Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Newbie to Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Newbie to Malware

Unread postby Enkerli » June 7th, 2008, 8:31 am

Occasionally noticing things I think are unusual, but they can usually be explained. Just had some wixawin ad popups even though my browser should disable popups. A quick search told me it might be Vundo. I don't seem to be affected by Vundo but it got me thinking about making sure I wasn't infected by something else.
So, just in case my computer has other malware, thought I could post my HjT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:24:54, on 2008-06-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\EverNote\Evernote3\UniClipper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE
C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe
C:\Documents and Settings\Kvik\Desktop\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Diigo Toolbar Helper - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: &Plummer - {2F054105-E646-4044-AE59-13A3BED976A1} - C:\Program Files\Plummer\PlummerCOM.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] __"C:\Program Files\iTunes\iTunesHelper.exe"__
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\Evernote3\UniClipper.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [BoxOfficeAddinUpdate] msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3103451968
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe

--
End of file - 14294 bytes
Enkerli
Regular Member
 
Posts: 16
Joined: June 7th, 2008, 7:30 am
Advertisement
Register to Remove

Re: Newbie to Malware

Unread postby ndmmxiaomayi » June 13th, 2008, 9:36 am

Hi,

Welcome to Malware Removal.

Sorry for the delay in getting to you.

Do you know anything about this toolbar?

O3 - Toolbar: &Plummer - {2F054105-E646-4044-AE59-13A3BED976A1} - C:\Program Files\Plummer\PlummerCOM.dll

  1. Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
  2. Save all your work and close all opened programs.
  3. Double click on dss.exe to run it. Follow the prompts.
  4. When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
  5. Please post the contents of the 2 log files in your next reply. 1 log per reply please.

In your next reply, please post:

  1. The 2 DSS reports
  2. If you know anything about the Plummer toolbar
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Newbie to Malware

Unread postby Enkerli » June 13th, 2008, 2:59 pm

No apologies necessary. Wasn't expecting a prompt reply, especially for such a generic request.

2. Yes, Plummer is a toolbar for a social bookmarking system. Not a very popular one, but it works fine for my purposes. Pretty sure it isn't causing a problem, but maybe you could tell me wrong.

1. The DSS reports:

main.txt
Deckard's System Scanner v20071014.68
Run by Kvik on 2008-06-13 14:27:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-06-13 18:29:56 UTC - RP393 - Deckard's System Scanner Restore Point
83: 2008-06-13 04:59:10 UTC - RP392 - Installed Evernote
82: 2008-06-13 04:51:07 UTC - RP391 - Removed Evernote
81: 2008-06-13 03:55:29 UTC - RP390 - Installed BlogBridge
80: 2008-06-12 19:42:27 UTC - RP389 - System Checkpoint


-- First Restore Point --
1: 2008-04-14 03:07:50 UTC - RP310 - Supprimé Java(TM) 6 Update 3


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.45 GiB (less than 15%) free.


-- HijackThis (run as Kvik.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:30, on 2008-06-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\Kvik\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kvik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Diigo Toolbar Helper - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: &Plummer - {2F054105-E646-4044-AE59-13A3BED976A1} - C:\Program Files\Plummer\PlummerCOM.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] __"C:\Program Files\iTunes\iTunesHelper.exe"__
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\Evernote3\UniClipper.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [BoxOfficeAddinUpdate] msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3103451968
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe

--
End of file - 13718 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080607-072337-882 O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ENETNT5 (Efficient Networks, tango Access PPPoE WAN Miniport) - c:\windows\system32\drivers\enetnt.sys <Not Verified; Efficient Networks, Inc.; tango>
R3 LaCieFWFilter (Silver 1394 Filter (1394 BUS Filter Driver)) - c:\windows\system32\drivers\laciefwfilter.sys <Not Verified; LaCie Group S.A.; LaCie Group S.A. LaCieFWFilter>
R3 LaCieUSBFilter (Silver USB Filter (USB BUS Filter Driver)) - c:\windows\system32\drivers\lacieusbfilter.sys <Not Verified; LaCie Group; >

S3 BLKWGD (Belkin Wireless G Desktop Card Service) - c:\windows\system32\drivers\blkwgd.sys (file missing)
S3 DC21x4 (DC21x4 Based Network Adapter Driver) - c:\windows\system32\drivers\dc21x4.sys (file missing)
S3 ENDETECT - c:\program files\bell\access manager\app\endetect.sys <Not Verified; Efficient Networks, Inc.; tango>
S3 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys (file missing)
S3 kqemu (KQEMU virtualisation module for QEMU) - c:\windows\system32\drivers\kqemu.sys
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 NTSTPL1 - c:\program files\bell\access manager\app\ntstpl1.sys <Not Verified; Network TeleSystems, Inc.; TCP Pro>
S3 nvmd (Neuratron Ltd - Virtual Midi Port SvcDesc(WDM)) - c:\windows\system32\drivers\nvmd2k.sys
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 RAWESR - c:\program files\bell\access manager\app\rawesr.sys <Not Verified; Efficient Networks, Inc.; tango>
S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbaudio.sys (file missing)
S3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
S3 TAPBIND - c:\program files\bell\access manager\app\tapbind1.sys <Not Verified; Network TeleSystems, Inc.; TCP Pro>
S3 wlanndi5 (wlanndi5 NDIS Protocol Driver) - c:\windows\system32\wlanndi5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 FolderSize (Folder Size) - "c:\program files\foldersize\foldersizesvc.exe" <Not Verified; Brio; Folder Size for Windows>
R2 TangoService (Tango Service) - c:\program files\bell\access manager\app\tangoservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 09:42:00 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-06-09 02:14:08 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-30 15:00:27 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-26 20:47:27 390 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 00:58:27 0 d-------- C:\Documents and Settings\Kvik\Application Data\InstallShield
2008-06-12 23:56:35 0 d-------- C:\Documents and Settings\Kvik\.bb <BB1397~1>
2008-06-12 23:55:31 0 d-------- C:\Program Files\BlogBridge
2008-06-09 12:14:36 0 d-------- C:\Program Files\Weiran Zhang
2008-06-08 13:09:28 123939 --a------ C:\WINDOWS\system32\drivers\kqemu.sys
2008-06-08 13:07:46 0 d-a------ C:\Program Files\olpc
2008-06-07 12:09:20 0 d-------- C:\Program Files\FlixQueue
2008-06-07 07:17:46 0 d-------- C:\VundoFix Backups
2008-05-31 19:15:36 221184 --a------ C:\WINDOWS\system32\TidyATL.dll <Not Verified; ; Tidy Module>
2008-05-31 19:14:45 765952 --a------ C:\WINDOWS\system32\PolarSpellChecker.dll <Not Verified; Polar; Polar SpellChecker Component 5>
2008-05-31 02:25:14 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-31 02:06:47 0 d-------- C:\Program Files\Common Files\SIL
2008-05-31 02:06:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SIL
2008-05-31 01:17:26 0 d-------- C:\Program Files\improvisor338
2008-05-31 00:55:21 0 d-------- C:\Program Files\MuseScore 0.9
2008-05-30 19:40:43 0 d-------- C:\Documents and Settings\Kvik\Calgoo Hub Plugin <CALGOO~2>
2008-05-30 19:33:43 0 d-------- C:\Program Files\Common Files\Calgoo
2008-05-30 19:28:44 0 d-------- C:\Program Files\Calgoo Hub Beta Plugin
2008-05-30 15:47:06 0 d-------- C:\Program Files\Impro-Visor
2008-05-26 22:08:01 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-26 21:42:24 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-26 21:42:24 47360 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-26 21:42:23 0 d-------- C:\Documents and Settings\Kvik\Application Data\Vso
2008-05-26 21:41:37 0 d-------- C:\Program Files\VSO
2008-05-26 21:07:02 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-05-26 20:49:09 0 d-------- C:\Documents and Settings\Kvik\Application Data\Uniblue
2008-05-26 17:20:49 0 d-------- C:\Program Files\Real Alternative
2008-05-26 17:20:49 0 d-------- C:\Documents and Settings\Kvik\Application Data\Real
2008-05-26 17:20:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-05-25 12:48:37 0 d-------- C:\Program Files\New York Times
2008-05-21 18:17:22 0 d-------- C:\Documents and Settings\Kvik\Application Data\dasher.rc
2008-05-21 17:44:29 0 d-------- C:\Program Files\Dasher
2008-05-21 14:10:19 0 d-------- C:\Program Files\Participatory Culture Foundation
2008-05-20 16:56:05 0 d-------- C:\Program Files\SIL
2008-05-17 17:16:56 0 d-------- C:\Program Files\Diigo
2008-05-15 19:18:29 0 d-------- C:\Program Files\EZTest
2008-05-14 13:55:06 0 d-------- C:\WINDOWS\Prefetch
2008-05-14 13:26:15 0 d-------- C:\WINDOWS\system32\scripting
2008-05-14 13:26:08 0 d-------- C:\WINDOWS\l2schemas
2008-05-14 13:26:04 0 d-------- C:\WINDOWS\system32\en
2008-05-14 13:26:02 0 d-------- C:\WINDOWS\system32\bits
2008-05-14 12:57:09 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-14 12:47:24 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2008-06-13 00:59:44 0 d-------- C:\Program Files\EverNote
2008-06-13 00:59:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-10 23:02:55 0 d-------- C:\Documents and Settings\Kvik\Application Data\BeerTools Pro
2008-06-08 01:19:08 0 d-------- C:\Program Files\BeerTools Pro 1.5
2008-06-07 10:11:51 0 d-------- C:\Program Files\Common Files\Mediafour
2008-06-07 08:01:01 0 d-------- C:\Program Files\Common Files
2008-06-07 07:52:42 33 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.log
2008-06-07 07:52:30 7887 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.cat
2008-06-07 07:52:27 1144 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.inf
2008-06-06 02:24:31 0 d-------- C:\Documents and Settings\Kvik\Application Data\Skype
2008-06-06 00:07:00 0 d-------- C:\Documents and Settings\Kvik\Application Data\skypePM
2008-06-04 01:27:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-31 19:16:44 0 d-------- C:\Program Files\BlogDesk
2008-05-31 02:56:13 0 d-------- C:\Program Files\Flock
2008-05-31 02:51:08 0 d-------- C:\Program Files\Microsoft.NET
2008-05-26 22:21:45 668 --a------ C:\Documents and Settings\Kvik\Application Data\vso_ts_preview.xml
2008-05-26 17:04:01 16090 --a----c- C:\WINDOWS\mozver.dat
2008-05-22 18:49:39 80228 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-15 19:21:02 13583 --a------ C:\Program Files\setuplog.txt
2008-05-15 19:21:00 12547 --a------ C:\Program Files\uninstal.log
2008-05-14 13:31:21 0 d-------- C:\Program Files\Messenger
2008-05-14 13:26:00 0 d-------- C:\Program Files\Movie Maker
2008-05-11 23:43:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-11 22:51:58 0 d-------- C:\Program Files\HP
2008-05-11 16:44:51 0 d-------- C:\Documents and Settings\Kvik\Application Data\AVGTOOLBAR
2008-05-11 16:41:48 0 d-------- C:\Program Files\AVG
2008-05-11 14:03:08 0 d-------- C:\Documents and Settings\Kvik\Application Data\Comodo
2008-05-11 14:02:29 0 d-------- C:\Program Files\COMODO
2008-05-10 20:27:06 0 d-------- C:\Documents and Settings\Kvik\Application Data\Adobe
2008-05-10 20:26:29 0 d-------- C:\Program Files\Adobe Media Player
2008-05-10 20:26:18 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-09 21:46:37 0 d-------- C:\Program Files\Spyware Doctor
2008-05-02 17:13:53 0 d-------- C:\Documents and Settings\Kvik\Application Data\Opera
2008-05-02 17:04:58 0 d-------- C:\Program Files\Opera
2008-05-02 10:15:27 0 d-------- C:\Program Files\Java
2008-05-02 10:11:29 0 d-------- C:\Program Files\Common Files\Java
2008-05-02 08:21:36 0 d-------- C:\Program Files\Yahoo!
2008-05-02 08:19:49 0 d-------- C:\Program Files\Google
2008-05-01 21:05:52 0 d-------- C:\Program Files\Safari
2008-05-01 21:02:18 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 20:57:45 0 d-------- C:\Program Files\Trend Micro
2008-04-13 23:09:48 0 d-------- C:\Program Files\Frets on Fire
2008-04-13 12:06:04 0 d-------- C:\Program Files\Toolbox


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-11 16:42 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2F054105-E646-4044-AE59-13A3BED976A1}"= C:\Program Files\Plummer\PlummerCOM.dll [2007-05-22 06:24 81920]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-11 16:42 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{2F054105-E646-4044-AE59-13A3BED976A1}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{A3080223-0DB6-44E4-880D-F59DDC115DF6}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 16:42]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 22:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2005-03-13 03:33]
"iHP-100"="C:\Program Files\iRiver\HSeries\iHPDetect.exe" [2004-07-05 14:50]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 C:\WINDOWS\zHotkey.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-17 19:30]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 15:44]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 00:16]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 01:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37]
"iTunesHelper"="__C:\Program Files\iTunes\iTunesHelper.exe__" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-30 23:09]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 16:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 11:06]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27]
"UniClipper"="C:\Program Files\EverNote\Evernote3\UniClipper.exe" [2008-05-16 01:20]
"Simplify Media"="C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" [2008-05-13 14:30]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"BoxOfficeAddinUpdate"=msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Kvik\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [8/9/2002 5:36:20 PM]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/14/2006 12:35:46 PM]
C:\DOCUME~1\Kvik\LOCALS~1\Temp\~qtkdrjb.tmp\temp00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\WINDOWS\system32\guard32.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-13 14:52:06 ------------


extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) 3000+
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 959.48 MiB / 573.27 MiB
Pagefile Memory (total/avail): 2316.33 MiB / 1891.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1878.61 MiB

C: is Fixed (NTFS) - 145.74 GiB total, 7.46 GiB free.
D: is Fixed (FAT32) - 3.3 GiB total, 1.39 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 145.74 GiB - C:
\PARTITION1 - Unknown - 3.31 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------



-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kvik\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PACE
ComSpec=C:\WINDOWS\system32\cmd.exe
CSOUNDRC=C:\Program Files\Csound\.csoundrc
FP_NO_HOST_CHECK=NO
GLDPP_PREFS="-I"
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kvik
LOGONSERVER=\\PACE
NUMBER_OF_PROCESSORS=1
OPCODEDIR=C:\Program Files\Csound\plugins
OS=Windows_NT
Path=C:\Program Files\Flock\flock;C:\Program Files\Common Files\SIL;C:\Program Files\SIL\FieldWorks\;C:\Program Files\zoho\Zoho Plug-in for Microsoft Office;C:\PROGRA~1\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Csound\bin;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Csound\bin;C:\Program Files\MuseScore 0.9\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONPATH=;C:\Program Files\Csound\bin;C:\Program Files\Csound\bin
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RAWWAVE_PATH=C:\Program Files\Csound\samples
SESSIONNAME=Console
SFOUTYP=WAV
starttime=1213283559
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kvik\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kvik\LOCALS~1\Temp
USERDOMAIN=PACE
USERNAME=Kvik
USERPROFILE=C:\Documents and Settings\Kvik
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Catherine Léger.PACE
Kvik (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE /a C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {65482307-FE7D-4E7F-9DEF-3F0E841BC77A}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Audacity 1.3.3 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BeerTools Pro version 1.5 --> "C:\Program Files\BeerTools Pro 1.5\unins000.exe"
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Bleezer v0.9.8 --> "C:\Program Files\Bleezer\unins000.exe"
BlogBridge --> MsiExec.exe /I{60A58391-1459-4F2E-993A-34024AE84BB8}
BlogDesk 2.8 --> "C:\Program Files\BlogDesk\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bonjour Core for Windows --> MsiExec.exe /I{56DF5C9E-6392-46D3-B366-297B14E1DAAF}
BoxNetOfficeAddinSetup --> MsiExec.exe /I{96234F60-9B81-4C4C-9BC8-E2EE9D0EAFF8}
Brewsta v1.0 build 36 --> "C:\Program Files\Brewsta\unins000.exe"
Bulk Rename Utility 2, 3, 6, 0 --> C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{991B1~1\Setup.exe /remove /q0
Calgoo Beta 0.35 --> C:\Program Files\Calgoo\uninst.exe
Calgoo Calendar --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.calgoo.com/webstart/calgoo_calendar.jsp"
Calgoo Hub Beta Plugin v1.9.0 --> C:\Program Files\Calgoo Hub Beta Plugin\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CharisSIL 4.104 --> C:\Program Files\SIL\Fonts\CharisSIL\Uninstall.exe
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Creative Commons Add-in for Microsoft Office --> MsiExec.exe /I{EC719582-B6B4-436A-922B-67094106AB81}
Dasher 4.6 --> MsiExec.exe /I{A98A5ADD-D87E-4516-9CCB-AD11D20E6AAA}
DebugMode Wink --> "C:\Program Files\DebugMode\Wink\uninst.exe"
Desktopize for Zoho --> "C:\Program Files\Desktopize for Zoho\uninstall.exe"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Diigo Toolbar for Internet Explorer --> "C:\Program Files\Diigo\uninstall.exe"
Documents To Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C89C4BEA-3B9A-414A-9392-9CE4EC5C63BF}\setup.exe" -vzUNINST
Doppler --> MsiExec.exe /I{625272AD-3BB2-46BB-8B9F-C8F5B37FC32A}
ecto for Windows --> C:\Program Files\ecto 2\uninstall.exe
EndNote X Volume License Edition --> MsiExec.exe /I{FE4BD9BD-4A26-4F39-B12C-19336204B102}
Evernote --> C:\Program Files\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\setup.exe -runfromtemp -l0x0009 -removeonly
FileAlyzer 1.4 --> "C:\Program Files\Safer Networking\FileAlyzer\unins000.exe"
Finale NotePad 2007 --> C:\Program Files\Finale NotePad 2007\uninstallNP.exe
Flickr Uploadr 2.3 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
Fling the Teacher generator --> MsiExec.exe /I{61671637-510C-4D5C-B8CB-12242CD79BEA}
Flock 1.2 --> C:\Program Files\Flock\uninst.exe
Folder Size for Windows --> MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Freeciv 2.0.9 (GTK+ client) --> "C:\Program Files\Freeciv-2.0.9-gtk2\uninstall.exe"
FreeMind --> "C:\Program Files\FreeMind\unins000.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HDDlife plug-in for Google Desktop 1.1 --> C:\Program Files\BinarySense\HDDlife plug-in for Google Desktop\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Insert Tag Snippet --> MsiExec.exe /I{2C3E4AFC-E1AA-46DD-9E91-8942EF3B8F64}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1036
iRiver HSeries Manager VER 1.70 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D16514-F72B-49DA-9F3E-E5681BBD0A12}\Setup.exe" -l0x9
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
iTunes Agent 1.2 --> C:\Program Files\iTunes Agent\Uninstal.exe
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KQEMU virtualisation module for QEMU --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 132 %SystemRoot%\inf\kqemu.inf
Lab Partners --> c:\multsci\labpart\Uninstal.exe
LaCie Device Updater --> C:\PROGRA~1\LACIET~1\DEVICE~1\bin\CUSTOM~1.EXE
LimeWire 4.12.4 --> "C:\Program Files\LimeWire\uninstall.exe"
McGraw-Hill EZ Test --> C:\WINDOWS\unvise32.exe C:\Program Files\uninstal.log
MediaMonkey 3.0 --> "C:\Program Files\MediaMonkey\unins000.exe"
MemoriesOnWeb 3.1.7 --> "C:\Program Files\MemoriesOnWeb\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SILFW) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Miro --> C:\Program Files\Participatory Culture Foundation\Miro\uninstall.exe
MIT MathML Fonts 1.0 --> MsiExec.exe /I{C6E52B1B-9905-469A-B8CD-399FDFA98873}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3) --> C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.0) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
MuseScore 0.9 MuseScore score typesetter --> C:\Program Files\MuseScore 0.9\Uninstall.exe
MusicBrainz Picard 0.7.0 --> C:\Program Files\MusicBrainz Picard\uninst.exe
MusicBrainz Tagger 0.10.5 --> C:\PROGRA~1\MUSICB~2\UNWISE.EXE C:\PROGRA~1\MUSICB~2\INSTALL.LOG
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetAlyzer 0.3 --> "C:\Program Files\PepiMK Software\NetAlyzer\unins000.exe"
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
New York Times - Times Reader --> MsiExec.exe /I{EA8CE34B-C4C6-41DB-9AD2-5C73AC7A9A59}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\setup.exe" -uninstall
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Palm Desktop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
Palm Outlook Conduits Updater --> MsiExec.exe /I{616A66CD-D36D-4E24-8B67-33AFDFF48061}
Paragon Partition Manager 7.0 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F06F0CE-C2B7-428C-BF70-8C55EEDF81BC}\Setup.exe" -l0x40c
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
PicaLoader 1.51 --> "C:\Program Files\PicaLoader\UninsHs.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Plogue Bidule (remove only) --> "C:\Program Files\Plogue\Bidule\uninst.exe"
Plummer --> "C:\Program Files\Plummer\unins000.exe"
podAmigo 1.25 --> C:\Program Files\podAmigo\uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PyScrabble 1.6.2 --> C:\Program Files\PyScrabble\uninst.exe
Quackle 0.95 [Beta] --> "C:\Program Files\Quackle\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Qumana --> C:\Program Files\Qumana3\uninstall.exe
Real Alternative 1.8.0 --> "C:\Program Files\Real Alternative\unins000.exe"
RegAlyzer 1.4 --> "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
RelatedPostsPluginSetup --> MsiExec.exe /I{35CCE1AD-D453-47D0-99F4-431E46C5456E}
Ruckus Player --> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
RunAlyzer --> "C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Scala (remove only) --> "C:\Program Files\Scala22\uninst.exe"
Scrabble 1.1 --> "C:\Program Files\Lwh\Scrabble\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Semagic (remove only) --> "C:\Program Files\Semagic\uninstall.exe"
SIL FieldWorks 5.0 --> MsiExec.exe /I{A8085A68-E2AC-43B1-913E-5D50D9FADF4D}
Silverlining 98 --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Silverlining 98\ST5UNST.LOG"
Simplify Media --> MsiExec.exe /X{3D3ACF47-781F-4979-96EC-B240B748F79E}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sony Super Duper Music Looper 2.0 --> MsiExec.exe /I{9DECE42F-ABBD-4832-8735-D77F6032EF6E}
Spurl.net --> MsiExec.exe /X{D1353FE0-8846-4B2F-BA25-1931C4D6937F}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
TablePlugin --> MsiExec.exe /I{4233B984-D010-4FB4-A22D-4F523D6449E9}
Toolbox 1.5.1 Feb 2007 --> "C:\Program Files\Toolbox\unins000.exe"
Trend Micro RUBotted --> C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe -runfromtemp -l0x0009 -removeonly
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
Virtual Personality+ Ver 4.01 --> "C:\Program Files\Virtual Personality+\unins000.exe"
VoiceWalker --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\VoiceWalker\ST6UNST.LOG"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinDirStat 1.1.2 --> "C:\Program Files\WinDirStat\Uninstall.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Live Writer Blog This for Mozilla Firefox --> MsiExec.exe /X{39E705C7-669D-42EC-90F0-38F376D24774}
Windows Live Writer Blog This for Mozilla Firefox --> MsiExec.exe /X{B9392917-B735-4E27-B80E-110F4BBE32ED}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinSCP 3.8.2 --> "C:\Program Files\WinSCP3\unins000.exe"
Word count plugin for Live Writer --> MsiExec.exe /I{893931C2-0CD4-45DD-AFE3-3B7772FE65E1}
Write-N-Cite --> C:\PROGRA~1\Refworks\UNWISE.EXE C:\PROGRA~1\Refworks\INSTALL.LOG
XML Paper Specification Shared Components Pack 1.0 -->
Zoho Plug-in for Microsoft Office --> C:\Program Files\InstallShield Installation Information\{D4E0636A-784A-4E3F-9B45-4314A816758E}\Setup.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8453 / Error
Event Submitted/Written: 06/11/2008 10:34:30 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 765531331.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type8452 / Error
Event Submitted/Written: 06/11/2008 10:34:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application simplifymedia.exe, version 1.0.0.1010, faulting module simplifymedia.exe, version 1.0.0.1010, fault address 0x006812ea.
Processing media-specific event for [simplifymedia.exe!ws!]

Event Record #/Type8418 / Warning
Event Submitted/Written: 06/10/2008 11:07:56 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SILFW is not valid.

Event Record #/Type8403 / Error
Event Submitted/Written: 06/09/2008 00:36:33 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 686628912.

Event Record #/Type8402 / Error
Event Submitted/Written: 06/09/2008 00:36:29 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 686628912.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5031555 / Warning
Event Submitted/Written: 06/13/2008 08:58:31 AM / 06/13/2008 08:58:32 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5031521 / Warning
Event Submitted/Written: 06/10/2008 11:17:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5031495 / Warning
Event Submitted/Written: 06/10/2008 10:43:29 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5031462 / Warning
Event Submitted/Written: 06/09/2008 09:29:58 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5031435 / Error
Event Submitted/Written: 06/09/2008 07:58:04 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.



-- End of Deckard's System Scanner: finished at 2008-06-13 14:52:06 ------------
Enkerli
Regular Member
 
Posts: 16
Joined: June 7th, 2008, 7:30 am

Deckard Main

Unread postby Enkerli » June 13th, 2008, 3:01 pm

Deckard's System Scanner v20071014.68
Run by Kvik on 2008-06-13 14:27:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-06-13 18:29:56 UTC - RP393 - Deckard's System Scanner Restore Point
83: 2008-06-13 04:59:10 UTC - RP392 - Installed Evernote
82: 2008-06-13 04:51:07 UTC - RP391 - Removed Evernote
81: 2008-06-13 03:55:29 UTC - RP390 - Installed BlogBridge
80: 2008-06-12 19:42:27 UTC - RP389 - System Checkpoint


-- First Restore Point --
1: 2008-04-14 03:07:50 UTC - RP310 - Supprimé Java(TM) 6 Update 3


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.45 GiB (less than 15%) free.


-- HijackThis (run as Kvik.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:30, on 2008-06-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\Kvik\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kvik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Diigo Toolbar Helper - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: &Plummer - {2F054105-E646-4044-AE59-13A3BED976A1} - C:\Program Files\Plummer\PlummerCOM.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] __"C:\Program Files\iTunes\iTunesHelper.exe"__
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\Evernote3\UniClipper.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [BoxOfficeAddinUpdate] msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3103451968
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe

--
End of file - 13718 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080607-072337-882 O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ENETNT5 (Efficient Networks, tango Access PPPoE WAN Miniport) - c:\windows\system32\drivers\enetnt.sys <Not Verified; Efficient Networks, Inc.; tango>
R3 LaCieFWFilter (Silver 1394 Filter (1394 BUS Filter Driver)) - c:\windows\system32\drivers\laciefwfilter.sys <Not Verified; LaCie Group S.A.; LaCie Group S.A. LaCieFWFilter>
R3 LaCieUSBFilter (Silver USB Filter (USB BUS Filter Driver)) - c:\windows\system32\drivers\lacieusbfilter.sys <Not Verified; LaCie Group; >

S3 BLKWGD (Belkin Wireless G Desktop Card Service) - c:\windows\system32\drivers\blkwgd.sys (file missing)
S3 DC21x4 (DC21x4 Based Network Adapter Driver) - c:\windows\system32\drivers\dc21x4.sys (file missing)
S3 ENDETECT - c:\program files\bell\access manager\app\endetect.sys <Not Verified; Efficient Networks, Inc.; tango>
S3 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys (file missing)
S3 kqemu (KQEMU virtualisation module for QEMU) - c:\windows\system32\drivers\kqemu.sys
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 NTSTPL1 - c:\program files\bell\access manager\app\ntstpl1.sys <Not Verified; Network TeleSystems, Inc.; TCP Pro>
S3 nvmd (Neuratron Ltd - Virtual Midi Port SvcDesc(WDM)) - c:\windows\system32\drivers\nvmd2k.sys
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 RAWESR - c:\program files\bell\access manager\app\rawesr.sys <Not Verified; Efficient Networks, Inc.; tango>
S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbaudio.sys (file missing)
S3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
S3 TAPBIND - c:\program files\bell\access manager\app\tapbind1.sys <Not Verified; Network TeleSystems, Inc.; TCP Pro>
S3 wlanndi5 (wlanndi5 NDIS Protocol Driver) - c:\windows\system32\wlanndi5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 FolderSize (Folder Size) - "c:\program files\foldersize\foldersizesvc.exe" <Not Verified; Brio; Folder Size for Windows>
R2 TangoService (Tango Service) - c:\program files\bell\access manager\app\tangoservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 09:42:00 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-06-09 02:14:08 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-30 15:00:27 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-26 20:47:27 390 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 00:58:27 0 d-------- C:\Documents and Settings\Kvik\Application Data\InstallShield
2008-06-12 23:56:35 0 d-------- C:\Documents and Settings\Kvik\.bb <BB1397~1>
2008-06-12 23:55:31 0 d-------- C:\Program Files\BlogBridge
2008-06-09 12:14:36 0 d-------- C:\Program Files\Weiran Zhang
2008-06-08 13:09:28 123939 --a------ C:\WINDOWS\system32\drivers\kqemu.sys
2008-06-08 13:07:46 0 d-a------ C:\Program Files\olpc
2008-06-07 12:09:20 0 d-------- C:\Program Files\FlixQueue
2008-06-07 07:17:46 0 d-------- C:\VundoFix Backups
2008-05-31 19:15:36 221184 --a------ C:\WINDOWS\system32\TidyATL.dll <Not Verified; ; Tidy Module>
2008-05-31 19:14:45 765952 --a------ C:\WINDOWS\system32\PolarSpellChecker.dll <Not Verified; Polar; Polar SpellChecker Component 5>
2008-05-31 02:25:14 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-31 02:06:47 0 d-------- C:\Program Files\Common Files\SIL
2008-05-31 02:06:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SIL
2008-05-31 01:17:26 0 d-------- C:\Program Files\improvisor338
2008-05-31 00:55:21 0 d-------- C:\Program Files\MuseScore 0.9
2008-05-30 19:40:43 0 d-------- C:\Documents and Settings\Kvik\Calgoo Hub Plugin <CALGOO~2>
2008-05-30 19:33:43 0 d-------- C:\Program Files\Common Files\Calgoo
2008-05-30 19:28:44 0 d-------- C:\Program Files\Calgoo Hub Beta Plugin
2008-05-30 15:47:06 0 d-------- C:\Program Files\Impro-Visor
2008-05-26 22:08:01 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-26 21:42:24 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-26 21:42:24 47360 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-26 21:42:23 0 d-------- C:\Documents and Settings\Kvik\Application Data\Vso
2008-05-26 21:41:37 0 d-------- C:\Program Files\VSO
2008-05-26 21:07:02 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-05-26 20:49:09 0 d-------- C:\Documents and Settings\Kvik\Application Data\Uniblue
2008-05-26 17:20:49 0 d-------- C:\Program Files\Real Alternative
2008-05-26 17:20:49 0 d-------- C:\Documents and Settings\Kvik\Application Data\Real
2008-05-26 17:20:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-05-25 12:48:37 0 d-------- C:\Program Files\New York Times
2008-05-21 18:17:22 0 d-------- C:\Documents and Settings\Kvik\Application Data\dasher.rc
2008-05-21 17:44:29 0 d-------- C:\Program Files\Dasher
2008-05-21 14:10:19 0 d-------- C:\Program Files\Participatory Culture Foundation
2008-05-20 16:56:05 0 d-------- C:\Program Files\SIL
2008-05-17 17:16:56 0 d-------- C:\Program Files\Diigo
2008-05-15 19:18:29 0 d-------- C:\Program Files\EZTest
2008-05-14 13:55:06 0 d-------- C:\WINDOWS\Prefetch
2008-05-14 13:26:15 0 d-------- C:\WINDOWS\system32\scripting
2008-05-14 13:26:08 0 d-------- C:\WINDOWS\l2schemas
2008-05-14 13:26:04 0 d-------- C:\WINDOWS\system32\en
2008-05-14 13:26:02 0 d-------- C:\WINDOWS\system32\bits
2008-05-14 12:57:09 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-14 12:47:24 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2008-06-13 00:59:44 0 d-------- C:\Program Files\EverNote
2008-06-13 00:59:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-10 23:02:55 0 d-------- C:\Documents and Settings\Kvik\Application Data\BeerTools Pro
2008-06-08 01:19:08 0 d-------- C:\Program Files\BeerTools Pro 1.5
2008-06-07 10:11:51 0 d-------- C:\Program Files\Common Files\Mediafour
2008-06-07 08:01:01 0 d-------- C:\Program Files\Common Files
2008-06-07 07:52:42 33 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.log
2008-06-07 07:52:30 7887 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.cat
2008-06-07 07:52:27 1144 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.inf
2008-06-06 02:24:31 0 d-------- C:\Documents and Settings\Kvik\Application Data\Skype
2008-06-06 00:07:00 0 d-------- C:\Documents and Settings\Kvik\Application Data\skypePM
2008-06-04 01:27:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-31 19:16:44 0 d-------- C:\Program Files\BlogDesk
2008-05-31 02:56:13 0 d-------- C:\Program Files\Flock
2008-05-31 02:51:08 0 d-------- C:\Program Files\Microsoft.NET
2008-05-26 22:21:45 668 --a------ C:\Documents and Settings\Kvik\Application Data\vso_ts_preview.xml
2008-05-26 17:04:01 16090 --a----c- C:\WINDOWS\mozver.dat
2008-05-22 18:49:39 80228 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-15 19:21:02 13583 --a------ C:\Program Files\setuplog.txt
2008-05-15 19:21:00 12547 --a------ C:\Program Files\uninstal.log
2008-05-14 13:31:21 0 d-------- C:\Program Files\Messenger
2008-05-14 13:26:00 0 d-------- C:\Program Files\Movie Maker
2008-05-11 23:43:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-11 22:51:58 0 d-------- C:\Program Files\HP
2008-05-11 16:44:51 0 d-------- C:\Documents and Settings\Kvik\Application Data\AVGTOOLBAR
2008-05-11 16:41:48 0 d-------- C:\Program Files\AVG
2008-05-11 14:03:08 0 d-------- C:\Documents and Settings\Kvik\Application Data\Comodo
2008-05-11 14:02:29 0 d-------- C:\Program Files\COMODO
2008-05-10 20:27:06 0 d-------- C:\Documents and Settings\Kvik\Application Data\Adobe
2008-05-10 20:26:29 0 d-------- C:\Program Files\Adobe Media Player
2008-05-10 20:26:18 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-09 21:46:37 0 d-------- C:\Program Files\Spyware Doctor
2008-05-02 17:13:53 0 d-------- C:\Documents and Settings\Kvik\Application Data\Opera
2008-05-02 17:04:58 0 d-------- C:\Program Files\Opera
2008-05-02 10:15:27 0 d-------- C:\Program Files\Java
2008-05-02 10:11:29 0 d-------- C:\Program Files\Common Files\Java
2008-05-02 08:21:36 0 d-------- C:\Program Files\Yahoo!
2008-05-02 08:19:49 0 d-------- C:\Program Files\Google
2008-05-01 21:05:52 0 d-------- C:\Program Files\Safari
2008-05-01 21:02:18 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 20:57:45 0 d-------- C:\Program Files\Trend Micro
2008-04-13 23:09:48 0 d-------- C:\Program Files\Frets on Fire
2008-04-13 12:06:04 0 d-------- C:\Program Files\Toolbox


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-11 16:42 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2F054105-E646-4044-AE59-13A3BED976A1}"= C:\Program Files\Plummer\PlummerCOM.dll [2007-05-22 06:24 81920]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-11 16:42 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{2F054105-E646-4044-AE59-13A3BED976A1}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{A3080223-0DB6-44E4-880D-F59DDC115DF6}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 16:42]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 22:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2005-03-13 03:33]
"iHP-100"="C:\Program Files\iRiver\HSeries\iHPDetect.exe" [2004-07-05 14:50]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 C:\WINDOWS\zHotkey.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-17 19:30]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 15:44]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 00:16]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 01:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37]
"iTunesHelper"="__C:\Program Files\iTunes\iTunesHelper.exe__" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-30 23:09]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 16:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 11:06]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27]
"UniClipper"="C:\Program Files\EverNote\Evernote3\UniClipper.exe" [2008-05-16 01:20]
"Simplify Media"="C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" [2008-05-13 14:30]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"BoxOfficeAddinUpdate"=msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Kvik\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [8/9/2002 5:36:20 PM]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/14/2006 12:35:46 PM]
C:\DOCUME~1\Kvik\LOCALS~1\Temp\~qtkdrjb.tmp\temp00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\WINDOWS\system32\guard32.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-13 14:52:06 ------------
Enkerli
Regular Member
 
Posts: 16
Joined: June 7th, 2008, 7:30 am

Deckard Extra

Unread postby Enkerli » June 13th, 2008, 3:02 pm

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) 3000+
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 959.48 MiB / 573.27 MiB
Pagefile Memory (total/avail): 2316.33 MiB / 1891.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1878.61 MiB

C: is Fixed (NTFS) - 145.74 GiB total, 7.46 GiB free.
D: is Fixed (FAT32) - 3.3 GiB total, 1.39 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 145.74 GiB - C:
\PARTITION1 - Unknown - 3.31 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------



-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kvik\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PACE
ComSpec=C:\WINDOWS\system32\cmd.exe
CSOUNDRC=C:\Program Files\Csound\.csoundrc
FP_NO_HOST_CHECK=NO
GLDPP_PREFS="-I"
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kvik
LOGONSERVER=\\PACE
NUMBER_OF_PROCESSORS=1
OPCODEDIR=C:\Program Files\Csound\plugins
OS=Windows_NT
Path=C:\Program Files\Flock\flock;C:\Program Files\Common Files\SIL;C:\Program Files\SIL\FieldWorks\;C:\Program Files\zoho\Zoho Plug-in for Microsoft Office;C:\PROGRA~1\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Csound\bin;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Csound\bin;C:\Program Files\MuseScore 0.9\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONPATH=;C:\Program Files\Csound\bin;C:\Program Files\Csound\bin
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RAWWAVE_PATH=C:\Program Files\Csound\samples
SESSIONNAME=Console
SFOUTYP=WAV
starttime=1213283559
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kvik\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kvik\LOCALS~1\Temp
USERDOMAIN=PACE
USERNAME=Kvik
USERPROFILE=C:\Documents and Settings\Kvik
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Catherine Léger.PACE
Kvik (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE /a C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {65482307-FE7D-4E7F-9DEF-3F0E841BC77A}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Audacity 1.3.3 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BeerTools Pro version 1.5 --> "C:\Program Files\BeerTools Pro 1.5\unins000.exe"
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Bleezer v0.9.8 --> "C:\Program Files\Bleezer\unins000.exe"
BlogBridge --> MsiExec.exe /I{60A58391-1459-4F2E-993A-34024AE84BB8}
BlogDesk 2.8 --> "C:\Program Files\BlogDesk\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bonjour Core for Windows --> MsiExec.exe /I{56DF5C9E-6392-46D3-B366-297B14E1DAAF}
BoxNetOfficeAddinSetup --> MsiExec.exe /I{96234F60-9B81-4C4C-9BC8-E2EE9D0EAFF8}
Brewsta v1.0 build 36 --> "C:\Program Files\Brewsta\unins000.exe"
Bulk Rename Utility 2, 3, 6, 0 --> C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{991B1~1\Setup.exe /remove /q0
Calgoo Beta 0.35 --> C:\Program Files\Calgoo\uninst.exe
Calgoo Calendar --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.calgoo.com/webstart/calgoo_calendar.jsp"
Calgoo Hub Beta Plugin v1.9.0 --> C:\Program Files\Calgoo Hub Beta Plugin\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CharisSIL 4.104 --> C:\Program Files\SIL\Fonts\CharisSIL\Uninstall.exe
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Creative Commons Add-in for Microsoft Office --> MsiExec.exe /I{EC719582-B6B4-436A-922B-67094106AB81}
Dasher 4.6 --> MsiExec.exe /I{A98A5ADD-D87E-4516-9CCB-AD11D20E6AAA}
DebugMode Wink --> "C:\Program Files\DebugMode\Wink\uninst.exe"
Desktopize for Zoho --> "C:\Program Files\Desktopize for Zoho\uninstall.exe"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Diigo Toolbar for Internet Explorer --> "C:\Program Files\Diigo\uninstall.exe"
Documents To Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C89C4BEA-3B9A-414A-9392-9CE4EC5C63BF}\setup.exe" -vzUNINST
Doppler --> MsiExec.exe /I{625272AD-3BB2-46BB-8B9F-C8F5B37FC32A}
ecto for Windows --> C:\Program Files\ecto 2\uninstall.exe
EndNote X Volume License Edition --> MsiExec.exe /I{FE4BD9BD-4A26-4F39-B12C-19336204B102}
Evernote --> C:\Program Files\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\setup.exe -runfromtemp -l0x0009 -removeonly
FileAlyzer 1.4 --> "C:\Program Files\Safer Networking\FileAlyzer\unins000.exe"
Finale NotePad 2007 --> C:\Program Files\Finale NotePad 2007\uninstallNP.exe
Flickr Uploadr 2.3 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
Fling the Teacher generator --> MsiExec.exe /I{61671637-510C-4D5C-B8CB-12242CD79BEA}
Flock 1.2 --> C:\Program Files\Flock\uninst.exe
Folder Size for Windows --> MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Freeciv 2.0.9 (GTK+ client) --> "C:\Program Files\Freeciv-2.0.9-gtk2\uninstall.exe"
FreeMind --> "C:\Program Files\FreeMind\unins000.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HDDlife plug-in for Google Desktop 1.1 --> C:\Program Files\BinarySense\HDDlife plug-in for Google Desktop\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Insert Tag Snippet --> MsiExec.exe /I{2C3E4AFC-E1AA-46DD-9E91-8942EF3B8F64}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1036
iRiver HSeries Manager VER 1.70 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D16514-F72B-49DA-9F3E-E5681BBD0A12}\Setup.exe" -l0x9
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
iTunes Agent 1.2 --> C:\Program Files\iTunes Agent\Uninstal.exe
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KQEMU virtualisation module for QEMU --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 132 %SystemRoot%\inf\kqemu.inf
Lab Partners --> c:\multsci\labpart\Uninstal.exe
LaCie Device Updater --> C:\PROGRA~1\LACIET~1\DEVICE~1\bin\CUSTOM~1.EXE
LimeWire 4.12.4 --> "C:\Program Files\LimeWire\uninstall.exe"
McGraw-Hill EZ Test --> C:\WINDOWS\unvise32.exe C:\Program Files\uninstal.log
MediaMonkey 3.0 --> "C:\Program Files\MediaMonkey\unins000.exe"
MemoriesOnWeb 3.1.7 --> "C:\Program Files\MemoriesOnWeb\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SILFW) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Miro --> C:\Program Files\Participatory Culture Foundation\Miro\uninstall.exe
MIT MathML Fonts 1.0 --> MsiExec.exe /I{C6E52B1B-9905-469A-B8CD-399FDFA98873}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3) --> C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.0) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
MuseScore 0.9 MuseScore score typesetter --> C:\Program Files\MuseScore 0.9\Uninstall.exe
MusicBrainz Picard 0.7.0 --> C:\Program Files\MusicBrainz Picard\uninst.exe
MusicBrainz Tagger 0.10.5 --> C:\PROGRA~1\MUSICB~2\UNWISE.EXE C:\PROGRA~1\MUSICB~2\INSTALL.LOG
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetAlyzer 0.3 --> "C:\Program Files\PepiMK Software\NetAlyzer\unins000.exe"
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
New York Times - Times Reader --> MsiExec.exe /I{EA8CE34B-C4C6-41DB-9AD2-5C73AC7A9A59}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\setup.exe" -uninstall
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Palm Desktop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
Palm Outlook Conduits Updater --> MsiExec.exe /I{616A66CD-D36D-4E24-8B67-33AFDFF48061}
Paragon Partition Manager 7.0 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F06F0CE-C2B7-428C-BF70-8C55EEDF81BC}\Setup.exe" -l0x40c
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
PicaLoader 1.51 --> "C:\Program Files\PicaLoader\UninsHs.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Plogue Bidule (remove only) --> "C:\Program Files\Plogue\Bidule\uninst.exe"
Plummer --> "C:\Program Files\Plummer\unins000.exe"
podAmigo 1.25 --> C:\Program Files\podAmigo\uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PyScrabble 1.6.2 --> C:\Program Files\PyScrabble\uninst.exe
Quackle 0.95 [Beta] --> "C:\Program Files\Quackle\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Qumana --> C:\Program Files\Qumana3\uninstall.exe
Real Alternative 1.8.0 --> "C:\Program Files\Real Alternative\unins000.exe"
RegAlyzer 1.4 --> "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
RelatedPostsPluginSetup --> MsiExec.exe /I{35CCE1AD-D453-47D0-99F4-431E46C5456E}
Ruckus Player --> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
RunAlyzer --> "C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Scala (remove only) --> "C:\Program Files\Scala22\uninst.exe"
Scrabble 1.1 --> "C:\Program Files\Lwh\Scrabble\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Semagic (remove only) --> "C:\Program Files\Semagic\uninstall.exe"
SIL FieldWorks 5.0 --> MsiExec.exe /I{A8085A68-E2AC-43B1-913E-5D50D9FADF4D}
Silverlining 98 --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Silverlining 98\ST5UNST.LOG"
Simplify Media --> MsiExec.exe /X{3D3ACF47-781F-4979-96EC-B240B748F79E}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sony Super Duper Music Looper 2.0 --> MsiExec.exe /I{9DECE42F-ABBD-4832-8735-D77F6032EF6E}
Spurl.net --> MsiExec.exe /X{D1353FE0-8846-4B2F-BA25-1931C4D6937F}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
TablePlugin --> MsiExec.exe /I{4233B984-D010-4FB4-A22D-4F523D6449E9}
Toolbox 1.5.1 Feb 2007 --> "C:\Program Files\Toolbox\unins000.exe"
Trend Micro RUBotted --> C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe -runfromtemp -l0x0009 -removeonly
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
Virtual Personality+ Ver 4.01 --> "C:\Program Files\Virtual Personality+\unins000.exe"
VoiceWalker --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\VoiceWalker\ST6UNST.LOG"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinDirStat 1.1.2 --> "C:\Program Files\WinDirStat\Uninstall.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Live Writer Blog This for Mozilla Firefox --> MsiExec.exe /X{39E705C7-669D-42EC-90F0-38F376D24774}
Windows Live Writer Blog This for Mozilla Firefox --> MsiExec.exe /X{B9392917-B735-4E27-B80E-110F4BBE32ED}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinSCP 3.8.2 --> "C:\Program Files\WinSCP3\unins000.exe"
Word count plugin for Live Writer --> MsiExec.exe /I{893931C2-0CD4-45DD-AFE3-3B7772FE65E1}
Write-N-Cite --> C:\PROGRA~1\Refworks\UNWISE.EXE C:\PROGRA~1\Refworks\INSTALL.LOG
XML Paper Specification Shared Components Pack 1.0 -->
Zoho Plug-in for Microsoft Office --> C:\Program Files\InstallShield Installation Information\{D4E0636A-784A-4E3F-9B45-4314A816758E}\Setup.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8453 / Error
Event Submitted/Written: 06/11/2008 10:34:30 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 765531331.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type8452 / Error
Event Submitted/Written: 06/11/2008 10:34:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application simplifymedia.exe, version 1.0.0.1010, faulting module simplifymedia.exe, version 1.0.0.1010, fault address 0x006812ea.
Processing media-specific event for [simplifymedia.exe!ws!]

Event Record #/Type8418 / Warning
Event Submitted/Written: 06/10/2008 11:07:56 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SILFW is not valid.

Event Record #/Type8403 / Error
Event Submitted/Written: 06/09/2008 00:36:33 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 686628912.

Event Record #/Type8402 / Error
Event Submitted/Written: 06/09/2008 00:36:29 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 686628912.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5031555 / Warning
Event Submitted/Written: 06/13/2008 08:58:31 AM / 06/13/2008 08:58:32 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5031521 / Warning
Event Submitted/Written: 06/10/2008 11:17:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5031495 / Warning
Event Submitted/Written: 06/10/2008 10:43:29 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5031462 / Warning
Event Submitted/Written: 06/09/2008 09:29:58 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5031435 / Error
Event Submitted/Written: 06/09/2008 07:58:04 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.



-- End of Deckard's System Scanner: finished at 2008-06-13 14:52:06 ------------
Enkerli
Regular Member
 
Posts: 16
Joined: June 7th, 2008, 7:30 am

Re: Newbie to Malware

Unread postby ndmmxiaomayi » June 14th, 2008, 1:00 am

Hi,

Bittorrent and Limewire are installed on your computer and I see that it's running. While both are clean P2P programs, there's no guarantee that the files downloaded are. Please refrain from using it /them while cleaning your computer to prevent getting more infections.

A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.

The risks of using a P2P program are stated in this Sourceforge website and Information Week article.

Please also read Malware Removal's Guide on P2P Programs.




Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
@echo off
echo Log file can be found at C:\look.txt if Notepad doesn't open automatically.
echo Contents of Weiran Zhang folder >> C:\look.txt
echo. >> C:\look.txt
dir /s "C:\Program Files\Weiran Zhang" >> C:\look.txt
echo. >> C:\look.txt
echo Hidden files in Weiran Zhang >> C:\look.txt
echo. >> C:\look.txt
dir /s /a:h "C:\Program Files\Weiran Zhang" >> C:\look.txt
notepad C:\look.txt


Click on File > Save As....

In the File Name box, copy and paste in look.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on look.bat to run it. Command Prompt will open, followed by Notepad shortly afterwards. Please post the contents of this Notepad file in your next reply.




Do you also have a link to download the installer for Plummer toolbar? Our experts would like to take a look at it as they don't know if it's harmful.

If you don't have, we would love a sample from your computer.

Could you zipped up this folder for us - C:\Program Files\Plummer ?

Then send it to this website - http://thespykiller.co.uk/index.php?action=post;board=1.0

In the Subject field, enter in Plummer toolbar for TonyKlein

In the big text box, enter in this link - http://malwareremoval.com/forum/viewtopic.php?f=11&t=31389

Attach the plummer.zip file.

Tony will let us know more about it if it's good or bad.




On the Wixawin popups, here's what I've found:

11. How can I stop pop-ups?
Some computer software is offered free of charge and comes with integrated advertising.
Such advertising allow the software developers to offer the software for free, and can be present in many applications including download accelerators, weather forecast tools, and music download applications.
Our affiliate networks can promote Wixawin services via these applications, which will appear as a pop-up in screen.
Also, some websites generate their own pop-ups. Most of the time, this is done to enable them to continue to offer their products/information free of charge.
Your can compare this situation to free to air television, where commercials are broadcasted during shows to cover the cost of broadcasting those shows.
Pop-ups are harmless and can be closed in the same way as every other window.
If however, you wish to stop these pop-ups, you can either uninstall the application causing them, or install a pop-up blocker such as AdAware.


As far as your logs tell, I can't see anything that is remotely linked to Wixawin.

Did you install any Wixawin software before?

In your next reply, please post:

  1. Contents of Notepad file that opens (C:\look.txt)
  2. A new HijackThis log
  3. If you installed any Wixawin software
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Newbie to Malware

Unread postby Enkerli » June 14th, 2008, 7:12 am

Contents of Weiran Zhang folder

Volume in drive C has no label.
Volume Serial Number is 7C49-D60D

Directory of C:\Program Files\Weiran Zhang

2008-06-09 12:14 <DIR> .
2008-06-09 12:14 <DIR> ..
2008-06-10 23:46 <DIR> Twitterlicious
0 File(s) 0 bytes

Directory of C:\Program Files\Weiran Zhang\Twitterlicious

2008-06-10 23:46 <DIR> .
2008-06-10 23:46 <DIR> ..
2008-06-10 23:42 15ÿ466 ErrorLog.txt
1 File(s) 15ÿ466 bytes

Total Files Listed:
1 File(s) 15ÿ466 bytes
5 Dir(s) 5ÿ549ÿ240ÿ320 bytes free

Hidden files in Weiran Zhang

Volume in drive C has no label.
Volume Serial Number is 7C49-D60D



HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:11:11, on 2008-06-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\EverNote\Evernote3\UniClipper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Diigo Toolbar Helper - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: &Plummer - {2F054105-E646-4044-AE59-13A3BED976A1} - C:\Program Files\Plummer\PlummerCOM.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] __"C:\Program Files\iTunes\iTunesHelper.exe"__
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\Evernote3\UniClipper.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [BoxOfficeAddinUpdate] msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3103451968
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe

--
End of file - 14020 bytes


And no, I didn't install anything related to Wixawin.


The Plummer XPI:
http://static.plum.com/download/prod/win/plum.xpi
(I'll zip my instance and send it at the appropriate place.)
Enkerli
Regular Member
 
Posts: 16
Joined: June 7th, 2008, 7:30 am

Re: Newbie to Malware

Unread postby ndmmxiaomayi » June 15th, 2008, 5:18 am

Hi,

Good news. :)

The Plummer toolbar is good.

http://www.castlecops.com/tk34536-PlummerCOM_dll.html

I've forgotten to ask this earlier.

Did you edit the system's Path such that it looks like this?

Path=C:\Program Files\Flock\flock;C:\Program Files\Common Files\SIL;C:\Program Files\SIL\FieldWorks\;C:\Program Files\zoho\Zoho Plug-in for Microsoft Office;C:\PROGRA~1\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Csound\bin;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Csound\bin;C:\Program Files\MuseScore 0.9\bin


Run ATF Cleaner

Download ATF Cleaner and save it to your desktop.

Double click on ATF-Cleaner.exe to run it.

  • Click on Main at the top.
  • Tick all the boxes except the Prefetch and Cookies box.
  • Click on Empty Selected button.

If you use Firefox

  • Click on Firefox at the top.
  • Tick all the boxes except Firefox Cookies and Firefox Saved Passwords.
  • Click on Empty Selected button.

If you use Opera

  • Click on Opera at the top.
  • Tick all the boxes except Opera Cookies and Opera Saved Passwords.
  • Click on Empty Selected button.

Close ATF Cleaner when you are done.

Run Malwarebytes' Anti-Malware

  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

In your next reply, please post:

  1. Malwarebytes' Anti-Malware scan report
  2. A new HijackThis log
  3. If you have edited the system's Path
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Newbie to Malware

Unread postby Enkerli » June 16th, 2008, 12:44 am

Didn't think about the fact that the MbAM report would be in French. But it's probably straightforward enough.
As for the system's path, I don't remember setting it specifically and some of these paths are for recently added apps. I did occasionally set paths on other machines (in Unix) but not in this XP install.

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 857

00:25:55 2008-06-16
mbam-log-6-16-2008 (00-25-55).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 321028
Temps écoulé: 5 hour(s), 22 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:39:11, on 2008-06-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\EverNote\Evernote3\UniClipper.exe
C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyPeer.exe
C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Diigo Toolbar Helper - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: &Plummer - {2F054105-E646-4044-AE59-13A3BED976A1} - C:\Program Files\Plummer\PlummerCOM.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] __"C:\Program Files\iTunes\iTunesHelper.exe"__
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\Evernote3\UniClipper.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [BoxOfficeAddinUpdate] msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3103451968
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\WINDOWS\system32\guard32.dll,avgrsstx.dll,
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe

--
End of file - 14068 bytes
Enkerli
Regular Member
 
Posts: 16
Joined: June 7th, 2008, 7:30 am

Re: Newbie to Malware

Unread postby ndmmxiaomayi » June 18th, 2008, 2:25 am

Sorry for the delay. I'm still waiting for a developer's response, but he has yet to reply.

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofi ... e-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:

Image

Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Newbie to Malware

Unread postby Enkerli » June 18th, 2008, 3:08 pm

ComboFix 08-06-16.5 - Kvik 2008-06-18 14:22:46.1 - NTFSx86
Running from: C:\Documents and Settings\Kvik\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kvik\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 12:54 . 2008-06-18 12:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-18 12:54 . 2008-06-18 12:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-15 18:19 . 2008-06-15 18:19 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Malwarebytes
2008-06-15 18:17 . 2008-06-15 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 18:15 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-15 18:15 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-15 18:05 . 2008-06-15 18:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 20:39 . 2008-06-13 20:39 <DIR> d-------- C:\Program Files\Wide Angle Software
2008-06-13 17:49 . 2008-06-13 17:49 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Songbird2
2008-06-13 14:26 . 2008-06-13 14:26 <DIR> d-------- C:\Deckard
2008-06-13 00:58 . 2008-06-13 00:58 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\InstallShield
2008-06-12 23:56 . 2008-06-12 23:56 <DIR> d-------- C:\Documents and Settings\Kvik\.bb
2008-06-12 23:55 . 2008-06-12 23:55 <DIR> d-------- C:\Program Files\BlogBridge
2008-06-10 18:43 . 2008-06-10 18:45 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-10 18:18 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:17 . 2008-04-14 08:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 12:14 . 2008-06-09 12:14 <DIR> d-------- C:\Program Files\Weiran Zhang
2008-06-08 13:09 . 2007-02-06 22:02 123,939 --a------ C:\WINDOWS\system32\drivers\kqemu.sys
2008-06-08 13:07 . 2008-06-08 13:16 <DIR> d-a------ C:\Program Files\olpc
2008-06-07 12:09 . 2008-06-13 00:49 <DIR> d-------- C:\Program Files\FlixQueue
2008-06-07 07:17 . 2008-06-07 07:17 <DIR> d-------- C:\VundoFix Backups
2008-05-31 19:15 . 2003-01-04 12:10 536,576 --a------ C:\WINDOWS\system32\SftTree_IX86_A_45.ocx
2008-05-31 19:15 . 2006-03-21 11:27 276,320 --a------ C:\WINDOWS\system32\csftpapi.dll
2008-05-31 19:15 . 2003-02-20 11:59 221,184 --a------ C:\WINDOWS\system32\TidyATL.dll
2008-05-31 19:15 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-05-31 19:15 . 2006-03-21 11:27 202,576 --a------ C:\WINDOWS\system32\csncdapi.dll
2008-05-31 19:14 . 2006-01-30 18:26 765,952 --a------ C:\WINDOWS\system32\PolarSpellChecker.dll
2008-05-31 02:25 . 2008-05-31 02:59 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-31 02:06 . 2008-05-31 02:17 <DIR> d-------- C:\Program Files\Common Files\SIL
2008-05-31 02:06 . 2008-05-31 02:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SIL
2008-05-31 01:17 . 2008-05-31 01:32 <DIR> d-------- C:\Program Files\improvisor338
2008-05-31 00:55 . 2008-05-31 00:55 <DIR> d-------- C:\Program Files\MuseScore 0.9
2008-05-30 19:40 . 2008-05-30 19:41 <DIR> d-------- C:\Documents and Settings\Kvik\Calgoo Hub Plugin
2008-05-30 19:33 . 2008-05-30 19:33 <DIR> d-------- C:\Program Files\Common Files\Calgoo
2008-05-30 19:28 . 2008-05-30 19:35 <DIR> d-------- C:\Program Files\Calgoo Hub Beta Plugin
2008-05-30 15:47 . 2008-05-30 15:49 <DIR> d-------- C:\Program Files\Impro-Visor
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-26 21:42 . 2008-06-07 07:52 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Vso
2008-05-26 21:42 . 2008-05-26 21:42 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-26 21:42 . 2008-06-07 07:52 47,360 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.sys
2008-05-26 21:41 . 2008-06-07 07:55 <DIR> d-------- C:\Program Files\VSO
2008-05-26 21:07 . 2008-05-26 21:07 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-05-26 20:56 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2008-05-26 20:49 . 2008-05-30 10:03 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Uniblue
2008-05-26 17:20 . 2008-05-26 17:20 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-25 12:48 . 2008-05-25 12:48 <DIR> d-------- C:\Program Files\New York Times
2008-05-21 18:17 . 2008-05-21 22:09 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\dasher.rc
2008-05-21 17:44 . 2008-05-21 17:44 <DIR> d-------- C:\Program Files\Dasher
2008-05-21 14:10 . 2008-05-21 14:10 <DIR> d-------- C:\Program Files\Participatory Culture Foundation
2008-05-20 16:56 . 2008-05-31 02:06 <DIR> d-------- C:\Program Files\SIL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-17 21:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 04:24 --------- d-----w C:\Documents and Settings\Kvik\Application Data\BeerTools Pro
2008-06-14 11:25 --------- d-----w C:\Documents and Settings\Kvik\Application Data\Apple Computer
2008-06-14 02:02 --------- d-----w C:\Program Files\Songbird
2008-06-14 01:35 --------- d-----w C:\Documents and Settings\Kvik\Application Data\Skype
2008-06-13 20:44 --------- d-----w C:\Documents and Settings\Kvik\Application Data\skypePM
2008-06-13 04:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 04:59 --------- d-----w C:\Program Files\EverNote
2008-06-08 05:19 --------- d-----w C:\Program Files\BeerTools Pro 1.5
2008-06-07 14:11 --------- d-----w C:\Program Files\Common Files\Mediafour
2008-05-31 23:16 --------- d-----w C:\Program Files\BlogDesk
2008-05-31 06:56 --------- d-----w C:\Program Files\Flock
2008-05-31 06:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-23 14:15 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-23 14:15 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-17 21:16 --------- d-----w C:\Program Files\Diigo
2008-05-15 23:21 13,583 ----a-w C:\Program Files\setuplog.txt
2008-05-15 23:21 12,547 ----a-w C:\Program Files\uninstal.log
2008-05-15 23:19 --------- d-----w C:\Program Files\EZTest
2008-05-14 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 17:53 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd7613.sys
2008-05-12 03:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-12 02:51 --------- d-----w C:\Program Files\HP
2008-05-12 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-12 00:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-05-11 20:44 --------- d-----w C:\Documents and Settings\Kvik\Application Data\AVGTOOLBAR
2008-05-11 20:42 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-11 20:41 --------- d-----w C:\Program Files\AVG
2008-05-11 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 18:03 --------- d-----w C:\Documents and Settings\Kvik\Application Data\Comodo
2008-05-11 18:02 --------- d-----w C:\Program Files\COMODO
2008-05-11 00:26 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-11 00:26 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-10 01:46 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 21:04 --------- d-----w C:\Program Files\Opera
2008-05-02 14:15 --------- d-----w C:\Program Files\Java
2008-05-02 14:11 --------- d-----w C:\Program Files\Common Files\Java
2008-05-02 12:21 --------- d-----w C:\Program Files\Yahoo!
2008-05-02 12:19 --------- d-----w C:\Program Files\Google
2008-05-02 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-02 01:05 --------- d-----w C:\Program Files\Safari
2008-05-02 01:02 --------- d-----w C:\Program Files\Apple Software Update
2008-05-02 00:57 --------- d-----w C:\Program Files\Trend Micro
2008-04-18 08:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-01-30 05:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-17 21:44 292 -c----w C:\Documents and Settings\Kvik\Application Data\wklnhst.dat
2007-09-13 05:57 114,473,857 -c----w C:\Documents and Settings\Kvik\updateSite.zip
2007-08-01 03:57 180,174 -c--a-w C:\Program Files\SW.EXE
2006-05-17 20:55 9,999,159 -c----r C:\Program Files\Sudoku.exe
2006-01-07 12:35 3,987,968 -c--a-w C:\Program Files\praat.exe
2003-01-31 12:14 2,453,552 -c--a-w C:\Program Files\Lime.exe
1995-06-19 19:09 1,499 -c--a-w C:\Program Files\DEADLY.SW
1995-04-07 20:40 793 -c--a-w C:\Program Files\README.TXT
1994-07-12 07:00 766 -c----w C:\Program Files\COMPTR04.ICO
2006-05-06 16:42 7,260,160 -c--a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2F054105-E646-4044-AE59-13A3BED976A1}"= "C:\Program Files\Plummer\PlummerCOM.dll" [2007-05-22 06:24 81920]

[HKEY_CLASSES_ROOT\clsid\{2f054105-e646-4044-ae59-13a3bed976a1}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{A3080223-0DB6-44E4-880D-F59DDC115DF6}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2F054105-E646-4044-AE59-13A3BED976A1}"= C:\Program Files\Plummer\PlummerCOM.dll [2007-05-22 06:24 81920]

[HKEY_CLASSES_ROOT\clsid\{2f054105-e646-4044-ae59-13a3bed976a1}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{A3080223-0DB6-44E4-880D-F59DDC115DF6}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 11:06 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27 2048000]
"UniClipper"="C:\Program Files\EverNote\Evernote3\UniClipper.exe" [2008-05-16 01:20 531392]
"Simplify Media"="C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" [2008-05-13 14:30 11828232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"BoxOfficeAddinUpdate"="msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 16:42 212992]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 22:51 131072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2005-03-13 03:33 61440]
"iHP-100"="C:\Program Files\iRiver\HSeries\iHPDetect.exe" [2004-07-05 14:50 24576]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-17 19:30 29744]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 15:44 393216]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 00:16 39792]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 01:18 288088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="__C:\Program Files\iTunes\iTunesHelper.exe__" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-30 23:09 1655552]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 16:41 1177368]
"combofix"="C:\WINDOWS\system32\CF22546.exe" [2008-04-13 20:12 389120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Kvik\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [8/9/2002 5:36:20 PM 299008]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/14/2006 12:35:46 PM 124912]


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05, on 2008-06-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\EverNote\Evernote3\UniClipper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyPeer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Diigo Toolbar Helper - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: &Plummer - {2F054105-E646-4044-AE59-13A3BED976A1} - C:\Program Files\Plummer\PlummerCOM.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] __"C:\Program Files\iTunes\iTunesHelper.exe"__
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF22546.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\Evernote3\UniClipper.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [BoxOfficeAddinUpdate] msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3103451968
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe

--
End of file - 13874 bytes
Enkerli
Regular Member
 
Posts: 16
Joined: June 7th, 2008, 7:30 am

Re: Newbie to Malware

Unread postby ndmmxiaomayi » June 18th, 2008, 3:43 pm

Hi,

That doesn't appear to be the full Combofix log.

Could you please locate this file and post it again - C:\Combofix.txt ?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Newbie to Malware

Unread postby Enkerli » June 18th, 2008, 11:07 pm

Apparently, it had quit before being done...

ComboFix 08-06-16.5 - Kvik 2008-06-18 22:22:27.2 - NTFSx86
Running from: C:\Documents and Settings\Kvik\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Kvik\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-18 19:37 . 2008-06-18 19:37 0 --a------ C:\WINDOWS\QuickInstall.INI
2008-06-18 19:07 . 2008-06-18 19:07 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Leadertech
2008-06-18 19:04 . 2008-06-18 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-06-18 19:03 . 2008-06-18 19:03 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-18 19:03 . 2008-06-18 18:58 16,694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2008-06-18 19:02 . 2008-06-18 18:58 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2008-06-18 18:59 . 2008-06-18 19:16 <DIR> d-------- C:\Program Files\palmOne
2008-06-18 18:59 . 2008-06-18 18:59 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\HotSync
2008-06-18 18:30 . 2008-06-18 18:30 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-18 15:52 . 2008-06-18 15:52 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Windows Desktop Search
2008-06-15 18:19 . 2008-06-15 18:19 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Malwarebytes
2008-06-15 18:17 . 2008-06-15 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 18:15 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-15 18:15 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-15 18:05 . 2008-06-15 18:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 20:39 . 2008-06-13 20:39 <DIR> d-------- C:\Program Files\Wide Angle Software
2008-06-13 17:49 . 2008-06-13 17:49 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Songbird2
2008-06-13 14:26 . 2008-06-13 14:26 <DIR> d-------- C:\Deckard
2008-06-13 00:58 . 2008-06-13 00:58 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\InstallShield
2008-06-12 23:55 . 2008-06-12 23:55 <DIR> d-------- C:\Program Files\BlogBridge
2008-06-10 18:43 . 2008-06-10 19:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-10 18:18 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:17 . 2008-04-14 08:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 12:14 . 2008-06-09 12:14 <DIR> d-------- C:\Program Files\Weiran Zhang
2008-06-08 13:09 . 2007-02-06 22:02 123,939 --a------ C:\WINDOWS\system32\drivers\kqemu.sys
2008-06-08 13:07 . 2008-06-08 13:16 <DIR> d-a------ C:\Program Files\olpc
2008-06-07 12:09 . 2008-06-13 00:49 <DIR> d-------- C:\Program Files\FlixQueue
2008-06-07 07:17 . 2008-06-07 07:17 <DIR> d-------- C:\VundoFix Backups
2008-05-31 19:15 . 2003-01-04 12:10 536,576 --a------ C:\WINDOWS\system32\SftTree_IX86_A_45.ocx
2008-05-31 19:15 . 2006-03-21 11:27 276,320 --a------ C:\WINDOWS\system32\csftpapi.dll
2008-05-31 19:15 . 2003-02-20 11:59 221,184 --a------ C:\WINDOWS\system32\TidyATL.dll
2008-05-31 19:15 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-05-31 19:15 . 2006-03-21 11:27 202,576 --a------ C:\WINDOWS\system32\csncdapi.dll
2008-05-31 19:14 . 2006-01-30 18:26 765,952 --a------ C:\WINDOWS\system32\PolarSpellChecker.dll
2008-05-31 02:25 . 2008-05-31 02:59 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-31 02:06 . 2008-05-31 02:17 <DIR> d-------- C:\Program Files\Common Files\SIL
2008-05-31 02:06 . 2008-05-31 02:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SIL
2008-05-31 01:17 . 2008-05-31 01:32 <DIR> d-------- C:\Program Files\improvisor338
2008-05-31 00:55 . 2008-05-31 00:55 <DIR> d-------- C:\Program Files\MuseScore 0.9
2008-05-30 19:33 . 2008-05-30 19:33 <DIR> d-------- C:\Program Files\Common Files\Calgoo
2008-05-30 19:28 . 2008-05-30 19:35 <DIR> d-------- C:\Program Files\Calgoo Hub Beta Plugin
2008-05-30 15:47 . 2008-05-30 15:49 <DIR> d-------- C:\Program Files\Impro-Visor
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-26 21:42 . 2008-06-07 07:52 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Vso
2008-05-26 21:42 . 2008-05-26 21:42 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-26 21:42 . 2008-06-07 07:52 47,360 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.sys
2008-05-26 21:41 . 2008-06-07 07:55 <DIR> d-------- C:\Program Files\VSO
2008-05-26 21:07 . 2008-05-26 21:07 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-05-26 20:56 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2008-05-26 20:49 . 2008-05-30 10:03 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Uniblue
2008-05-26 17:20 . 2008-05-26 17:20 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-25 12:48 . 2008-05-25 12:48 <DIR> d-------- C:\Program Files\New York Times
2008-05-21 18:17 . 2008-05-21 22:09 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\dasher.rc
2008-05-21 17:44 . 2008-05-21 17:44 <DIR> d-------- C:\Program Files\Dasher
2008-05-21 14:10 . 2008-05-21 14:10 <DIR> d-------- C:\Program Files\Participatory Culture Foundation
2008-05-20 16:56 . 2008-05-31 02:06 <DIR> d-------- C:\Program Files\SIL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 22:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 22:42 --------- d-----w C:\Program Files\Sony Handheld
2008-06-18 22:38 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-06-18 22:37 --------- d-----w C:\Program Files\iTunes Agent
2008-06-18 22:31 --------- d-----w C:\Program Files\Brewsta
2008-06-18 22:31 --------- d-----w C:\Program Files\Bleezer
2008-06-18 19:53 --------- d-----w C:\Program Files\Google
2008-06-18 19:49 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-18 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-17 21:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 04:24 --------- d-----w C:\Documents and Settings\Kvik\Application Data\BeerTools Pro
2008-06-14 11:25 --------- d-----w C:\Documents and Settings\Kvik\Application Data\Apple Computer
2008-06-14 02:02 --------- d-----w C:\Program Files\Songbird
2008-06-14 01:35 --------- d-----w C:\Documents and Settings\Kvik\Application Data\Skype
2008-06-13 20:44 --------- d-----w C:\Documents and Settings\Kvik\Application Data\skypePM
2008-06-13 04:59 --------- d-----w C:\Program Files\EverNote
2008-06-08 05:19 --------- d-----w C:\Program Files\BeerTools Pro 1.5
2008-06-07 14:11 --------- d-----w C:\Program Files\Common Files\Mediafour
2008-05-31 23:16 --------- d-----w C:\Program Files\BlogDesk
2008-05-31 06:56 --------- d-----w C:\Program Files\Flock
2008-05-31 06:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-23 14:15 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-23 14:15 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-23 14:14 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-05-17 21:16 --------- d-----w C:\Program Files\Diigo
2008-05-15 23:21 13,583 ----a-w C:\Program Files\setuplog.txt
2008-05-15 23:21 12,547 ----a-w C:\Program Files\uninstal.log
2008-05-15 23:19 --------- d-----w C:\Program Files\EZTest
2008-05-14 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 17:53 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd7613.sys
2008-05-12 03:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-12 02:51 --------- d-----w C:\Program Files\HP
2008-05-12 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-12 00:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-05-11 20:44 --------- d-----w C:\Documents and Settings\Kvik\Application Data\AVGTOOLBAR
2008-05-11 20:42 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-11 20:42 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-11 20:41 --------- d-----w C:\Program Files\AVG
2008-05-11 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 18:03 --------- d-----w C:\Documents and Settings\Kvik\Application Data\Comodo
2008-05-11 18:02 --------- d-----w C:\Program Files\COMODO
2008-05-11 00:26 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-11 00:26 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-10 01:46 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 21:04 --------- d-----w C:\Program Files\Opera
2008-05-02 14:15 --------- d-----w C:\Program Files\Java
2008-05-02 14:11 --------- d-----w C:\Program Files\Common Files\Java
2008-05-02 12:21 --------- d-----w C:\Program Files\Yahoo!
2008-05-02 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-02 01:05 --------- d-----w C:\Program Files\Safari
2008-05-02 01:02 --------- d-----w C:\Program Files\Apple Software Update
2008-05-02 00:57 --------- d-----w C:\Program Files\Trend Micro
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-01-30 05:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-17 21:44 292 -c----w C:\Documents and Settings\Kvik\Application Data\wklnhst.dat
2007-09-13 05:57 114,473,857 -c----w C:\Documents and Settings\Kvik\updateSite.zip
2007-08-01 03:57 180,174 -c--a-w C:\Program Files\SW.EXE
2006-05-06 16:42 7,260,160 -c--a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-18_14.57.43.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 18:36:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 22:48:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-02-05 19:30:16 23,552 ------w C:\WINDOWS\system32\msscb.dll
+ 2007-02-05 19:29:24 51,200 ------w C:\WINDOWS\system32\msscntrs.dll
+ 2007-02-05 19:35:38 248,320 ------w C:\WINDOWS\system32\msshsq.dll
+ 2007-02-05 19:29:14 98,816 ------w C:\WINDOWS\system32\mssitlb.dll
+ 2007-02-05 19:33:54 331,776 ------w C:\WINDOWS\system32\mssph.dll
+ 2007-02-05 19:35:24 167,424 ------w C:\WINDOWS\system32\mssphtb.dll
+ 2007-02-05 19:28:56 32,256 ------w C:\WINDOWS\system32\mssprxy.dll
+ 2007-02-05 19:43:06 1,481,728 ------w C:\WINDOWS\system32\mssrch.dll
+ 2007-02-05 19:36:48 52,224 ------w C:\WINDOWS\system32\msstrc.dll
+ 2007-02-05 19:40:56 260,096 ------w C:\WINDOWS\system32\oeph.dll
+ 2007-02-05 19:24:36 11,264 ------w C:\WINDOWS\system32\oephRes.dll
- 2001-05-31 12:45:00 36,864 ----a-w C:\WINDOWS\system32\PalmDevC.dll
+ 2004-06-09 18:27:36 53,248 ----a-w C:\WINDOWS\system32\PalmDevC.dll
- 2008-05-31 06:57:16 91,122 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-18 19:51:07 98,176 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-31 06:57:16 494,320 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-18 19:51:07 515,364 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-02-05 19:32:02 65,536 ------w C:\WINDOWS\system32\propdefs.dll
+ 2007-02-05 19:28:46 733,696 ------w C:\WINDOWS\system32\propsys.dll
+ 2007-02-05 19:36:08 27,136 ------w C:\WINDOWS\system32\rtffilt.dll
+ 2007-02-05 19:31:10 76,800 ------w C:\WINDOWS\system32\searchfilterhost.exe
+ 2007-02-05 19:34:38 300,032 ------w C:\WINDOWS\system32\searchindexer.exe
+ 2007-02-05 19:32:28 182,784 ------w C:\WINDOWS\system32\searchprotocolhost.exe
+ 2007-02-05 19:29:12 255,488 ------w C:\WINDOWS\system32\srchadmin.dll
+ 2007-02-05 18:24:26 99,999 ------w C:\WINDOWS\system32\structuredqueryschema.bin
+ 2007-02-05 18:24:28 18,271 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
+ 2007-02-05 19:42:10 1,504,768 ------w C:\WINDOWS\system32\tquery.dll
+ 2007-02-05 19:40:58 98,304 ------w C:\WINDOWS\system32\UncCplExt.dll
+ 2007-02-05 19:41:06 134,656 ------w C:\WINDOWS\system32\UncDMS.dll
+ 2007-02-05 19:41:04 108,544 ------w C:\WINDOWS\system32\UncNE.dll
+ 2007-02-05 19:41:14 122,368 ------w C:\WINDOWS\system32\UncPH.dll
+ 2007-02-05 19:24:38 2,048 ------w C:\WINDOWS\system32\UncRes.dll
+ 2004-06-09 18:27:36 53,248 ----a-w C:\WINDOWS\system32\USBPort.dll
+ 2007-02-05 19:36:06 111,104 ------w C:\WINDOWS\system32\xmlfilter.dll
+ 2008-06-18 22:57:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_194.dat
+ 2008-06-18 22:49:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2F054105-E646-4044-AE59-13A3BED976A1}"= "C:\Program Files\Plummer\PlummerCOM.dll" [2007-05-22 06:24 81920]

[HKEY_CLASSES_ROOT\clsid\{2f054105-e646-4044-ae59-13a3bed976a1}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{A3080223-0DB6-44E4-880D-F59DDC115DF6}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2F054105-E646-4044-AE59-13A3BED976A1}"= C:\Program Files\Plummer\PlummerCOM.dll [2007-05-22 06:24 81920]

[HKEY_CLASSES_ROOT\clsid\{2f054105-e646-4044-ae59-13a3bed976a1}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{A3080223-0DB6-44E4-880D-F59DDC115DF6}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 11:06 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27 2048000]
"UniClipper"="C:\Program Files\EverNote\Evernote3\UniClipper.exe" [2008-05-16 01:20 531392]
"Simplify Media"="C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" [2008-05-13 14:30 11828232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"BoxOfficeAddinUpdate"="msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 16:42 212992]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 22:51 131072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2005-03-13 03:33 61440]
"iHP-100"="C:\Program Files\iRiver\HSeries\iHPDetect.exe" [ ]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-17 19:30 29744]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 15:44 393216]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 00:16 39792]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 01:18 288088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="__C:\Program Files\iTunes\iTunesHelper.exe__" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-30 23:09 1655552]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 16:41 1177368]
"combofix"="C:\WINDOWS\system32\CF22546.exe" [ ]

C:\Documents and Settings\Catherine L‚ger.PACE\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM 101784]

C:\Documents and Settings\Kvik\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [5/27/2008 12:48:52 PM 542192]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:27:34 PM 471040]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/14/2006 12:35:46 PM 124912]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Flock\\flock\\flock.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\Kvik\\Local Settings\\Application Data\\Simplify Media\\SimplifyPeer.exe"=
"C:\\Program Files\\pd\\bin\\pd.com"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\EZTest\\mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\Calgoo Hub Beta Plugin\\Calgoo_Hub_Beta_Plugin.exe"=
"C:\\Program Files\\SIL\\FieldWorks\\Flex.exe"=
"C:\\Program Files\\olpc\\qemu-0.9.0-windows\\qemu.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-11 16:42]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-23 10:15]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-23 10:15]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-11 16:41]
R2 MSSQL$SILFW;SQL Server (SILFW);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSILFW []
R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;C:\WINDOWS\system32\DRIVERS\enetnt.sys [2003-03-27 12:37]
R3 LaCieFWFilter;Silver 1394 Filter (1394 BUS Filter Driver);C:\WINDOWS\system32\DRIVERS\LaCieFWFilter.sys [2005-10-18 07:28]
R3 LaCieUSBFilter;Silver USB Filter (USB BUS Filter Driver);C:\WINDOWS\system32\DRIVERS\LaCieUSBFilter.sys [2005-10-19 08:34]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 23:51]
S2 RUBotted;Trend Micro RUBotted Service;"C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 01:18]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys []
S3 ENDETECT;ENDETECT;C:\PROGRA~1\Bell\ACCESS~1\app\ENDETECT.SYS [2003-03-27 12:37]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-17 19:30]
S3 kqemu;KQEMU virtualisation module for QEMU;C:\WINDOWS\system32\DRIVERS\kqemu.sys [2007-02-06 22:02]
S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\Bell\ACCESS~1\app\NTSTPL1.SYS [2003-03-27 12:37]
S3 nvmd;Neuratron Ltd - Virtual Midi Port SvcDesc(WDM);C:\WINDOWS\system32\drivers\nvmd2k.sys [2006-02-08 12:24]
S3 RAWESR;RAWESR;C:\PROGRA~1\Bell\ACCESS~1\app\RAWESR.SYS [2003-03-27 12:37]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 TAPBIND;TAPBIND;C:\PROGRA~1\Bell\ACCESS~1\app\TAPBIND1.SYS [2003-03-27 12:37]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 23:51]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 18:51]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 18:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-09 06:14:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-09 13:42:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-27 00:47:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 22:32:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
BoxOfficeAddinUpdate = msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-18 22:40:18
ComboFix-quarantined-files.txt 2008-06-19 02:39:21

Pre-Run: 10,824,290,304 bytes free
Post-Run: 10,816,585,728 bytes free

356 --- E O F --- 2008-06-10 23:01:08
Enkerli
Regular Member
 
Posts: 16
Joined: June 7th, 2008, 7:30 am

Re: Newbie to Malware

Unread postby ndmmxiaomayi » June 19th, 2008, 12:49 pm

Hi,

Please open Notepad and copy and paste the following in the Code box into Notepad.

Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=31389

Suspect::
C:\Program Files\SW.EXE
C:\Program Files\setuplog.txt
C:\Documents and Settings\Kvik\updateSite.zip


Warning: The above script is just for Enkerli. If you are not Enkerli, please do not use this script as it may damage the workings of your system.

Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

Image

Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

In addition, it will prompt you to submit some files for analyzing.

Image

Click OK.

Copy and paste the file path into the text box next to the Browse button (boxed up in red).

Image

Click on Send File.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Newbie to Malware

Unread postby Enkerli » June 20th, 2008, 8:15 am

For some reason, the file submission failed, as this file isn't found:
file:///C:/ComboFix/CF-Submit.htm
In fact, the ComboFix directory is empty, after doing this.
Should I do the exact same procedure or should I change the script and do this again?

Here are the new log files.

ComboFix 08-06-16.5 - Kvik 2008-06-20 7:42:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.523 [GMT -4:00]
Running from: C:\Documents and Settings\Kvik\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kvik\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-18 19:37 . 2008-06-18 19:37 0 --a------ C:\WINDOWS\QuickInstall.INI
2008-06-18 19:07 . 2008-06-18 19:07 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Leadertech
2008-06-18 19:04 . 2008-06-18 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-06-18 19:03 . 2008-06-18 18:58 16,694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2008-06-18 19:02 . 2008-06-18 18:58 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2008-06-18 18:59 . 2008-06-18 19:16 <DIR> d-------- C:\Program Files\palmOne
2008-06-18 18:59 . 2008-06-18 18:59 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\HotSync
2008-06-18 18:30 . 2008-06-18 18:30 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-18 15:52 . 2008-06-18 15:52 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Windows Desktop Search
2008-06-15 18:19 . 2008-06-15 18:19 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Malwarebytes
2008-06-15 18:17 . 2008-06-15 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 18:15 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-15 18:15 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-15 18:05 . 2008-06-15 18:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 20:39 . 2008-06-13 20:39 <DIR> d-------- C:\Program Files\Wide Angle Software
2008-06-13 17:49 . 2008-06-13 17:49 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Songbird2
2008-06-13 14:26 . 2008-06-13 14:26 <DIR> d-------- C:\Deckard
2008-06-13 00:58 . 2008-06-13 00:58 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\InstallShield
2008-06-12 23:56 . 2008-06-12 23:56 <DIR> d-------- C:\Documents and Settings\Kvik\.bb
2008-06-12 23:55 . 2008-06-12 23:55 <DIR> d-------- C:\Program Files\BlogBridge
2008-06-10 18:43 . 2008-06-10 19:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-10 18:18 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:17 . 2008-04-14 08:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 12:14 . 2008-06-09 12:14 <DIR> d-------- C:\Program Files\Weiran Zhang
2008-06-08 13:09 . 2007-02-06 22:02 123,939 --a------ C:\WINDOWS\system32\drivers\kqemu.sys
2008-06-08 13:07 . 2008-06-08 13:16 <DIR> d-a------ C:\Program Files\olpc
2008-06-07 12:09 . 2008-06-13 00:49 <DIR> d-------- C:\Program Files\FlixQueue
2008-06-07 07:17 . 2008-06-07 07:17 <DIR> d-------- C:\VundoFix Backups
2008-05-31 19:15 . 2003-01-04 12:10 536,576 --a------ C:\WINDOWS\system32\SftTree_IX86_A_45.ocx
2008-05-31 19:15 . 2006-03-21 11:27 276,320 --a------ C:\WINDOWS\system32\csftpapi.dll
2008-05-31 19:15 . 2003-02-20 11:59 221,184 --a------ C:\WINDOWS\system32\TidyATL.dll
2008-05-31 19:15 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-05-31 19:15 . 2006-03-21 11:27 202,576 --a------ C:\WINDOWS\system32\csncdapi.dll
2008-05-31 19:14 . 2006-01-30 18:26 765,952 --a------ C:\WINDOWS\system32\PolarSpellChecker.dll
2008-05-31 02:25 . 2008-05-31 02:59 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-31 02:06 . 2008-05-31 02:17 <DIR> d-------- C:\Program Files\Common Files\SIL
2008-05-31 02:06 . 2008-05-31 02:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SIL
2008-05-31 01:17 . 2008-05-31 01:32 <DIR> d-------- C:\Program Files\improvisor338
2008-05-31 00:55 . 2008-05-31 00:55 <DIR> d-------- C:\Program Files\MuseScore 0.9
2008-05-30 19:40 . 2008-05-30 19:41 <DIR> d-------- C:\Documents and Settings\Kvik\Calgoo Hub Plugin
2008-05-30 19:33 . 2008-05-30 19:33 <DIR> d-------- C:\Program Files\Common Files\Calgoo
2008-05-30 19:28 . 2008-05-30 19:35 <DIR> d-------- C:\Program Files\Calgoo Hub Beta Plugin
2008-05-30 15:47 . 2008-05-30 15:49 <DIR> d-------- C:\Program Files\Impro-Visor
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-26 21:42 . 2008-06-07 07:52 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Vso
2008-05-26 21:42 . 2008-05-26 21:42 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-26 21:42 . 2008-06-07 07:52 47,360 --a------ C:\Documents and Settings\Kvik\Application Data\pcouffin.sys
2008-05-26 21:41 . 2008-06-07 07:55 <DIR> d-------- C:\Program Files\VSO
2008-05-26 21:07 . 2008-05-26 21:07 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-05-26 20:56 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2008-05-26 20:49 . 2008-05-30 10:03 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\Uniblue
2008-05-26 17:20 . 2008-05-26 17:20 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-25 12:48 . 2008-05-25 12:48 <DIR> d-------- C:\Program Files\New York Times
2008-05-21 18:17 . 2008-05-21 22:09 <DIR> d-------- C:\Documents and Settings\Kvik\Application Data\dasher.rc
2008-05-21 17:44 . 2008-05-21 17:44 <DIR> d-------- C:\Program Files\Dasher
2008-05-21 14:10 . 2008-05-21 14:10 <DIR> d-------- C:\Program Files\Participatory Culture Foundation
2008-05-20 16:56 . 2008-05-31 02:06 <DIR> d-------- C:\Program Files\SIL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-18 22:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 22:42 --------- d-----w C:\Program Files\Sony Handheld
2008-06-18 22:38 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-06-18 22:37 --------- d-----w C:\Program Files\iTunes Agent
2008-06-18 22:31 --------- d-----w C:\Program Files\Brewsta
2008-06-18 22:31 --------- d-----w C:\Program Files\Bleezer
2008-06-18 19:53 --------- d-----w C:\Program Files\Google
2008-06-18 19:49 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-17 21:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 04:24 --------- d-----w C:\Documents and Settings\Kvik\Application Data\BeerTools Pro
2008-06-14 11:25 --------- d-----w C:\Documents and Settings\Kvik\Application Data\Apple Computer
2008-06-14 02:02 --------- d-----w C:\Program Files\Songbird
2008-06-14 01:35 --------- d-----w C:\Documents and Settings\Kvik\Application Data\Skype
2008-06-13 20:44 --------- d-----w C:\Documents and Settings\Kvik\Application Data\skypePM
2008-06-13 04:59 --------- d-----w C:\Program Files\EverNote
2008-06-08 05:19 --------- d-----w C:\Program Files\BeerTools Pro 1.5
2008-06-07 14:11 --------- d-----w C:\Program Files\Common Files\Mediafour
2008-05-31 23:16 --------- d-----w C:\Program Files\BlogDesk
2008-05-31 06:56 --------- d-----w C:\Program Files\Flock
2008-05-31 06:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-23 14:15 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-23 14:15 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-23 14:14 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-05-17 21:16 --------- d-----w C:\Program Files\Diigo
2008-05-15 23:21 13,583 ----a-w C:\Program Files\setuplog.txt
2008-05-15 23:21 12,547 ----a-w C:\Program Files\uninstal.log
2008-05-15 23:19 --------- d-----w C:\Program Files\EZTest
2008-05-14 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 17:53 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd7613.sys
2008-05-12 03:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-12 02:51 --------- d-----w C:\Program Files\HP
2008-05-12 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-12 00:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-05-11 20:44 --------- d-----w C:\Documents and Settings\Kvik\Application Data\AVGTOOLBAR
2008-05-11 20:42 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-11 20:42 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-11 20:41 --------- d-----w C:\Program Files\AVG
2008-05-11 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 18:03 --------- d-----w C:\Documents and Settings\Kvik\Application Data\Comodo
2008-05-11 18:02 --------- d-----w C:\Program Files\COMODO
2008-05-11 00:26 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-11 00:26 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-10 01:46 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 21:04 --------- d-----w C:\Program Files\Opera
2008-05-02 14:15 --------- d-----w C:\Program Files\Java
2008-05-02 14:11 --------- d-----w C:\Program Files\Common Files\Java
2008-05-02 12:21 --------- d-----w C:\Program Files\Yahoo!
2008-05-02 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-02 01:05 --------- d-----w C:\Program Files\Safari
2008-05-02 01:02 --------- d-----w C:\Program Files\Apple Software Update
2008-05-02 00:57 --------- d-----w C:\Program Files\Trend Micro
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-01-30 05:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-17 21:44 292 -c----w C:\Documents and Settings\Kvik\Application Data\wklnhst.dat
2007-09-13 05:57 114,473,857 -c----w C:\Documents and Settings\Kvik\updateSite.zip
2007-08-01 03:57 180,174 -c--a-w C:\Program Files\SW.EXE
2006-05-06 16:42 7,260,160 -c--a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-18_22.38.23.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 22:48:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 02:54:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 03:05:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1cc.dat
+ 2008-06-19 02:55:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_308.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2F054105-E646-4044-AE59-13A3BED976A1}"= "C:\Program Files\Plummer\PlummerCOM.dll" [2007-05-22 06:24 81920]

[HKEY_CLASSES_ROOT\clsid\{2f054105-e646-4044-ae59-13a3bed976a1}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{A3080223-0DB6-44E4-880D-F59DDC115DF6}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2F054105-E646-4044-AE59-13A3BED976A1}"= C:\Program Files\Plummer\PlummerCOM.dll [2007-05-22 06:24 81920]

[HKEY_CLASSES_ROOT\clsid\{2f054105-e646-4044-ae59-13a3bed976a1}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{A3080223-0DB6-44E4-880D-F59DDC115DF6}]
[HKEY_CLASSES_ROOT\PlumIEToolBand.PlumIEToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 11:06 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27 2048000]
"UniClipper"="C:\Program Files\EverNote\Evernote3\UniClipper.exe" [2008-05-16 01:20 531392]
"Simplify Media"="C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" [2008-05-13 14:30 11828232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"BoxOfficeAddinUpdate"="msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 16:42 212992]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 22:51 131072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2005-03-13 03:33 61440]
"iHP-100"="C:\Program Files\iRiver\HSeries\iHPDetect.exe" [ ]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-17 19:30 29744]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 15:44 393216]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 00:16 39792]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 01:18 288088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="__C:\Program Files\iTunes\iTunesHelper.exe__" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-30 23:09 1655552]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 16:41 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Catherine L‚ger.PACE\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM 101784]

C:\Documents and Settings\Kvik\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [5/27/2008 12:48:52 PM 542192]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:27:34 PM 471040]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/14/2006 12:35:46 PM 124912]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Flock\\flock\\flock.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\Kvik\\Local Settings\\Application Data\\Simplify Media\\SimplifyPeer.exe"=
"C:\\Program Files\\pd\\bin\\pd.com"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\EZTest\\mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\Calgoo Hub Beta Plugin\\Calgoo_Hub_Beta_Plugin.exe"=
"C:\\Program Files\\SIL\\FieldWorks\\Flex.exe"=
"C:\\Program Files\\olpc\\qemu-0.9.0-windows\\qemu.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-11 16:42]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-23 10:15]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-23 10:15]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-11 16:41]
R2 MSSQL$SILFW;SQL Server (SILFW);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSILFW []
R2 RUBotted;Trend Micro RUBotted Service;"C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 01:18]
R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;C:\WINDOWS\system32\DRIVERS\enetnt.sys [2003-03-27 12:37]
R3 LaCieFWFilter;Silver 1394 Filter (1394 BUS Filter Driver);C:\WINDOWS\system32\DRIVERS\LaCieFWFilter.sys [2005-10-18 07:28]
R3 LaCieUSBFilter;Silver USB Filter (USB BUS Filter Driver);C:\WINDOWS\system32\DRIVERS\LaCieUSBFilter.sys [2005-10-19 08:34]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 23:51]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys []
S3 ENDETECT;ENDETECT;C:\PROGRA~1\Bell\ACCESS~1\app\ENDETECT.SYS [2003-03-27 12:37]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-17 19:30]
S3 kqemu;KQEMU virtualisation module for QEMU;C:\WINDOWS\system32\DRIVERS\kqemu.sys [2007-02-06 22:02]
S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\Bell\ACCESS~1\app\NTSTPL1.SYS [2003-03-27 12:37]
S3 nvmd;Neuratron Ltd - Virtual Midi Port SvcDesc(WDM);C:\WINDOWS\system32\drivers\nvmd2k.sys [2006-02-08 12:24]
S3 RAWESR;RAWESR;C:\PROGRA~1\Bell\ACCESS~1\app\RAWESR.SYS [2003-03-27 12:37]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 TAPBIND;TAPBIND;C:\PROGRA~1\Bell\ACCESS~1\app\TAPBIND1.SYS [2003-03-27 12:37]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 23:51]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 18:51]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 18:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-09 06:14:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-09 13:42:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-27 00:47:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 07:51:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
BoxOfficeAddinUpdate = msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-20 8:02:55
ComboFix-quarantined-files.txt 2008-06-20 12:02:18
ComboFix2.txt 2008-06-19 02:40:19

Pre-Run: 12,708,237,312 bytes free
Post-Run: 12,697,751,552 bytes free

320 --- E O F --- 2008-06-10 23:01:08


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:12:48, on 2008-06-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\EverNote\Evernote3\UniClipper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Diigo Toolbar Helper - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: &Plummer - {2F054105-E646-4044-AE59-13A3BED976A1} - C:\Program Files\Plummer\PlummerCOM.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] __"C:\Program Files\iTunes\iTunesHelper.exe"__
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\Evernote3\UniClipper.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Kvik\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [BoxOfficeAddinUpdate] msiexec /i C:\DOCUME~1\Kvik\LOCALS~1\Temp\boxofficeaddin.msi
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3103451968
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe

--
End of file - 13961 bytes
Enkerli
Regular Member
 
Posts: 16
Joined: June 7th, 2008, 7:30 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 307 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware