\Documents and Settings\Main\Application Data\Nero
2007-10-12 08:55:41 0 d-------- C:\Program Files\Common Files\Nero
2007-10-12 08:55:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-09 16:57:54 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-09 16:56:32 0 d-------- C:\Program Files\GT Racers
2007-10-06 01:18:41 0 d-------- C:\Documents and Settings\Main\Application Data\vlc
2007-10-05 23:07:11 0 d-------- C:\Program Files\VideoLAN
2007-09-25 09:22:05 127 --a------ C:\WINDOWS\system32\ActiveFax.Cmd
2007-09-25 09:21:41 86016 --a------ C:\WINDOWS\system32\ActMonRe.dll <Not Verified; ActFax Communication; ActiveFax>
2007-09-25 09:21:41 360448 --a------ C:\WINDOWS\system32\ActMonNT.dll <Not Verified; ActFax Communication; ActiveFax>
2007-09-25 09:21:40 73728 --a------ C:\WINDOWS\UIActFax.exe <Not Verified; ActFax Communication; ActiveFax>
2007-09-25 09:21:40 65536 --a------ C:\WINDOWS\UIActFax.dll <Not Verified; ActFax Communication; ActiveFax>
2007-09-25 09:21:39 0 d-------- C:\Program Files\ActiveFax
2007-09-25 08:53:08 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-09-25 08:46:33 0 d-------- C:\Documents and Settings\Main\.housecall6.6
2007-09-24 10:04:14 0 d-------- C:\Program Files\IsoBuster


-- Find3M Report ---------------------------------------------------------------

2007-10-24 14:37:32 0 d-------- C:\Program Files\Trillian
2007-10-24 14:32:38 0 d-------- C:\Documents and Settings\Main\Application Data\uTorrent
2007-10-24 11:18:59 0 d-------- C:\Program Files\ALZip
2007-10-19 10:07:57 0 d-------- C:\Documents and Settings\Main\Application Data\Vso
2007-10-12 08:55:41 0 d-------- C:\Program Files\Nero
2007-10-12 08:55:41 0 d-------- C:\Program Files\Common Files
2007-10-01 16:08:16 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-09-10 01:36:34 0 d-------- C:\Documents and Settings\Main\Application Data\Real
2007-09-04 22:57:27 0 d-------- C:\Documents and Settings\Main\Application Data\Sun
2007-09-04 22:57:23 671 --a------ C:\WINDOWS\mozver.dat
2007-09-04 22:56:54 0 d-------- C:\Program Files\Java
2007-09-04 22:55:59 0 d-------- C:\Program Files\Common Files\Java
2007-08-31 07:22:43 0 d-------- C:\Program Files\BayGenie


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [30/04/2006 10:07 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [10/04/2006 09:19 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/03/2006 06:29 AM]
"nwiz"="nwiz.exe" [10/03/2006 06:29 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/03/2006 06:29 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/05/2007 10:46 PM]
"@"="" []
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20/03/2007 04:40 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 03:57 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/08/2007 10:34 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 12:47 AM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [01/10/2007 04:08 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00 AM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [09/09/2007 09:31 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 07:56 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [15/05/2007 05:12 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [16/01/2007 09:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [01/05/2007 11:11:48 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
*Newly Created Service* - NMINDEXINGSERVICE
*Newly Created Service* - RKREVEAL150

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2007-10-24 14:39:53 ------------
betty
Active Member
 
Posts: 6
Joined: September 25th, 2007, 8:41 am

Unread postby betty » October 24th, 2007, 3:53 pm

Root Kit Reveal



HKLM\SECURITY\Policy\Secrets\SAC* 17/07/2007 12:28 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 17/07/2007 12:28 AM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7w.cfs 24/10/2007 10:29 AM 19.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.cfs 24/10/2007 11:23 AM 22.15 KB Hidden from Windows API.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f0 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f1 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f10 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f11 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f12 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f13 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f14 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f15 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f16 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f17 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f18 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f19 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f2 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f20 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f21 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f22 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f23 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f24 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f25 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f26 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f27 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f28 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f29 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f3 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f30 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f31 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f32 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f33 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f34 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f35 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f36 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f37 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f38 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f39 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f4 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f40 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f41 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f42 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f43 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f44 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f45 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f46 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f47 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f48 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f49 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f5 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f50 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f51 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f52 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f53 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f54 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f55 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f56 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f57 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f58 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f59 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f6 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f60 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f61 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f62 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f63 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f64 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f65 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f66 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f67 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f68 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f69 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f7 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f70 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f71 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f72 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f73 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f74 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f75 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f76 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f77 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f78 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f79 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f8 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f80 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f81 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f82 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f83 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f84 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f85 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f86 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f87 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f88 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f89 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f9 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f90 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f91 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f92 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f93 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f94 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f95 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f96 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f97 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f98 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.f99 24/10/2007 11:23 AM 6 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.fdt 24/10/2007 11:23 AM 3.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.fdx 24/10/2007 11:23 AM 48 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.fnm 24/10/2007 11:23 AM 3.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.frq 24/10/2007 11:23 AM 1.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.prx 24/10/2007 11:23 AM 1.70 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.tii 24/10/2007 11:23 AM 99 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.tis 24/10/2007 11:23 AM 7.73 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.tvd 24/10/2007 11:23 AM 12 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.tvf 24/10/2007 11:23 AM 2.39 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Main\Local Settings\Application Data\Ahead\Nero Home\idx\_k7z.tvx 24/10/2007 11:23 AM 52 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP138\change.log 24/10/2007 11:20 AM 293.64 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP138\change.log.3 24/10/2007 11:32 AM 297.89 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP138\drivetable.txt 24/10/2007 11:37 AM 400 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139 24/10/2007 11:37 AM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\A0014447.ini 24/10/2007 11:36 AM 1.45 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\A0014448.old 24/10/2007 11:32 AM 12.63 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\change.log 24/10/2007 11:42 AM 1.92 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\RestorePointSize 24/10/2007 11:37 AM 8 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\rp.log 24/10/2007 11:37 AM 536 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot 24/10/2007 11:37 AM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_MACHINE_SAM 24/10/2007 11:37 AM 24.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_MACHINE_SECURITY 24/10/2007 11:37 AM 44.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_MACHINE_SOFTWARE 24/10/2007 11:37 AM 28.20 MB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_MACHINE_SYSTEM 24/10/2007 11:37 AM 4.00 MB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_USER_.DEFAULT 24/10/2007 11:37 AM 256.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18 24/10/2007 11:37 AM 256.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19 24/10/2007 11:37 AM 244.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20 24/10/2007 11:37 AM 244.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-746137067-1390067357-1417001333-1003 24/10/2007 11:37 AM 3.71 MB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19 24/10/2007 11:37 AM 8.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20 24/10/2007 11:37 AM 8.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-746137067-1390067357-1417001333-1003 24/10/2007 11:37 AM 224.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\ComDb.Dat 17/07/2007 12:10 AM 21.98 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\domain.txt 24/10/2007 11:37 AM 44 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository 24/10/2007 11:37 AM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository\$WinMgmt.CFG 12/10/2007 9:01 AM 20 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository\FS 24/10/2007 11:37 AM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository\FS\INDEX.BTR 24/10/2007 11:36 AM 1.01 MB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository\FS\INDEX.MAP 24/10/2007 11:37 AM 556 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository\FS\MAPPING.VER 24/10/2007 11:37 AM 4 bytes Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository\FS\MAPPING1.MAP 24/10/2007 11:37 AM 3.31 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository\FS\MAPPING2.MAP 24/10/2007 11:36 AM 3.31 KB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository\FS\OBJECTS.DATA 24/10/2007 11:36 AM 5.30 MB Hidden from Windows API.
C:\System Volume Information\_restore{981A1B84-71E5-4234-AD36-6DE24D278111}\RP139\snapshot\Repository\FS\OBJECTS.MAP 24/10/2007 11:37 AM 2.77 KB Hidden from Windows API.
betty
Active Member
 
Posts: 6
Joined: September 25th, 2007, 8:41 am

Unread postby betty » October 24th, 2007, 7:25 pm

I forgot to post the DSS extra


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2046.42 MiB / 1444.02 MiB
Pagefile Memory (total/avail): 3939.35 MiB / 3505.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.41 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 110.31 GiB free.
D: is Fixed (NTFS) - 127.99 GiB total, 22.17 GiB free.
E: is Fixed (NTFS) - 74.52 GiB total, 24.2 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE2 - ST380817AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - E:

\\.\PHYSICALDRIVE0 - WDC WD1600BB-00FTA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - D:

\\.\PHYSICALDRIVE1 - WDC WD2500KS-00MJB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Main\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BEAUTYROO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Main
LOGONSERVER=\\BEAUTYROO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ALZip;C:\Program Files\ALZip;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Main\LOCALS~1\Temp
TMP=C:\DOCUME~1\Main\LOCALS~1\Temp
USERDOMAIN=BEAUTYROO
USERNAME=Main
USERPROFILE=C:\Documents and Settings\Main
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Main (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC-3 ACM Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf
ActiveFax --> C:\WINDOWS\UIActFax.exe
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Digital Editions --> C:\Documents and Settings\Main\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions2x0\digitaleditions2x0.exe -uninstall
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced eBook Processor --> C:\PROGRA~1\AEBPR\UNWISE.EXE C:\PROGRA~1\AEBPR\INSTALL.LOG
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
ALUpdate --> "C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip --> "C:\Program Files\ALZip\unins000.exe"
BayGenie eBay Auction Sniper Pro Edition 3.0.0.0 --> "C:\Program Files\BayGenie\ProEdition\unins000.exe"
Better File Rename 4.9.5 --> "C:\Program Files\Better File Rename\unins000.exe"
ConvertXtoDVD 2.2.2.256 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
EssentialPIM Pro Beta --> C:\Program Files\EssentialPIM Pro\uninstall.exe
EVGA Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
GT Racers 1.00 --> C:\WINDOWS\iun6002.exe "C:\Program Files\GT Racers\irunin.ini"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Intel(R) 536EP Modem --> rundll32 IntelSdi.dll,iSMUninstallation "Intel(R) 536EP Modem"
IsoBuster 1.9 --> "C:\Program Files\IsoBuster\Uninst\unins000.exe"
JAlbum 7.2 --> C:\Program Files\JAlbum7.2\Uninstall.exe
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
Passware Kit Enterprise 8.0 --> C:\Program Files\Passware\un-kit_ent.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SureThing CD Labeler Deluxe 5 --> "C:\Program Files\SureThing CD Labeler 5\unins000.exe"
Tag&Rename 3.3 --> "C:\Program Files\TagRename\unins000.exe"
The Bat! Professional v3.99.3 --> MsiExec.exe /I{40BF1520-BAB7-4B38-A2FB-C474A888FACA}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type384 / Error
Event Submitted/Written: 10/19/2007 09:18:28 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ShowTime.exe, version 4.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type383 / Error
Event Submitted/Written: 10/19/2007 09:17:58 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ALZip.exe, version 7.0.0.2338, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type382 / Error
Event Submitted/Written: 10/19/2007 09:14:59 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ALZip.exe, version 7.0.0.2338, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type381 / Error
Event Submitted/Written: 10/18/2007 09:03:23 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20070.25881, faulting module unknown, version 0.0.0.0, fault address 0xc033c300.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type357 / Error
Event Submitted/Written: 10/02/2007 11:05:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20070.25881, faulting module js3250.dll, version 4.0.0.0, fault address 0x0001f88c.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2612 / Warning
Event Submitted/Written: 10/24/2007 11:59:30 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.

Event Record #/Type2611 / Warning
Event Submitted/Written: 10/24/2007 11:59:30 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.

Event Record #/Type2610 / Warning
Event Submitted/Written: 10/24/2007 11:59:30 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.

Event Record #/Type2609 / Error
Event Submitted/Written: 10/24/2007 11:59:10 AM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk2\D.

Event Record #/Type2603 / Warning
Event Submitted/Written: 10/23/2007 04:08:32 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-10-24 14:39:53 ------------
betty
Active Member
 
Posts: 6
Joined: September 25th, 2007, 8:41 am

Unread postby wng_z3r0 » November 9th, 2007, 11:10 am

Hello.

What are the symptoms you are having?


Download Gmer to your Desktop and unzip it to your Desktop.
http://www.gmer.net/gmer.zip

Disconnect from internet and close running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double click gmer.exe.
Let the gmer.sys driver load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
If no warning....
Click the rootkit tab
To the right of the program you will see a bunch of boxes that have been checked... leave everything checked. Then click the Scan button. Wait for the scan to finish.
Once done click the Copy button.
Open Notepad and hit ctrl+v to paste the log. Save the log to your desktop please.

Click the >>> tab. This will open up all available tabs for you.
Click the Autostart tab then the scan button. Once its done click the Copy button and paste it into a new notepad document. Save that document to your desktop please.


wng
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

Re: Hijack this, root kit revealer, dss included

Unread postby askey127 » November 23rd, 2007, 12:00 pm

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware