Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 15

Thema: My Logfile - Virus

  1. #1
    Einsteiger
    Registriert seit
    04.03.2008
    Beiträge
    17

    My Logfile - Virus

    Hello folks,

    Yesterday, a friend was on my computer and i left him and when i came back i found my PC infected and i don't know what happened ...when i try to open a partition it opens in a new Explorer Window and now i cant open it via double click at all some times it opens "Open with Dialog" and some times it says "Drive is not Accessible". I've found "Autorun.inf, io" in Every drive. also my Internet connection is too slow even TrendMicro says that when i try to scan my PC on line. I've tried McAfee, AVG but they found nothing. I can't even scan my PC online i've tried that also in Safe Mod with different browsers (FireFox, Opera and IE).

    My system installed on Partition "K"

    Also when i ran "HijackThis" at the first time it said there's a problem in boot i think but i don't remember actually what was it Exactly.

    Here's my HijackThis's Log:
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 11:03:20 AM, on 3/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    K:\WINDOWS\System32\smss.exe
    K:\WINDOWS\system32\winlogon.exe
    K:\WINDOWS\system32\services.exe
    K:\WINDOWS\system32\lsass.exe
    K:\WINDOWS\system32\svchost.exe
    K:\WINDOWS\System32\svchost.exe
    K:\WINDOWS\system32\spoolsv.exe
    K:\Program Files\Bonjour\mDNSResponder.exe
    K:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    K:\WINDOWS\system32\nvsvc32.exe
    k:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    K:\WINDOWS\Explorer.EXE
    K:\WINDOWS\system32\RUNDLL32.EXE
    K:\WINDOWS\RTHDCPL.EXE
    K:\Program Files\Winamp\winampa.exe
    K:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    K:\Program Files\DAEMON Tools\daemon.exe
    K:\Program Files\Messenger\msmsgs.exe
    K:\WINDOWS\system32\ctfmon.exe
    K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    K:\WINDOWS\System32\svchost.exe
    K:\WINDOWS\system32\svchost.exe
    K:\Program Files\McAfee\Common Framework\FrameworkService.exe
    K:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    K:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    K:\Program Files\McAfee\Common Framework\UdaterUI.exe
    K:\Program Files\McAfee\Common Framework\McTray.exe
    G:\LEG-STEAM\Steam.exe
    K:\Program Files\Winamp\winamp.exe
    K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    K:\PROGRA~1\AVG\AVG8\avgam.exe
    K:\PROGRA~1\AVG\AVG8\avgrsx.exe
    K:\PROGRA~1\AVG\AVG8\avgemc.exe
    K:\PROGRA~1\AVG\AVG8\avgnsx.exe
    K:\Program Files\Mozilla Firefox\firefox.exe
    K:\Documents and Settings\Administrator\Desktop\HijackThis.exe
    
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - K:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - K:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - K:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - K:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - K:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - K:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "K:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WinampAgent] "K:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [] C:\Program Files\Common Files\Services\svchost.exe
    O4 - HKLM\..\Run: [ShStatEXE] "K:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "K:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [AVG8_TRAY] K:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "K:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MSMSGS] "K:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = K:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: Download Using &BitSpirit - K:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: k:\program files\bonjour\mdnsnsp.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - K:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - K:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - K:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - K:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - K:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - K:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - K:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - K:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - K:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - k:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    Here's filelist's log:

    Code:
    ----- Root ----------------------------- 
     Volume in drive K is 0x00
     Volume Serial Number is C8CD-3CE6
    
     Directory of K:\
    
    03/01/2008  03:55 AM               210 boot.ini
    03/04/2007  08:41 AM                74 autorun.inf
    03/04/2007  07:19 AM     2,145,386,496 pagefile.sys
                   5 File(s)  2,145,684,376 bytes
                   0 Dir(s)   9,986,686,976 bytes free
     
    ----- System32 ------------------------- 
     Volume in drive K is 0x00
     Volume Serial Number is C8CD-3CE6
    
     Directory of K:\WINDOWS\system32
    
    03/02/2008  04:51 AM           448,234 perfh009.dat
    03/02/2008  04:51 AM            80,166 perfc009.dat
    03/02/2008  04:51 AM           537,752 PerfStringBackup.INI
    03/01/2008  05:45 AM             5,329 jupdate-1.6.0_03-b05.log
    03/01/2008  05:31 AM             5,299 jupdate-1.5.0_05-b05.log
    03/01/2008  04:44 AM           163,353 nvapps.xml
    03/01/2008  04:10 AM                 0 h323log.txt
    03/01/2008  02:34 AM           940,794 LoopyMusic.wav
    03/01/2008  02:34 AM           146,650 BuzzingBee.wav
    03/01/2008  02:17 AM               261 $winnt$.inf
    03/01/2008  02:15 AM             2,577 CONFIG.NT
    03/01/2008  02:15 AM            16,832 amcompat.tlb
    03/01/2008  02:15 AM            23,392 nscompat.tlb
    03/01/2008  02:14 AM               488 logonui.exe.manifest
    03/01/2008  02:14 AM               488 WindowsLogon.manifest
    03/01/2008  02:12 AM            21,640 emptyregdb.dat
    12/05/2007  02:53 AM           356,352 NVUNINST.EXE
    12/05/2007  01:41 AM           147,456 nvcolor.exe
    12/05/2007  01:41 AM           413,696 nvcpl.cpl
    12/05/2007  01:41 AM         8,523,776 nvcpl.dll
    12/05/2007  01:41 AM           753,664 nvcplui.exe
    12/05/2007  01:41 AM         1,089,536 nvcuda.dll
    12/05/2007  01:41 AM            17,737 nvdisp.nvu
    12/05/2007  01:41 AM         6,549,504 nvdisps.dll
    12/05/2007  01:41 AM         1,339,392 nvdspsch.exe
    12/05/2007  01:41 AM           425,984 keystone.exe
    12/05/2007  01:41 AM         3,420,160 nvgames.dll
    12/05/2007  01:41 AM         1,474,560 nview.dll
    12/05/2007  01:41 AM           229,376 nvmccs.dll
    12/05/2007  01:41 AM            45,056 nvmccsrs.dll
    12/05/2007  01:41 AM            35,328 nvcod.dll
    12/05/2007  01:41 AM            81,920 nvmctray.dll
    12/05/2007  01:41 AM         1,228,800 nvmobls.dll
    12/05/2007  01:41 AM           286,720 nvnt4cpl.dll
    12/05/2007  01:41 AM         5,773,568 nv4_disp.dll
    12/05/2007  01:41 AM         6,901,760 nvoglnt.dll
    12/05/2007  01:41 AM           466,944 nvshell.dll
    12/05/2007  01:41 AM           155,716 nvsvc32.exe
    12/05/2007  01:41 AM            73,728 nvtuicpl.cpl
    12/05/2007  01:41 AM           356,352 nvudisp.exe
    12/05/2007  01:41 AM            35,328 nvcodins.dll
    12/05/2007  01:41 AM         3,710,976 nvvitvs.dll
    12/05/2007  01:41 AM            81,920 nvwddi.dll
    12/05/2007  01:41 AM         1,703,936 nvwdmcpl.dll
    12/05/2007  01:41 AM         1,019,904 nvwimg.dll
    12/05/2007  01:41 AM         2,498,560 nvwss.dll
    12/05/2007  01:41 AM         1,626,112 nwiz.exe
    12/05/2007  01:41 AM           385,024 nvapi.dll
    12/05/2007  01:41 AM           442,368 nvappbar.exe
    12/05/2007  01:41 AM           188,416 nvmccss.dll
    12/05/2007  01:41 AM           307,200 nvexpbar.dll
    09/24/2007  11:31 PM           139,264 javaws.exe
    09/24/2007  11:31 PM            69,632 javacpl.cpl
    09/24/2007  10:30 PM           135,168 javaw.exe
    09/24/2007  10:30 PM           135,168 java.exe
    07/19/2007  06:14 PM         1,358,192 D3DCompiler_35.dll
    07/19/2007  06:14 PM         3,727,720 d3dx9_35.dll
    07/19/2007  06:14 PM           444,776 d3dx10_35.dll
    05/16/2007  04:45 PM           443,752 d3dx10_34.dll
    05/16/2007  04:45 PM         3,497,832 d3dx9_34.dll
    05/16/2007  04:45 PM         1,124,720 D3DCompiler_34.dll
    04/04/2007  06:53 PM            81,768 xinput1_3.dll
    03/21/2007  08:54 PM            48,560 TWUNK_16.EXE
    03/21/2007  08:54 PM            77,312 TWAIN_32.DLL
    03/21/2007  08:54 PM            69,632 TWUNK_32.EXE
    03/08/2007  01:51 AM           129,784 pxafs.dll
    03/08/2007  01:51 AM            39,672 vxblock.dll
    03/08/2007  01:51 AM           187,128 pxmas.dll
    03/08/2007  01:51 AM            72,440 pxhpinst.exe
    03/08/2007  01:51 AM           510,712 pxdrv.dll
    03/08/2007  01:51 AM            64,760 pxcpya64.exe
    03/08/2007  01:51 AM           547,576 px.dll
    03/08/2007  01:51 AM            64,760 pxinsa64.exe
    03/08/2007  01:51 AM         1,628,920 pxsfs.dll
    03/08/2007  01:51 AM           379,640 pxwave.dll
    03/04/2007  09:39 AM            10,520 avgrsstx.dll
    03/04/2007  07:14 AM         1,647,128 FNTCACHE.DAT
    03/03/2007  08:27 PM               749 wuaucpl.cpl.manifest
    03/03/2007  08:27 PM               749 cdplayer.exe.manifest
    03/03/2007  08:27 PM               749 ncpa.cpl.manifest
    03/03/2007  08:27 PM               749 nwc.cpl.manifest
    03/03/2007  08:27 PM               749 sapi.cpl.manifest
    03/03/2007  06:02 PM             2,206 wpa.dbl
    02/21/2007  09:00 PM            10,752 ff_vfw.dll
    02/16/2007  10:54 AM            49,152 QuickTime.qts
    02/16/2007  10:54 AM            65,536 QuickTimeVR.qtx
    02/13/2007  04:22 PM           947,472 msjava.dll
    02/01/2007  05:56 AM           639,066 divx.dll
    01/30/2007  06:03 AM         3,596,288 qt-dx331.dll
    01/30/2007  06:03 AM         1,044,480 libdivx.dll
    01/30/2007  06:03 AM           200,704 ssldivx.dll
    01/30/2007  05:56 AM            73,728 dpl100.dll
    01/30/2007  05:56 AM           196,608 dtu100.dll
    01/28/2007  09:24 PM           654,848 x264vfw.dll
    01/20/2007  09:26 PM         1,565,480 wmv9vcm.dll
    01/19/2007  12:53 PM            51,056 sirenacm.dll
    
                2242 File(s)    482,826,377 bytes
                   0 Dir(s)   9,986,555,904 bytes free
     
    ----- Prefetch ------------------------- 
     Volume in drive K is 0x00
     Volume Serial Number is C8CD-3CE6
    
     Directory of K:\WINDOWS\Prefetch
    
    03/03/2008  03:49 PM            15,656 EXPLORER.EXE-082F38A9.pf
    03/03/2008  03:45 PM           103,976 MPLAYERC.EXE-06A9CBF3.pf
    03/03/2008  03:35 PM            74,264 IEXPLORE.EXE-27122324.pf
    03/03/2008  03:30 PM            25,706 REGSVR32.EXE-25EEFE2F.pf
    03/03/2008  03:29 PM           111,360 MSIEXEC.EXE-2F8A8CAE.pf
    03/03/2008  02:58 PM            80,940 FIREFOX.EXE-28641590.pf
    03/03/2008  01:59 PM             6,474 LOGON.SCR-151EFAEA.pf
    03/03/2008  01:42 PM            74,426 WMIPRVSE.EXE-28F301A9.pf
    03/03/2008  09:12 AM            12,230 DUMPREP.EXE-1B46F901.pf
    03/03/2008  09:02 AM           123,600 WINRAR.EXE-39C6DAD9.pf
    03/03/2008  07:51 AM           135,436 DEVENV.EXE-31D425DF.pf
    03/03/2008  07:50 AM            15,218 PACKMAN.EXE-07397B64.pf
    03/03/2008  07:23 AM            16,384 IMAPI.EXE-0BF740A4.pf
    03/03/2008  02:10 AM            20,978 THE DIC.EXE-3B871110.pf
    03/03/2008  12:30 AM            36,426 NOTEPAD++.EXE-14917D45.pf
    03/03/2008  12:28 AM            79,366 SRO_CLIENT.EXE-1A16172C.pf
    03/02/2008  11:49 PM            26,264 SILKROAD.EXE-16ED5145.pf
    03/02/2008  11:35 PM            44,488 SAFLASHPLAYER.EXE-3800FC0A.pf
    03/02/2008  10:57 AM            20,176 RUNDLL32.EXE-2E5AF1D7.pf
    03/02/2008  10:25 AM            57,372 STEAM.EXE-324F8A0C.pf
    03/02/2008  07:56 AM            16,892 REGEDIT.EXE-1B606482.pf
    03/02/2008  07:48 AM            38,346 NOTEPAD.EXE-336351A9.pf
    03/02/2008  05:50 AM            20,582 LEAPFTP.EXE-06D26FAD.pf
    03/02/2008  05:49 AM            12,030 CVTRES.EXE-2329DCD5.pf
    03/02/2008  05:48 AM            50,790 SSPM.VSHOST.EXE-2AEE710C.pf
    03/02/2008  05:32 AM            11,758 VSLAUNCHER.EXE-32CAC60F.pf
    03/02/2008  04:52 AM            26,252 WMIADAP.EXE-2DF425B2.pf
    03/02/2008  04:51 AM            34,056 LODCTR.EXE-1009C3B4.pf
    03/02/2008  04:43 AM            32,552 CSC.EXE-01730C27.pf
    03/02/2008  12:24 AM            90,480 WINAMP.EXE-0D0189CA.pf
    03/04/2007  10:08 AM            61,044 GAMEOVERLAYUI.EXE-227766F5.pf
    03/04/2007  09:54 AM            60,916 SCAN32.EXE-05E5A7D0.pf
    03/04/2007  09:54 AM            30,280 MCCONSOL.EXE-1B15A9EC.pf
    03/04/2007  09:36 AM           102,398 AVG_AVWT_STF_ALL_8_81A1271.EX-38AC9B7A.pf
    03/04/2007  09:31 AM            13,664 SRO_OPTIMIZER.EXE-31B90309.pf
    03/04/2007  09:30 AM            34,420 RUNDLL32.EXE-415C0B1D.pf
    03/04/2007  09:21 AM            92,848 QUESTVIEWER.EXE-20EAA997.pf
    03/04/2007  09:02 AM            12,752 FNPLICENSINGSERVICE.EXE-15CB8EAD.pf
    03/04/2007  09:01 AM            60,326 PHOTOSHOP.EXE-122BFF6B.pf
    03/04/2007  09:01 AM            15,756 RUNDLL32.EXE-1C583B1F.pf
    03/04/2007  08:55 AM            28,726 MCSCRIPT_INUSE.EXE-396579E3.pf
    03/04/2007  08:55 AM            21,732 MSPAINT.EXE-11CBB631.pf
    03/04/2007  08:49 AM            11,108 MCTRAY.EXE-2A7EE307.pf
    03/04/2007  08:49 AM            24,464 UDATERUI.EXE-1E769EA7.pf
    03/04/2007  08:49 AM            33,104 MCUPDATE.EXE-1D0E3EC0.pf
    03/04/2007  08:47 AM            57,394 SHCFG32.EXE-0C7CBA6A.pf
    03/04/2007  08:41 AM            12,398 NET.EXE-01A53C2F.pf
    03/04/2007  08:41 AM            14,104 NET1.EXE-029B9DB4.pf
    03/04/2007  08:40 AM            20,774 IO.PIF-2570E5D9.pf
    03/04/2007  08:40 AM            26,866 SHSTAT.EXE-29A2BE4E.pf
    03/04/2007  08:40 AM            11,402 LOGPARSER.EXE-196B817B.pf
    03/04/2007  08:39 AM            43,936 MSIB2.TMP-12AAD0B5.pf
    03/04/2007  08:39 AM            11,604 MSIB1.TMP-2720BD8B.pf
    03/04/2007  08:39 AM            11,500 MSIB0.TMP-27DE2027.pf
    03/04/2007  08:39 AM            49,440 MCSHIELD.EXE-2AD37449.pf
    03/04/2007  08:39 AM             6,218 MSIAF.TMP-1A6EC960.pf
    03/04/2007  08:39 AM             5,628 MSIAE.TMP-34901452.pf
    03/04/2007  08:39 AM             6,230 MSIAD.TMP-053B79EE.pf
    03/04/2007  08:39 AM            21,394 VSTSKMGR.EXE-288AC380.pf
    03/04/2007  08:39 AM             6,598 MSIAC.TMP-0E2899BD.pf
    03/04/2007  08:39 AM             6,634 MSIAB.TMP-2BA2F483.pf
    03/04/2007  08:39 AM             6,634 MSIAA.TMP-235BE92F.pf
    03/04/2007  08:39 AM             6,334 MSIA9.TMP-10A144FB.pf
    03/04/2007  08:39 AM             6,346 MSIA8.TMP-02C2CEB0.pf
    03/04/2007  08:39 AM             7,694 MSIA7.TMP-3708BF90.pf
    03/04/2007  08:39 AM             7,012 MSIA6.TMP-17F61E22.pf
    03/04/2007  08:39 AM             9,076 MFEHIDIN.EXE-3843BEB7.pf
    03/04/2007  08:39 AM             6,334 MSIA5.TMP-21D5701E.pf
    03/04/2007  08:39 AM             6,382 MSIA4.TMP-2D296D94.pf
    03/04/2007  08:39 AM             6,334 MSIA3.TMP-0CA220AC.pf
    03/04/2007  08:39 AM             6,346 MSIA2.TMP-06C1F2FF.pf
    03/04/2007  08:39 AM             6,994 MSIA1.TMP-08912EC6.pf
    03/04/2007  08:39 AM            11,500 MSIA0.TMP-313A5F7A.pf
    03/04/2007  08:39 AM            11,500 MSI9F.TMP-2785CF21.pf
    03/04/2007  08:39 AM            11,516 SETUP.EXE-3928CD64.pf
    03/04/2007  08:39 AM             7,162 MSI8C.TMP-2BDDF576.pf
    03/04/2007  08:39 AM             5,848 MSI83.TMP-2A878EFA.pf
    03/04/2007  08:35 AM            61,876 PEXPLORER.EXE-2EBEC497.pf
    03/04/2007  08:28 AM            52,644 MSI6E.TMP-059A71C6.pf
    03/04/2007  08:28 AM            11,476 MSI6D.TMP-34311C7A.pf
    03/04/2007  08:28 AM            11,580 MSI6C.TMP-1ACDC138.pf
    03/04/2007  08:28 AM             6,206 MSI6B.TMP-1EFDCD08.pf
    03/04/2007  08:28 AM             5,640 MSI6A.TMP-300110AA.pf
    03/04/2007  08:28 AM             6,334 MSI69.TMP-03FC1D80.pf
    03/04/2007  08:28 AM             6,586 MSI68.TMP-0F67F62B.pf
    03/04/2007  08:28 AM             5,776 CLEANUP.EXE-29E1176F.pf
    03/04/2007  08:28 AM            19,950 NAPRDMGR.EXE-0761B7F7.pf
    03/04/2007  08:28 AM            35,292 FRAMEWORKSERVICE.EXE-30BA46B4.pf
    03/04/2007  08:27 AM             6,346 MSI66.TMP-249B459D.pf
    03/04/2007  08:27 AM            22,948 FRMINST.EXE-235ACB34.pf
    03/04/2007  08:27 AM            38,022 FRMINST.EXE-034DCFC0.pf
    03/04/2007  08:27 AM            22,348 MSI61.TMP-15365641.pf
    03/04/2007  08:27 AM            21,582 FRAMEPKG.EXE-06383CAC.pf
    03/04/2007  08:27 AM             6,928 MSI60.TMP-249537FF.pf
    03/04/2007  08:27 AM             6,334 MSI5F.TMP-19B27F9B.pf
    03/04/2007  08:27 AM             6,358 MSI5E.TMP-354C5E17.pf
    03/04/2007  08:27 AM             6,254 MSI5D.TMP-047F3029.pf
    03/04/2007  08:27 AM             6,346 MSI5C.TMP-02AFF462.pf
    03/04/2007  08:27 AM             6,346 MSI5B.TMP-10B41F49.pf
    03/04/2007  08:27 AM             6,334 MSI5A.TMP-29176EF7.pf
    03/04/2007  08:27 AM             6,334 MSI59.TMP-0FE4FB36.pf
    03/04/2007  08:26 AM            17,722 IO.PIF-10460F1C.pf
    03/04/2007  08:26 AM            17,304 IO.PIF-3856D556.pf
    03/04/2007  08:26 AM            17,370 IO.PIF-3608FF1D.pf
    03/04/2007  08:26 AM            16,880 IO.PIF-2AB0A69B.pf
    03/04/2007  08:26 AM            16,880 IO.PIF-2862D062.pf
    03/04/2007  08:26 AM            19,326 IO.PIF-3B48BFDF.pf
    03/04/2007  08:25 AM             7,162 MSI45.TMP-07D73ECA.pf
    03/04/2007  08:25 AM            53,048 SETUPVSE.EXE-06F8F833.pf
    03/04/2007  08:24 AM            54,202 SETUP.EXE-1C28AE99.pf
    03/04/2007  08:23 AM            18,368 CONTROL.EXE-013DBFB5.pf
    03/04/2007  08:23 AM            12,154 RUNDLL32.EXE-27A1FAD8.pf
    03/04/2007  08:18 AM            18,214 SVCHOST.EXE-3530F672.pf
    03/04/2007  08:09 AM            75,386 DEXPLORE.EXE-169F4C80.pf
    03/04/2007  07:54 AM            47,694 MSDEV.EXE-0AB299BF.pf
    03/04/2007  07:42 AM            23,526 CFTOOLBOX.EXE-29332C8A.pf
    03/04/2007  07:22 AM            30,220 HELPHOST.EXE-247D2792.pf
    03/04/2007  07:22 AM            25,932 HELPSVC.EXE-2878DDA2.pf
    03/04/2007  07:22 AM            53,584 HELPCTR.EXE-3862B6F5.pf
    03/04/2007  07:20 AM            20,288 WUAUCLT.EXE-399A8E72.pf
    03/04/2007  07:20 AM         1,420,418 NTOSBOOT-B00DFAAD.pf
    03/04/2007  07:15 AM            25,630 SERVICELAYER.EXE-191F07A8.pf
    03/04/2007  07:15 AM            20,838 GOOGLEWEBACCCLIENT.EXE-054BDF87.pf
    03/04/2007  07:15 AM            25,042 GOOGLEWEBACCWARDEN.EXE-00AAC047.pf
    03/04/2007  07:15 AM            11,070 CHKUPD.EXE-289621E3.pf
    03/03/2007  11:36 PM            47,438 SAS - STEAM LAUNCHER.VSHOST.E-293326C4.pf
    03/03/2007  11:36 PM            20,488 FONTVIEW.EXE-08548073.pf
    03/03/2007  11:01 PM            10,710 REG.EXE-0D2A95F7.pf
    03/03/2007  10:31 PM            12,142 RUNDLL32.EXE-451FC2C0.pf
    03/03/2007  08:54 PM           520,154 Layout.ini
                 130 File(s)      5,498,178 bytes
                   0 Dir(s)   9,986,555,904 bytes free
     
    ----- Windows -------------------------- 
     Volume in drive K is 0x00
     Volume Serial Number is C8CD-3CE6
    
     Directory of K:\WINDOWS
    
    03/03/2008  03:30 PM            16,620 DPINST.LOG
    03/03/2008  08:07 AM                 0 spyxx.INI
    03/03/2008  12:39 AM             1,733 TSearch.INI
    03/02/2008  05:50 AM               485 system.ini
    03/01/2008  11:04 PM            66,301 DirectX.log
    03/01/2008  10:56 PM            98,304 system32CmdLineExt.dll
    03/01/2008  06:58 AM             4,161 ODBCINST.INI
    03/01/2008  05:53 AM            60,428 iis6.log
    03/01/2008  05:53 AM            20,019 comsetup.log
    03/01/2008  05:53 AM            10,438 ntdtcsetup.log
    03/01/2008  05:53 AM             1,874 tabletoc.log
    03/01/2008  05:53 AM             1,569 ocmsn.log
    03/01/2008  05:53 AM            15,829 tsoc.log
    03/01/2008  05:53 AM             1,355 imsins.log
    03/01/2008  05:53 AM             7,244 KB893803v2.log
    03/01/2008  05:53 AM            20,564 ocgen.log
    03/01/2008  05:53 AM             2,337 MedCtrOC.log
    03/01/2008  05:53 AM             1,489 msgsocm.log
    03/01/2008  05:53 AM             4,956 netfxocm.log
    03/01/2008  05:53 AM            23,903 FaxSetup.log
    03/01/2008  05:53 AM            13,530 msmqinst.log
    03/01/2008  05:41 AM             1,446 COM+.log
    03/01/2008  05:15 AM             1,158 mozver.dat
    03/01/2008  05:13 AM                 0 nsreg.dat
    03/01/2008  04:52 AM            15,892 wmsetup.log
    03/01/2008  04:52 AM           316,640 WMSysPr9.prx
    03/01/2008  04:00 AM             1,570 regopt.log
    03/01/2008  04:00 AM                 0 Sti_Trace.log
    03/01/2008  03:56 AM                 0 setuperr.log
    03/01/2008  02:30 AM             1,355 imsins.BAK
    03/01/2008  02:30 AM             5,239 KB888111.log
    03/01/2008  02:26 AM           171,890 setupact.log
    03/01/2008  02:20 AM               833 OEWABLog.txt
    03/01/2008  02:18 AM             8,192 REGLOCS.OLD
    03/01/2008  02:17 AM           746,392 setuplog.txt
    03/01/2008  02:15 AM                 0 control.ini
    03/01/2008  02:12 AM             1,022 sessmgr.setup.log
    03/01/2008  02:12 AM                37 vbaddin.ini
    03/01/2008  02:12 AM                36 vb.ini
    03/01/2008  02:12 AM               133 DtcInstall.log
    03/01/2008  02:10 AM               200 cmsetacl.log
    03/04/2007  09:01 AM               254 wiadebug.log
    03/04/2007  08:18 AM                50 wiaservc.log
    03/04/2007  07:25 AM            24,381 WindowsUpdate.log
    03/04/2007  07:19 AM                 0 0.log
    03/04/2007  07:19 AM             2,048 bootstat.dat
    03/04/2007  07:17 AM             2,458 SchedLgU.Txt
    03/03/2007  08:34 PM           406,146 setupapi.log
    03/03/2007  08:27 PM               749 WindowsShell.Manifest
    03/03/2007  05:58 PM               520 ODBC.INI
    03/03/2007  05:57 PM               573 win.ini
    03/03/2007  05:52 PM            18,132 dasetup.log
                  94 File(s)     42,474,807 bytes
                   0 Dir(s)   9,986,555,904 bytes free
     
    ----- Tasks ---------------------------- 
     Volume in drive K is 0x00
     Volume Serial Number is C8CD-3CE6
    
     Directory of K:\WINDOWS\tasks
    
    03/04/2007  07:19 AM                 6 SA.DAT
    08/04/2004  03:07 AM                65 desktop.ini
                   2 File(s)             71 bytes
                   0 Dir(s)   9,986,555,904 bytes free
     
    ----- Wintemp -------------------------- 
     Volume in drive K is 0x00
     Volume Serial Number is C8CD-3CE6
    
     Directory of K:\WINDOWS\temp
    
    03/01/2008  07:12 AM            19,833 PQ_DEBUG.TXT
    03/01/2008  07:04 AM            22,433 PQ_DEBUG.001
    03/01/2008  02:30 AM               108 IntelChip
    03/01/2008  02:18 AM               512 ~DF9613.tmp
    03/01/2008  02:18 AM            16,384 ~DF960B.tmp
    03/01/2008  02:18 AM               512 ~DF94D7.tmp
    03/01/2008  02:18 AM            16,384 ~DF94CF.tmp
    03/04/2007  10:54 AM           200,452 02d7e839-2c53-4bc9-921e-33749e0cf4d5.tmp
    03/04/2007  10:54 AM                 0 d49fd4a4-597e-45cf-b222-f4cccfd3902d.tmp
    03/04/2007  09:41 AM                48 avg8info.id
                  10 File(s)        276,666 bytes
                   0 Dir(s)   9,986,551,808 bytes free
     
    ----- Temp ----------------------------- 
     Volume in drive K is 0x00
     Volume Serial Number is C8CD-3CE6
    
     Directory of K:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    
    03/03/2008  03:30 PM             9,216 MSI2F6.tmp
    03/03/2008  03:30 PM                60 MCLLog.txt
    03/03/2008  03:29 PM            13,222 NclRegPermissions(2).log
    03/03/2008  03:29 PM         1,180,502 PCCS.log
    03/03/2008  03:29 PM             7,994 NclRegPermissions(1).log
    03/03/2008  03:29 PM         7,246,848 PCCS.msi
    03/03/2008  03:29 PM           199,334 NCCD.log
    03/03/2008  03:29 PM           677,888 Nokia_Connectivity_Cable_Driver.msi
    03/03/2008  12:42 AM            20,981 r7gbhxrp.CT
    03/03/2008  12:34 AM             4,469 splash.jpg
    03/02/2008  01:25 AM            54,868 Untitled-1.swf
    03/02/2008  12:54 AM               418 version.php
    03/02/2008  12:24 AM           383,140 WT33.tmp
    03/02/2008  12:24 AM           367,112 WT32.tmp
    03/01/2008  10:05 PM            14,106 76811.tmp
    03/01/2008  01:09 PM               123 CFGE4.tmp
    03/01/2008  01:09 PM               123 CFGE1.tmp
    03/01/2008  11:45 AM             1,402 ymsgr8
    03/01/2008  11:45 AM             2,065 ymsgr9
    03/01/2008  11:45 AM             1,571 ymsgr10
    03/01/2008  11:45 AM             1,402 ymsgr7
    03/01/2008  11:45 AM             2,065 ymsgr6
    03/01/2008  11:45 AM             1,571 ymsgr5
    03/01/2008  11:45 AM            21,176 gardasil.bmp
    03/01/2008  11:45 AM             1,402 ymsgr2
    03/01/2008  11:45 AM             1,571 ymsgr4
    03/01/2008  11:45 AM             2,065 ymsgr3
    03/01/2008  11:45 AM            21,176 autoextra.bmp
    03/01/2008  11:45 AM            21,176 champion.bmp
    03/01/2008  11:45 AM            21,176 navy2.bmp
    03/01/2008  11:45 AM            21,176 ptshowdown.bmp
    03/01/2008  11:45 AM            21,176 kleenex.bmp
    03/01/2008  11:38 AM           383,140 WT62.tmp
    03/01/2008  11:38 AM           367,112 WT61.tmp
    03/01/2008  06:55 AM           212,381 dd_depcheck80.txt
    03/01/2008  06:55 AM             1,464 merge.log
    03/01/2008  06:46 AM           381,074 dd_vsinstall80.txt
    03/01/2008  06:46 AM            30,338 uxeventlog.txt
    03/01/2008  06:46 AM               506 msinterr.txt
    03/01/2008  06:41 AM            16,396 dd_sde_80UI1F07.txt
    03/01/2008  06:41 AM           210,704 dd_sde_80MSI1F07.txt
    03/01/2008  06:40 AM            16,698 dd_vjredist20UI1E60.txt
    03/01/2008  06:40 AM         4,141,574 dd_vjredist20MSI1E60.txt
    03/01/2008  06:40 AM           864,866 netcf2.log
    03/01/2008  06:39 AM           411,238 netcf1.log
    03/01/2008  06:34 AM            30,158 index.php
    03/01/2008  06:28 AM            15,830 dd_dexploreUI14F3.txt
    03/01/2008  06:28 AM         2,952,640 dd_dexploreMSI14F3.txt
    03/01/2008  06:27 AM            18,288 dd_netfx20UI130C.txt
    03/01/2008  06:27 AM         4,596,338 dd_netfx20MSI130C.txt
    03/01/2008  06:26 AM             5,144 ASPNETSetup_00000.log
    03/01/2008  06:11 AM            93,314 {E469E805-E012-4A29-A536-99AE33FE0C6D}estk_ribs_bgd.png
    03/01/2008  06:11 AM            45,630 {BCD30B43-9083-4441-9284-E528A1285042}Setup.ico
    03/01/2008  06:11 AM            20,376 {BCD30B43-9083-4441-9284-E528A1285042}background.png
    03/01/2008  06:11 AM            42,014 {762E17C8-C547-4B10-B053-F329F39A0D80}bridge.ico
    03/01/2008  06:11 AM            74,256 {045CFB2B-65A3-49C9-BABC-E4452254C7AF}background.png
    03/01/2008  06:11 AM            41,561 {045CFB2B-65A3-49C9-BABC-E4452254C7AF}Titan.ico
    03/01/2008  06:08 AM                 0 Twunk002.MTX
    03/01/2008  05:53 AM            42,014 {61D23D99-3398-414E-974E-EBAE498BB298}bridge.ico
    03/01/2008  05:53 AM            93,314 {193F8A7B-1853-48D5-88AC-19446C2C1D13}estk_ribs_bgd.png
    03/01/2008  05:53 AM            57,708 {F0699DAC-0DC4-410B-B558-6D8CB5F3511A}background.png
    03/01/2008  05:53 AM            41,582 {F0699DAC-0DC4-410B-B558-6D8CB5F3511A}PS_AppIcon.ico
    03/01/2008  05:43 AM             1,249 jinstall.cfg
    03/01/2008  05:31 AM            24,823 java_install.log
    03/01/2008  05:30 AM             3,584 347468.mst
    03/01/2008  04:56 AM                 0 Winamp.tmp
    03/01/2008  04:44 AM             2,330 dotNetFx.log
    03/01/2008  04:43 AM             7,200 ASPNETSetup.log
    03/01/2008  02:34 AM            21,964 Norwegian.bin
    03/01/2008  02:34 AM            21,976 Thai.bin
    03/01/2008  02:34 AM            25,082 Greek.bin
    03/01/2008  02:34 AM            19,553 Hebrew.bin
    03/01/2008  02:34 AM            24,221 Polish.bin
    03/01/2008  02:34 AM            25,071 Portuguese(Brazil).bin
    03/01/2008  02:34 AM            22,253 Turkish.bin
    03/01/2008  02:34 AM            24,312 Czech.bin
    03/01/2008  02:34 AM            26,080 Hungarian.bin
    03/01/2008  02:34 AM            22,857 Finnish.bin
    03/01/2008  02:34 AM            27,753 Spanish.bin
    03/01/2008  02:34 AM            26,260 Portuguese.bin
    03/01/2008  02:34 AM            24,082 SWEDISH.bin
    03/01/2008  02:34 AM            21,914 English.bin
    03/01/2008  02:34 AM            20,972 Arabic.bin
    03/01/2008  02:34 AM            16,408 SimChin.bin
    03/01/2008  02:34 AM            26,126 Russian.bin
    03/01/2008  02:34 AM            27,410 Italian.bin
    03/01/2008  02:34 AM            27,235 French.bin
    03/01/2008  02:34 AM            16,949 TradChin.bin
    03/01/2008  02:34 AM            25,753 German.bin
    03/01/2008  02:34 AM            22,783 Danish.bin
    03/01/2008  02:34 AM            25,747 Dutch.bin
    03/01/2008  02:34 AM            20,135 Korean.bin
    03/01/2008  02:34 AM            24,297 Japanese.bin
    03/01/2008  02:30 AM             4,533 plf78.tmp
    03/01/2008  02:26 AM             1,878 IMT43.xml
    10/28/2007  06:46 AM        20,222,992 Install_WLMessenger.exe
    03/04/2007  11:04 AM           131,824 filelist.txt
    03/04/2007  11:03 AM            16,384 ~DF25B8.tmp
    03/04/2007  10:54 AM         4,965,124 jar_cache29810.tmp
    03/04/2007  10:41 AM           440,793 fla137.tmp
    03/04/2007  10:37 AM             2,630 java_install_reg.log
    03/04/2007  10:33 AM        11,374,746 jar_cache3080.tmp
    03/04/2007  09:55 AM            16,384 Perflib_Perfdata_8ac.dat
    03/04/2007  09:46 AM                 0 wbk105.tmp
    03/04/2007  09:46 AM                 0 wbk103.tmp
    03/04/2007  09:46 AM                 0 wbk101.tmp
    03/04/2007  09:40 AM            67,847 avg8inst.log
    03/04/2007  09:22 AM            47,593 googlewebaccclient.exe.log
    03/04/2007  09:22 AM        18,964,496 GoogleWebAcceleratorCache
    03/04/2007  09:17 AM           383,140 WTCF.tmp
    03/04/2007  09:17 AM           367,112 WTCE.tmp
    03/04/2007  09:15 AM             3,885 alm.log
    03/04/2007  09:15 AM             9,149 amt.log
    03/04/2007  09:01 AM               693 TWAIN.LOG
    03/04/2007  09:01 AM               156 Twunk001.MTX
    03/04/2007  09:01 AM                 2 Twain001.Mtx
    03/04/2007  08:25 AM        21,521,356 VSE850.MSI
    03/04/2007  07:24 AM             5,375 jusched.log
    03/04/2007  07:19 AM             2,796 GoogleWebAccWarden.exe.log
    03/03/2007  06:16 PM           383,140 WT8.tmp
    03/03/2007  06:16 PM           367,112 WT7.tmp
    03/03/2007  05:58 PM             3,696 Microsoft Office 2003 Setup(0001).txt
    03/03/2007  05:58 PM           430,420 Microsoft Office 2003 Setup(0001)_Task(0001).txt
    03/03/2007  05:55 PM            37,540 offcln11.log
                 126 File(s)    106,039,894 bytes
                   0 Dir(s)   9,986,547,712 bytes free
    Thanks in advance

  2. #2
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: My Logfile - Virus

    Welcome to HijackThis.de 0x01,

    You are describing an autorun type infection. No infection showing in these views, so let's apply a tool to correct some of that autorun change there then run a different check here. The logs do show you having both AVG and McAfee installed, which will lead to conflicts and other issues if left like that. You do need to choose one, disable both, then uninstall the other. Be sure to reboot after any install/uninstall changes are made.

    Before you do that Go here and download Flash_Disinfector.exe and save it to your desktop.

    Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program.

    The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.

    ----------------------------

    Then I would like to check one file that created a Prefetch restart file there, if it exists.

    Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

    Just go here, press new topic, fill in the needed details and just give a link to your post back here. Then press the browse button and then navigate to & select the file on your computer.

    SSPM.VSHOST.EXE

    You DO NOT need to be a member to upload, anybody can upload the files. Once you have done the upload you will not be able to see the file you just posted, which is okay. If you cannot locate the file that is okay as well - just move to the next step.

    -------------------------------

    Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

    Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

    "%userprofile%\desktop\dss.exe" /config

    When the DSS Configuration display opens click the "Check All" button. Next, Under Main Log, uncheck the following:

    System Restore
    Temp Cleanup
    Process Modules

    Then under Options, place a check next to the following:

    Backup Registry Hives

    Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

    Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a the second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

  3. #3
    Einsteiger
    Registriert seit
    04.03.2008
    Beiträge
    17

    AW: My Logfile - Virus

    Thank you Jintan,

    I'm afraid i can't find the file "SSPM.VSHOST.EXE" in my System just the prefetch file it looks like the McAfee's On-Access Scanner deleted it or something but i can't find the file in any of the logs, Sorry.

    I have un-installed one of the AV.

    And the Autorun issue is now fixed Thank you!

    Here's the log of DDS:

    Main.txt

    Code:
    Deckard's System Scanner v20071014.68
    Run by Administrator on 2007-03-05 00:03:35
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------
    
    Backed up registry hives.
    
    
    
    -- HijackThis (run as Administrator.exe) ---------------------------------------
    
    Logfile of HijackThis v1.99.1
    Scan saved at 12:05:09 AM, on 3/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    K:\WINDOWS\System32\smss.exe
    K:\WINDOWS\system32\winlogon.exe
    K:\WINDOWS\system32\services.exe
    K:\WINDOWS\system32\lsass.exe
    K:\WINDOWS\system32\svchost.exe
    K:\WINDOWS\System32\svchost.exe
    K:\WINDOWS\system32\spoolsv.exe
    K:\Program Files\Bonjour\mDNSResponder.exe
    K:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    K:\WINDOWS\system32\nvsvc32.exe
    k:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    K:\WINDOWS\system32\RUNDLL32.EXE
    K:\WINDOWS\RTHDCPL.EXE
    K:\Program Files\Winamp\winampa.exe
    K:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    K:\Program Files\DAEMON Tools\daemon.exe
    K:\Program Files\Messenger\msmsgs.exe
    K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    K:\WINDOWS\System32\svchost.exe
    K:\WINDOWS\system32\svchost.exe
    K:\Program Files\McAfee\Common Framework\FrameworkService.exe
    K:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    K:\Program Files\McAfee\Common Framework\UdaterUI.exe
    K:\Program Files\McAfee\Common Framework\McTray.exe
    K:\Program Files\Winamp\winamp.exe
    K:\WINDOWS\system32\WISPTIS.EXE
    K:\WINDOWS\system32\dwwin.exe
    K:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    K:\WINDOWS\explorer.exe
    K:\Documents and Settings\Administrator\desktop\dss.exe
    K:\DOCUME~1\ADMINI~1\Desktop\Administrator.exe
    K:\Program Files\Notepad++\notepad++.exe
    
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - K:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - K:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - K:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - K:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "K:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WinampAgent] "K:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [] C:\Program Files\Common Files\Services\svchost.exe
    O4 - HKLM\..\Run: [ShStatEXE] "K:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "K:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKCU\..\Run: [DAEMON Tools] "K:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MSMSGS] "K:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = K:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: Download Using &BitSpirit - K:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: k:\program files\bonjour\mdnsnsp.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - K:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - K:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - K:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - K:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - K:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - K:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - K:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - k:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    
    
    -- File Associations -----------------------------------------------------------
    
    .ini - Notepad++_file - DefaultIcon - unable to read value
    .ini - Notepad++_file - shell\open\command - "K:\Program Files\Notepad++\notepad++.exe" "%1"
    .js - Notepad++_file - DefaultIcon - unable to read value
    .js - Notepad++_file - shell\open\command - "K:\Program Files\Notepad++\notepad++.exe" "%1"
    .txt - Notepad++_file - DefaultIcon - unable to read value
    .txt - Notepad++_file - shell\open\command - "K:\Program Files\Notepad++\notepad++.exe" "%1"
    
    
    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
    
    R1 SCDEmu - k:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    R4 AvgRkx86 (avgrkx86.sys) - k:\windows\system32\drivers\avgrkx86.sys (file missing)
    R4 AvgTdiX (AVG8 Network Redirector) - k:\windows\system32\drivers\avgtdix.sys (file missing)
    
    S3 ssm_bus (Samsung Mobile USB Device II 1.0 driver (WDM)) - k:\windows\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
    S3 ssm_mdfl (Samsung Mobile USB Modem II 1.0 Filter) - k:\windows\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
    S3 ssm_mdm (Samsung Mobile USB Modem II 1.0 Drivers) - k:\windows\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
    
    
    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
    
    R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "k:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    R3 ServiceLayer - "k:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
    
    S3 FLEXnet Licensing Service - "k:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    
    
    -- Device Manager: Disabled ----------------------------------------------------
    
    No disabled devices found.
    
    
    -- Files created between 2007-02-05 and 2007-03-05 -----------------------------
    
    2008-03-03 15:30:20         0 d-------- K:\Documents and Settings\All Users\Application Data\PC Suite
    2008-03-03 15:30:20         0 d-------- K:\Documents and Settings\Administrator\Application Data\Nokia
    2008-03-03 15:30:06         0 d-------- K:\Program Files\Common Files\PCSuite
    2008-03-03 15:30:06         0 d-------- K:\Program Files\Common Files\Nokia
    2008-03-03 15:29:55         0 d-------- K:\Program Files\DIFX
    2008-03-03 15:29:38         0 d-------- K:\Documents and Settings\Administrator\Application Data\PC Suite
    2008-03-03 15:29:33         0 d-------- K:\Program Files\PC Connectivity Solution
    2008-03-03 15:29:20         0 d-------- K:\Program Files\Nokia
    2008-03-03 07:50:19         0 d-------- K:\Documents and Settings\Administrator\Application Data\Dev-Cpp
    2008-03-03 07:49:59         0 d-------- K:\Dev-Cpp
    2008-03-02 11:26:11         0 d-------- K:\Documents and Settings\Administrator\dwhelper
    2008-03-02 05:49:31         0 d--h----- K:\WINDOWS\PIF
    2008-03-02 04:51:00         0 d-------- K:\Program Files\MySQL
    2008-03-02 04:10:39         0 d-------- K:\Program Files\Google
    2008-03-02 03:48:18         0 d-------- K:\Program Files\VTFEdit
    2008-03-02 03:47:27         0 d-------- K:\Program Files\GCFScape
    2008-03-02 02:05:15         0 d-------- K:\Program Files\uTorrent
    2008-03-02 02:05:09         0 d-------- K:\Documents and Settings\Administrator\Application Data\uTorrent
    2008-03-02 01:38:24         0 d-------- K:\Program Files\Silkroad
    2008-03-02 01:31:22         0 d-------- K:\Downloads
    2008-03-01 22:56:33     98304 --a------ K:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
    2008-03-01 14:19:29         0 d-------- K:\Program Files\BitSpirit
    2008-03-01 13:09:40         0 d-------- K:\Program Files\Remotesoft
    2008-03-01 11:56:07         0 d-------- K:\Documents and Settings\Administrator\Contacts
    2008-03-01 11:54:48         0 d------c- K:\WINDOWS\system32\DRVSTORE
    2008-03-01 11:54:14         0 d-------- K:\Program Files\MSN Messenger
    2008-03-01 11:44:40         0 d-------- K:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-03-01 11:44:22         0 d-------- K:\Program Files\Yahoo!
    2008-03-01 11:41:36         0 d-------- K:\Documents and Settings\Administrator\Application Data\dvdcss
    2008-03-01 11:41:21         0 d-------- K:\Documents and Settings\Administrator\Application Data\vlc
    2008-03-01 08:18:41         0 d-------- K:\WINDOWS\Sun
    2008-03-01 08:18:41         0 d-------- K:\Documents and Settings\Administrator\Application Data\Sun
    2008-03-01 06:51:15         0 d-------- K:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2008-03-01 06:47:48         0 d-------- K:\Program Files\MSDN
    2008-03-01 06:41:33         0 d-------- K:\Program Files\Microsoft SQL Server
    2008-03-01 06:41:08         0 d-------- K:\Program Files\Microsoft Device Emulator
    2008-03-01 06:41:02         0 d-------- K:\Program Files\Microsoft SQL Server 2005 Mobile Edition
    2008-03-01 06:38:41         0 d-------- K:\Program Files\Hexprobe
    2008-03-01 06:37:37         0 d-------- K:\Program Files\URUSoft
    2008-03-01 06:35:36         0 d-------- K:\Program Files\MSBuild
    2008-03-01 06:29:57         0 d-------- K:\WINDOWS\Symbols
    2008-03-01 06:29:57         0 d-------- K:\Program Files\Microsoft.NET
    2008-03-01 06:29:57         0 d-------- K:\Program Files\HTML Help Workshop
    2008-03-01 06:29:57         0 d-------- K:\Program Files\Common Files\Business Objects
    2008-03-01 06:29:57         0 d-------- K:\Program Files\CE Remote Tools
    2008-03-01 06:29:57         0 d-------- K:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
    2008-03-01 06:29:56         0 d-------- K:\Program Files\Common Files\Merge Modules
    2008-03-01 06:28:02         0 d-------- K:\Program Files\Microsoft Visual Studio 8
    2008-03-01 06:28:02         0 d-------- K:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-01 06:09:30         0 d-------- K:\Program Files\Notepad++
    2008-03-01 06:09:30         0 d-------- K:\Documents and Settings\Administrator\Application Data\Notepad++
    2008-03-01 06:05:49         0 d-------- K:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-01 06:01:35         0 d-------- K:\Documents and Settings\All Users\Application Data\Adobe
    2008-03-01 06:00:52         0 d-------- K:\Program Files\Bonjour
    2008-03-01 05:54:21         0 d-------- K:\Program Files\Common Files\Macrovision Shared
    2008-03-01 05:52:36         0 d-------- K:\Program Files\Common Files\Adobe
    2008-03-01 05:49:06         0 d-------- K:\Documents and Settings\All Users\Application Data\Macromedia
    2008-03-01 05:49:02         0 d-------- K:\Program Files\Macromedia
    2008-03-01 05:49:02         0 d-------- K:\Program Files\Common Files\Macromedia
    2008-03-01 05:48:34         0 d-------- K:\WINDOWS\Downloaded Installations
    2008-03-01 05:47:40         0 d-------- K:\Program Files\DAEMON Tools
    2008-03-01 05:34:34         0 d-------- K:\Program Files\DFX
    2008-03-01 05:30:54         0 d-------- K:\Program Files\Java
    2008-03-01 05:30:53         0 d-------- K:\Program Files\Common Files\Java
    2008-03-01 05:15:14         0 d-------- K:\Documents and Settings\Administrator\Application Data\Macromedia
    2008-03-01 05:15:14         0 d-------- K:\Documents and Settings\Administrator\Application Data\Adobe
    2008-03-01 05:15:10      1158 --a------ K:\WINDOWS\mozver.dat
    2008-03-01 05:13:18         0 --a------ K:\WINDOWS\nsreg.dat
    2008-03-01 05:13:16         0 d-------- K:\Documents and Settings\Administrator\Application Data\Mozilla
    2008-03-01 04:52:17         0 d-------- K:\WINDOWS\RegisteredPackages
    2008-03-01 04:51:22         0 d-------- K:\Documents and Settings\Administrator\Application Data\pe explorer
    2008-03-01 04:51:08         0 d-------- K:\Program Files\Winamp
    2008-03-01 04:51:08         0 d-------- K:\Documents and Settings\Administrator\Application Data\Winamp
    2008-03-01 04:50:03         0 d-------- K:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-03-01 04:49:55    217088 --a------ K:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
    2008-03-01 04:49:55    180224 --a------ K:\WINDOWS\system32\xvidvfw.dll
    2008-03-01 04:49:55    765952 --a------ K:\WINDOWS\system32\xvidcore.dll
    2008-03-01 04:49:55    654848 --a------ K:\WINDOWS\system32\x264vfw.dll
    2008-03-01 04:49:55    630784 --a------ K:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
    2008-03-01 04:49:55    438272 --a------ K:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
    2008-03-01 04:49:55    144384 --a------ K:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
    2008-03-01 04:49:55    217088 --a------ K:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
    2008-03-01 04:49:55     39936 --a------ K:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
    2008-03-01 04:49:54   3596288 --a------ K:\WINDOWS\system32\qt-dx331.dll
    2008-03-01 04:49:54    196608 --a------ K:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-03-01 04:49:54     73728 --a------ K:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-03-01 04:49:54    639066 --a------ K:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
    2008-03-01 04:49:53     10752 --a------ K:\WINDOWS\system32\ff_vfw.dll
    2008-03-01 04:49:52         0 d-------- K:\Program Files\K-Lite Codec Pack
    2008-03-01 04:49:52         0 d-------- K:\Documents and Settings\All Users\Application Data\Real
    2008-03-01 04:49:52         0 d-------- K:\Documents and Settings\Administrator\Application Data\Real
    2008-03-01 04:47:05         0 d-------- K:\Program Files\VideoLAN
    2008-03-01 04:45:58         0 d-------- K:\Program Files\PE Explorer
    2008-03-01 04:42:59         0 d-------- K:\WINDOWS\system32\URTTemp
    2008-03-01 04:41:08         0 d-------- K:\Program Files\PowerISO
    2008-03-01 04:40:49         0 d-------- K:\Documents and Settings\Administrator\Application Data\WinRAR
    2008-03-01 04:40:07    682232 --a------ K:\WINDOWS\system32\drivers\sptd.sys
    2008-03-01 03:57:24         0 d--hs---- K:\WINDOWS\Installer
    2008-03-01 03:57:23         0 d-------- K:\Program Files\Common Files\ODBC
    2008-03-01 03:57:20         0 d-------- K:\Program Files\Common Files\SpeechEngines
    2008-03-01 03:57:19         0 dr------- K:\Program Files
    2008-03-01 03:57:19         0 d-------- K:\Program Files\Common Files
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\Default User\Templates
    2008-03-01 03:56:54         0 dr------- K:\Documents and Settings\Default User\Start Menu
    2008-03-01 03:56:54         0 dr-h----- K:\Documents and Settings\Default User\SendTo
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\Default User\Recent
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\Default User\PrintHood
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\Default User\NetHood
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\Default User\My Documents
    2008-03-01 03:56:54         0 dr-h----- K:\Documents and Settings\Default User\Local Settings
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\Default User\Favorites
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\Default User\Desktop
    2008-03-01 03:56:54         0 d---s---- K:\Documents and Settings\Default User\Cookies
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\All Users\Templates
    2008-03-01 03:56:54         0 dr------- K:\Documents and Settings\All Users\Start Menu
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\All Users\Favorites
    2008-03-01 03:56:54         0 dr------- K:\Documents and Settings\All Users\Documents
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\All Users\Desktop
    2008-03-01 03:56:43         0 d-------- K:\WINDOWS\system32\CatRoot2
    2008-03-01 03:56:43         0 d-------- K:\WINDOWS\system32\CatRoot
    2008-03-01 03:56:38         0 dr-h----- K:\Documents and Settings\Default User\Application Data
    2008-03-01 03:56:38         0 d---s---- K:\Documents and Settings\Default User\Application Data\Microsoft
    2008-03-01 03:56:37         0 dr-h----- K:\Documents and Settings\All Users\Application Data
    2008-03-01 03:56:37         0 d---s---- K:\Documents and Settings\All Users\Application Data\Microsoft
    2008-03-01 03:56:15         0 d-------- K:\Documents and Settings
    2008-03-01 03:56:14         0 d--hs---- K:\System Volume Information
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\WinSxS
    2008-03-01 03:51:49         0 dr------- K:\WINDOWS\Web
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\twain_32
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\wins
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\wbem
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\usmt
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\spool
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\ShellExt
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\Setup
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\ras
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\oobe
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\npp
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\mui
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\inetsrv
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\IME
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\icsxml
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\ias
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\export
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\drivers
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\drivers\etc
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\drivers\disdn
    2008-03-01 03:51:49         0 dr-hs--c- K:\WINDOWS\system32\dllcache
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\dhcp
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\config
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\3com_dmi
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\3076
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\2052
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1054
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1042
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1041
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1037
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1033
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1031
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1028
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1025
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\security
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Resources
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\repair
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Provisioning
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\PeerNet
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\pchealth
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\mui
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\msapps
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\msagent
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Media
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\java
    2008-03-01 03:51:49         0 d--h----- K:\WINDOWS\inf
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\ime
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Help
    2008-03-01 03:51:49         0 dr--s---- K:\WINDOWS\Fonts
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\ehome
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Driver Cache
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Debug
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Cursors
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Connection Wizard
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Config
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\AppPatch
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\addins
    2008-03-01 02:34:11         0 d-------- K:\WINDOWS\OPTIONS
    2008-03-01 02:34:08         0 d-------- K:\Documents and Settings\Administrator\Application Data\InstallShield
    2008-03-01 02:34:01         0 d-------- K:\WINDOWS\system32\Lang
    2008-03-01 02:31:23     49152 --a------ K:\WINDOWS\system32\ChCfg.exe
    2008-03-01 02:31:11         0 d-------- K:\WINDOWS\system32\RTCOM
    2008-03-01 02:31:02         0 d-------- K:\Program Files\Realtek
    2008-03-01 02:31:02         0 d--h----- K:\Program Files\InstallShield Installation Information
    2008-03-01 02:30:59    499712 --a------ K:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
    2008-03-01 02:30:07         0 d-------- K:\WINDOWS\system32\ReinstallBackups
    2008-03-01 02:30:06         0 d-------- K:\Program Files\Intel
    2008-03-01 02:29:26         0 d-------- K:\WINDOWS\nview
    2008-03-01 02:29:10         0 d-------- K:\Program Files\Common Files\InstallShield
    2008-03-01 02:20:32         0 d-------- K:\Documents and Settings\Administrator\Application Data\Identities
    2008-03-01 02:20:24         0 d--h----- K:\Documents and Settings\Administrator\Templates
    2008-03-01 02:20:24         0 dr------- K:\Documents and Settings\Administrator\Start Menu
    2008-03-01 02:20:24         0 dr-h----- K:\Documents and Settings\Administrator\SendTo
    2008-03-01 02:20:24         0 dr-h----- K:\Documents and Settings\Administrator\Recent
    2008-03-01 02:20:24         0 d--h----- K:\Documents and Settings\Administrator\PrintHood
    2008-03-01 02:20:24   3145728 --ah----- K:\Documents and Settings\Administrator\NTUSER.DAT
    2008-03-01 02:20:24         0 d--h----- K:\Documents and Settings\Administrator\NetHood
    2008-03-01 02:20:24         0 dr------- K:\Documents and Settings\Administrator\My Documents
    2008-03-01 02:20:24         0 d--h----- K:\Documents and Settings\Administrator\Local Settings
    2008-03-01 02:20:24         0 dr------- K:\Documents and Settings\Administrator\Favorites
    2008-03-01 02:20:24         0 d-------- K:\Documents and Settings\Administrator\Desktop
    2008-03-01 02:20:24         0 d---s---- K:\Documents and Settings\Administrator\Cookies
    2008-03-01 02:20:24         0 dr-h----- K:\Documents and Settings\Administrator\Application Data
    2008-03-01 02:18:41         0 d-------- K:\WINDOWS\SoftwareDistribution
    2008-03-01 02:18:39         0 d---s---- K:\WINDOWS\system32\Microsoft
    2008-03-01 02:18:39         0 d-------- K:\WINDOWS\Prefetch
    2008-03-01 02:18:38    229376 --ah----- K:\Documents and Settings\LocalService\NTUSER.DAT
    2008-03-01 02:18:38         0 d--h----- K:\Documents and Settings\LocalService\Local Settings
    2008-03-01 02:18:38         0 d---s---- K:\Documents and Settings\LocalService\Cookies
    2008-03-01 02:18:38         0 d-------- K:\Documents and Settings\LocalService\Application Data
    2008-03-01 02:18:38         0 d---s---- K:\Documents and Settings\LocalService\Application Data\Microsoft
    2008-03-01 02:18:24    229376 --ah----- K:\Documents and Settings\NetworkService\NTUSER.DAT
    2008-03-01 02:18:24         0 d--h----- K:\Documents and Settings\NetworkService\Local Settings
    2008-03-01 02:18:24         0 d---s---- K:\Documents and Settings\NetworkService\Cookies
    2008-03-01 02:18:24         0 d-------- K:\Documents and Settings\NetworkService\Application Data
    2008-03-01 02:18:24         0 d---s---- K:\Documents and Settings\NetworkService\Application Data\Microsoft
    2008-03-01 02:15:49         0 d-------- K:\WINDOWS\system32\xircom
    2008-03-01 02:15:48         0 d-------- K:\Program Files\microsoft frontpage
    2008-03-01 02:15:39    229376 ---h----- K:\Documents and Settings\Default User\NTUSER.DAT
    2008-03-01 02:14:40         0 d--hs---- K:\Documents and Settings\All Users\DRM
    2008-03-01 02:14:30         0 dr------- K:\WINDOWS\Offline Web Pages
    2008-03-01 02:14:30         0 d---s---- K:\WINDOWS\Downloaded Program Files
    2008-03-01 02:14:20         0 d--h----- K:\Program Files\WindowsUpdate
    2008-03-01 02:14:02         0 d-------- K:\WINDOWS\system32\DirectX
    2008-03-01 02:13:30         0 d---s---- K:\WINDOWS\Tasks
    2008-03-01 02:13:29         0 d-------- K:\Program Files\Common Files\MSSoap
    2008-03-01 02:13:26         0 d-------- K:\WINDOWS\system32\Macromed
    2008-03-01 02:13:26         0 d-------- K:\WINDOWS\srchasst
    2008-03-01 02:13:19         0 d-------- K:\Program Files\Movie Maker
    2008-03-01 02:13:12         0 d-------- K:\WINDOWS\system32\Restore
    2008-03-01 02:12:34     21640 --a------ K:\WINDOWS\system32\emptyregdb.dat
    2008-03-01 02:12:20         0 d-------- K:\WINDOWS\Registration
    2008-03-01 02:12:14         0 d-------- K:\Program Files\Online Services
    2008-03-01 02:12:09         0 d-------- K:\Program Files\Messenger
    2008-03-01 02:12:06         0 d-------- K:\Program Files\MSN Gaming Zone
    2008-03-01 02:11:32         0 d-------- K:\Program Files\Windows NT
    2008-03-01 02:11:29         0 d-------- K:\WINDOWS\system32\MsDtc
    2008-03-01 02:11:27         0 d-------- K:\WINDOWS\system32\Com
    2007-12-05 01:41:00   1626112 --a------ K:\WINDOWS\system32\nwiz.exe
    2007-12-05 01:41:00   1019904 --a------ K:\WINDOWS\system32\nvwimg.dll
    2007-12-05 01:41:00   1703936 --a------ K:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 01:41:00    466944 --a------ K:\WINDOWS\system32\nvshell.dll
    2007-12-05 01:41:00   1474560 --a------ K:\WINDOWS\system32\nview.dll
    2007-12-05 01:41:00   1339392 --a------ K:\WINDOWS\system32\nvdspsch.exe
    2007-12-05 01:41:00    442368 --a------ K:\WINDOWS\system32\nvappbar.exe
    2007-12-05 01:41:00    425984 --a------ K:\WINDOWS\system32\keystone.exe
    2007-03-21 20:54:16     69632 --a------ K:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
    2007-03-21 20:54:16     48560 --a------ K:\WINDOWS\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
    2007-03-21 20:54:16     77312 --a------ K:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
    2007-03-04 23:58:06         0 drahs---- K:\autorun.inf
    2007-03-04 23:56:22         0 d-------- K:\Documents and Settings\All Users\Application Data\Avg8
    2007-03-04 17:11:28         0 d-------- K:\masm32
    2007-03-04 16:28:36         0 d-------- K:\Documents and Settings\Administrator\Application Data\AdobeUM
    2007-03-04 15:08:01         0 d-------- K:\WINDOWS\Cache
    2007-03-04 10:22:53         0 d---s---- K:\Documents and Settings\Administrator\UserData
    2007-03-04 10:19:20         0 d-------- K:\Documents and Settings\Administrator\.housecall6.6
    2007-03-04 09:39:51         0 d-------- K:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
    2007-03-04 09:39:44         0 d-------- K:\Program Files\AVG
    2007-03-04 08:48:28         0 d-------- K:\QUARANTINE
    2007-03-04 08:27:41   1495552 --a------ K:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
    2007-03-04 08:27:41         0 d-------- K:\Program Files\Common Files\Cisco Systems
    2007-03-04 08:27:40         0 d-------- K:\Documents and Settings\All Users\Application Data\McAfee
    2007-03-04 08:26:57         0 d-------- K:\Program Files\McAfee
    2007-03-04 08:26:57         0 d-------- K:\Program Files\Common Files\McAfee
    2007-03-04 07:17:26         0 d-------- K:\WINDOWS\system32\LogFiles
    2007-03-03 17:58:50    126976 --a------ K:\WINDOWS\system32\WideToolkit.dll
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncSweden.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncSpanish.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncRussian.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncPortuguese.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    843776 --a------ K:\WINDOWS\system32\WideSyncOutlook.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    208896 --a------ K:\WINDOWS\system32\WideSyncManager.dll <Not Verified; ; WideSyncManager ?? ?? ?????>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncItalian.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncGerman.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    794708 --a------ K:\WINDOWS\system32\WideSyncGanChe.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncFrench.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncDutch.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    794708 --a------ K:\WINDOWS\system32\WideSyncBunChe.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncBrazilian.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50     32768 --a------ K:\WINDOWS\system32\WideSyncAdminAdapter.dll <Not Verified; ; WideSyncAdminAdapter ?? ?? ?????>
    2007-03-03 17:58:50    270336 --a------ K:\WINDOWS\system32\WideDBAdapter.dll <Not Verified; ; WideDBAdapter ?? ?? ?????>
    2007-03-03 17:58:50    122880 --a------ K:\WINDOWS\system32\regdrop.exe
    2007-03-03 17:58:50     45056 --a------ K:\WINDOWS\system32\ObexLib.dll <Not Verified; ; ObexLib ?? ?? ?????>
    2007-03-03 17:56:48         0 d-------- K:\Program Files\Common Files\L&H
    2007-03-03 17:56:34         0 d-------- K:\Program Files\Microsoft ActiveSync
    2007-03-03 17:55:59         0 d-------- K:\Program Files\Microsoft Works
    2007-03-03 17:55:41         0 d-------- K:\WINDOWS\SHELLNEW
    2007-03-03 17:54:32      5776 --a------ K:\WINDOWS\system32\drivers\ssm_whnt.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
    2007-03-03 17:54:32      5776 --a------ K:\WINDOWS\system32\drivers\ssm_wh.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
    2007-03-03 17:54:32     84512 --a------ K:\WINDOWS\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
    2007-03-03 17:54:32      6096 --a------ K:\WINDOWS\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
    2007-03-03 17:54:32      6112 --a------ K:\WINDOWS\system32\drivers\ssm_cmnt.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
    2007-03-03 17:54:32      6112 --a------ K:\WINDOWS\system32\drivers\ssm_cm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
    2007-03-03 17:54:32     52416 --a------ K:\WINDOWS\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
    2007-03-03 17:52:24    556544 -----n--- K:\WINDOWS\system32\NexPlayerX.dll <Not Verified; NEXTREAMING; NexPlayerX Module>
    2007-03-03 17:52:19    294912 --a------ K:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    166672 --a------ K:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    250128 --a------ K:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    168720 --a------ K:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19   1238288 --a------ K:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    252688 --a------ K:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    344064 --a------ K:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:18     44304 --a------ K:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:18     39424 --a------ K:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
    2007-03-03 17:52:15         0 d-------- K:\Program Files\Samsung
    2007-02-13 16:22:54    947472 --a------ K:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    
    
    -- Find3M Report ---------------------------------------------------------------
    
    2008-03-01 03:56:54        62 --ahs---- K:\Documents and Settings\Administrator\Application Data\desktop.ini
    2007-03-04 09:22:53         0 --a------ K:\Documents and Settings\Administrator\Application Data\.googlewebacchosts
    
    
    -- Registry Dump ---------------------------------------------------------------
    
    *Note* empty entries & legit default entries are not shown
    
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="K:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 03:07 AM]
    "PHIME2002ASync"="K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 03:07 AM]
    "PHIME2002A"="K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 03:07 AM]
    "NvCplDaemon"="K:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
    "nwiz"="nwiz.exe" [12/05/2007 01:41 AM K:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="K:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
    "RTHDCPL"="RTHDCPL.EXE" [11/14/2006 11:21 AM K:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [05/16/2006 12:04 PM K:\WINDOWS\SkyTel.exe]
    "Alcmtr"="ALCMTR.EXE" [05/03/2005 12:43 PM K:\WINDOWS\Alcmtr.exe]
    "WinampAgent"="K:\Program Files\Winamp\winampa.exe" [10/10/2007 07:28 AM]
    "SunJavaUpdateSched"="K:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
    "PCSuiteTrayApplication"="K:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [01/23/2007 11:19 AM]
    "@"="C:\Program Files\Common Files\Services\svchost.exe" []
    "ShStatEXE"="K:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [10/16/2007 08:50 PM]
    "McAfeeUpdaterUI"="K:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="K:\Program Files\DAEMON Tools\daemon.exe" [04/04/2007 12:29 AM]
    "MSMSGS"="K:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
    "ctfmon.exe"="K:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:07 AM]
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"=K:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    
    K:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Run Google Web Accelerator.lnk - K:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/9/2007 10:24:38 PM]
    
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94de3159-e7d9-11dc-bc4b-001a4d211b0e}]
    Auto\command- N:\IO.pif
    AutoRun\command- K:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL IO.pif
    
    *Newly Created Service* - AVGLDX86
    *Newly Created Service* - AVGRKX86
    *Newly Created Service* - AVGTDIX
    *Newly Created Service* - MCAFEEFRAMEWORK
    *Newly Created Service* - MCSHIELD
    *Newly Created Service* - MCTASKMANAGER
    *Newly Created Service* - MFEAPFK
    *Newly Created Service* - MFEAVFK
    *Newly Created Service* - MFEBOPK
    *Newly Created Service* - MFEHIDK
    *Newly Created Service* - MFEHIDK01
    *Newly Created Service* - MFERKDK
    *Newly Created Service* - MFETDIK
    *Newly Created Service* - TMCOMM
    
    
    
    -- End of Deckard's System Scanner: finished at 2007-03-05 00:07:18 ------------
    Extra.txt

    Code:
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------
    
    -- System Information ----------------------------------------------------------
    
    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English
    
    CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz
    Percentage of Memory in Use: 29%
    Physical Memory (total/avail): 2047.48 MiB / 1443.66 MiB
    Pagefile Memory (total/avail): 3939.97 MiB / 3448.56 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1915.82 MiB
    
    C: is Removable (FAT32)
    D: is Fixed (NTFS) - 36.14 GiB total, 0.92 GiB free. 
    E: is Fixed (NTFS) - 23.73 GiB total, 0.85 GiB free. 
    F: is Fixed (FAT32) - 14.64 GiB total, 0.69 GiB free. 
    G: is Fixed (NTFS) - 44.42 GiB total, 3.53 GiB free. 
    H: is Fixed (NTFS) - 147.9 GiB total, 2.57 GiB free. 
    I: is Fixed (FAT32) - 84.96 GiB total, 0.79 GiB free. 
    J: is Fixed (NTFS) - 149.04 GiB total, 1.85 GiB free. 
    K: is Fixed (NTFS) - 30.11 GiB total, 8.05 GiB free. 
    L: is CDROM (No Media)
    M: is CDROM (No Media)
    
    \\.\PHYSICALDRIVE2 - WDC WD1600AVBS-63SVA0 - 149.05 GiB - 1 partition
      \PARTITION0 - Extended w/Extended Int 13 - 149.04 GiB - J:
    
    \\.\PHYSICALDRIVE3 - WDC WD2500JS-00MVB1 - 232.88 GiB - 2 partitions
      \PARTITION0 - Extended w/Extended Int 13 - 232.88 GiB - H: - I:
    
    \\.\PHYSICALDRIVE1 - WDC WD800BB-00JHC0 - 74.53 GiB - 3 partitions
      \PARTITION0 (bootable) - Unknown - 14.65 GiB - F:
      \PARTITION1 - Extended w/Extended Int 13 - 59.87 GiB - D: - E:
    
    \\.\PHYSICALDRIVE0 - WDC WD800BB-08JHC0 - 74.53 GiB - 2 partitions
      \PARTITION0 (bootable) - Installable File System - 30.11 GiB - K:
      \PARTITION1 - Extended w/Extended Int 13 - 44.42 GiB - G:
    
    \\.\PHYSICALDRIVE4 - Kingston DataTraveler 2.0 USB Device - 486.34 MiB - 1 partition
      \PARTITION0 (bootable) - Unknown - 488.97 MiB - C:
    
    
    
    -- Security Center -------------------------------------------------------------
    
    AUOptions is disabled.
    Windows Internal Firewall is disabled.
    
    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.
    UpdatesDisableNotify is set.
    
    AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.) Outdated
    
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "K:\\Program Files\\MSN Messenger\\msnmsgr.exe"="K:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "K:\\Program Files\\MSN Messenger\\livecall.exe"="K:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "K:\\Program Files\\Bonjour\\mDNSResponder.exe"="K:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "K:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="K:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "K:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="K:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "K:\\Program Files\\MSN Messenger\\msnmsgr.exe"="K:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "K:\\Program Files\\MSN Messenger\\livecall.exe"="K:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "K:\\Program Files\\BitSpirit\\BitSpirit.exe"="K:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
    "K:\\Program Files\\uTorrent\\uTorrent.exe"="K:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    
    
    -- Environment Variables -------------------------------------------------------
    
    ALLUSERSPROFILE=K:\Documents and Settings\All Users
    APPDATA=K:\Documents and Settings\Administrator\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=K:\Program Files\Common Files
    COMPUTERNAME=D4RKNESS-E00FBC
    ComSpec=K:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=K:
    HOMEPATH=\Documents and Settings\Administrator
    include=K:\Program Files\Microsoft Visual Studio\VC98\atl\include;K:\Program Files\Microsoft Visual Studio\VC98\mfc\include;K:\Program Files\Microsoft Visual Studio\VC98\include
    lib=K:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;K:\Program Files\Microsoft Visual Studio\VC98\lib
    LOGONSERVER=\\D4RKNESS-E00FBC
    MSDevDir=K:\Program Files\Microsoft Visual Studio\Common\MSDev98
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=K:\Program Files\PC Connectivity Solution\;K:\WINDOWS\system32;K:\WINDOWS;K:\WINDOWS\System32\Wbem;k:\Program Files\Microsoft SQL Server\90\Tools\binn\;K:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;K:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;K:\Program Files\Microsoft Visual Studio\Common\Tools;K:\Program Files\Microsoft Visual Studio\VC98\bin
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0409
    ProgramFiles=K:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=K:
    SystemRoot=K:\WINDOWS
    TEMP=K:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    TMP=K:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    USERDOMAIN=D4RKNESS-E00FBC
    USERNAME=Administrator
    USERPROFILE=K:\Documents and Settings\Administrator
    VS80COMNTOOLS=K:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
    windir=K:\WINDOWS
    
    
    -- User Profiles ---------------------------------------------------------------
    
    Administrator (admin)
    
    
    -- Add/Remove Programs ---------------------------------------------------------
    
     --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 K:\WINDOWS\INF\PCHealth.inf
    µTorrent --> "K:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Dreamweaver CS3 --> K:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
    Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
    Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
    Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3 --> K:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
    Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
    Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
    Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
    Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
    Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    BitSpirit v3.2.2.215 Stable --> "K:\Program Files\BitSpirit\unins000.exe"
    Dev-C++ 5 beta 9 release (4.9.9.2) --> "K:\Dev-Cpp\uninstall.exe"
    DFX 8 for Winamp --> "K:\Program Files\Winamp\uninstall_dfx.exe"
    GCFScape 1.6.2 --> "K:\Program Files\GCFScape\unins000.exe"
    Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
    Hexprobe 3.2 --> "K:\Program Files\Hexprobe\unins000.exe"
    High Definition Audio Driver Package - KB888111 --> "K:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 1.99.1 --> K:\Documents and Settings\Administrator\Desktop\HijackThis.exe /uninstall
    J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    K-Lite Mega Codec Pack 2.00 --> "K:\Program Files\K-Lite Codec Pack\unins000.exe"
    Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
    Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
    Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
    Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
    McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
    Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
    Microsoft Document Explorer 2005 --> K:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
    Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft SQL Server 2005 --> "k:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
    Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
    Microsoft SQL Server Native Client --> MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
    Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
    Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 6.0 Standard Edition --> "K:\Program Files\Microsoft Visual Studio\VC98\Setup\1033\Setup.exe"
    Microsoft Visual J# 2.0 Redistributable Package --> K:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Microsoft Visual Studio 2005 Professional Edition - ENU --> K:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
    Mozilla Firefox (2.0.0.12) --> K:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSDN Library for Visual Studio 2005 --> msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
    MSDN Library for Visual Studio 2005 --> MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
    MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
    MySQL Connector/Net 5.0.8.1 --> "K:\Program Files\MySQL\MySQL Connector Net 5.0.8.1\unins000.exe"
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{3675AD63-CF95-4778-B981-225FB9225D7C}
    Nokia PC Suite --> MsiExec.exe /I{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC}
    Notepad++ --> K:\Program Files\Notepad++\uninstall.exe
    NVIDIA Drivers --> K:\WINDOWS\system32\nvuninst.exe UninstallGUI
    PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
    PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PE Explorer 1.98 R2 --> "K:\Program Files\PE Explorer\unins000.exe"
    PowerISO --> "K:\Program Files\PowerISO\uninstall.exe"
    REALTEK GbE & FE Ethernet PCI-E NIC Driver --> K:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.exe -runfromtemp -l0x0009 -removeonly
    Realtek High Definition Audio Driver --> RunDll32 K:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9  -removeonly
    Remotesoft .NET Explorer --> MsiExec.exe /I{3E3739CA-E65C-404C-B0F4-BD206E2C2DD5}
    Samsung Mobile USB Modem Software --> K:\Program Files\SAMSUNG\Samsung Mobile USB Modem\SSM_Uninstall.exe
    Samsung PC Studio II 2.0 PIMS & File Manager --> RunDll32 K:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{D4E01931-9B3F-49BD-B19B-511000A1E039}\Setup.exe" -l0x9 
    Samsung USB Driver (MCCI 4.24) --> K:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795} 
    Silkroad --> K:\Program Files\Silkroad\Remove.Exe
    Subtitle Workshop 2.51 --> "K:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
    VideoLAN VLC media player 0.8.6a --> K:\Program Files\VideoLAN\VLC\uninstall.exe
    VTFEdit 1.2.1 --> "K:\Program Files\VTFEdit\unins000.exe"
    WiDESYNC 2.0 --> RunDll32 K:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{11AEA686-CD61-4C11-B410-330119375147}\setup.exe" -l0x9 
    Winamp --> "K:\Program Files\Winamp\UninstWA.exe"
    Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> K:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u K:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> K:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u K:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    WinRAR archiver --> K:\Program Files\WinRAR\uninstall.exe
    Yahoo! Messenger --> K:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U K:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    
    
    -- Application Event Log -------------------------------------------------------
    
    Event Record #/Type1243 / Error
    Event Submitted/Written: 03/04/2007 09:03:52 AM
    Event ID/Source: 259 / McLogEvent
    Event Description:
    The file k:\autorun.inf contains Generic!atr Trojan. Detected with Scan Engine 5200.2160 DAT version 5243.0000.
    
    Event Record #/Type947 / Warning
    Event Submitted/Written: 03/04/2007 07:19:26 AM
    Event ID/Source: 3 / SQLBrowser
    Event Description:
    The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.
    
    Event Record #/Type906 / Warning
    Event Submitted/Written: 03/04/2007 07:15:02 AM
    Event ID/Source: 3 / SQLBrowser
    Event Description:
    The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.
    
    Event Record #/Type863 / Warning
    Event Submitted/Written: 03/03/2007 08:28:52 PM
    Event ID/Source: 3 / SQLBrowser
    Event Description:
    The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.
    
    Event Record #/Type845 / Warning
    Event Submitted/Written: 03/03/2007 06:02:51 PM
    Event ID/Source: 3 / SQLBrowser
    Event Description:
    The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.
    
    
    
    -- Security Event Log ----------------------------------------------------------
    
    No Errors/Warnings found.
    
    
    -- System Event Log ------------------------------------------------------------
    
    Event Record #/Type856 / Warning
    Event Submitted/Written: 03/04/2007 11:52:12 PM
    Event ID/Source: 51 / Cdrom
    Event Description:
    An error was detected on device \Device\CdRom1 during a paging operation.
    
    Event Record #/Type855 / Warning
    Event Submitted/Written: 03/04/2007 11:52:12 PM
    Event ID/Source: 51 / Cdrom
    Event Description:
    An error was detected on device \Device\CdRom1 during a paging operation.
    
    Event Record #/Type854 / Warning
    Event Submitted/Written: 03/04/2007 11:52:12 PM
    Event ID/Source: 51 / Cdrom
    Event Description:
    An error was detected on device \Device\CdRom1 during a paging operation.
    
    Event Record #/Type853 / Warning
    Event Submitted/Written: 03/04/2007 11:52:12 PM
    Event ID/Source: 51 / Cdrom
    Event Description:
    An error was detected on device \Device\CdRom1 during a paging operation.
    
    Event Record #/Type852 / Warning
    Event Submitted/Written: 03/04/2007 11:52:12 PM
    Event ID/Source: 51 / Cdrom
    Event Description:
    An error was detected on device \Device\CdRom1 during a paging operation.
    
    
    
    -- End of Deckard's System Scanner: finished at 2007-03-05 00:07:18 ------------
    Cheers

  4. #4
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: My Logfile - Virus

    Worm activity related to QQ making it's changes there. QQ is most often Chinese sourced - did your friend try to download something from a Chinese website?


    Right click Here and select Save Target As (Firefox Save Link As) and save UnHookExec.inf to your Desktop.

    Then right-click on UnHookExec.inf and select Install. You may only see a desktop flicker as the changes are made.

    ------------------------------------


    Code:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "@"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94de3159-e7d9-11dc-bc4b-001a4d211b0e}]
    Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it fixer.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.

    --------------------------------

    Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

    Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, delete them.

    N:\IO.pif (or any drive IO.pif is found)

    --------------------------------

    Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

    If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

    On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"

    -----------------------------------

    Then Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE).

    To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top of IE if needed to allow this). Once the download has completed click Next, then Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click "My Computer" to begin the scan. Save the Report as a text file and post that back here.

    To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)".

    Run a new Deckards scan using the same steps posted earlier, and post that here along with the Kaspersky log please.

  5. #5
    Einsteiger
    Registriert seit
    04.03.2008
    Beiträge
    17

    AW: My Logfile - Virus

    Zitat Zitat von Jintan Beitrag anzeigen
    Worm activity related to QQ making it's changes there. QQ is most often Chinese sourced - did your friend try to download something from a Chinese website?


    Right click Here and select Save Target As (Firefox Save Link As) and save UnHookExec.inf to your Desktop.

    Then right-click on UnHookExec.inf and select Install. You may only see a desktop flicker as the changes are made.



    Code:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "@"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94de3159-e7d9-11dc-bc4b-001a4d211b0e}]
    Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it fixer.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.

    --------------------------------
    Done.

    Zitat Zitat von Jintan
    Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

    Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, delete them.

    N:\IO.pif (or any drive IO.pif is found)
    I can't find this file anymore on my PC this file was deleted from every partition by McAfee.

    Zitat Zitat von Jintan
    Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

    If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

    On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"

    -----------------------------------
    I done that yesterday

    Zitat Zitat von Jintan
    Then Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE).

    To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top of IE if needed to allow this). Once the download has completed click Next, then Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click "My Computer" to begin the scan. Save the Report as a text file and post that back here.

    To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)".

    Run a new Deckards scan using the same steps posted earlier, and post that here along with the Kaspersky log please.
    I'm still scanning till now since you told me I've scanned 2 times and every time it stuck at 35% ..I have 4 Hard Disks it takes a day to scan the whole computer...Any idea?




    Thank you

  6. #6
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: My Logfile - Virus

    In truth, no. This is an autorun infection that targets drives, and often can include installing hidden files to each of those for it's autostarting tricks. I have not run Kaspersky on multi-drive systems - is there an option other than My Computer, where you can designate the scan by drive letters when there are more than one HD's installed?

  7. #7
    Einsteiger
    Registriert seit
    04.03.2008
    Beiträge
    17

    AW: My Logfile - Virus

    Yes there is an option called "Folders" to scan specific drive(s)/folder(s), shall i select/scan the System Partition only?

    EDIT: I've scanned the System Partition which is "K" and it found nothing!!! :

    Here is the log:

    Code:
    -------------------------------------------------------------------------------
     KASPERSKY ONLINE SCANNER REPORT
     Tuesday, March 06, 2007 11:04:37 PM
     Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
     Kaspersky Online Scanner version: 5.0.98.0
     Kaspersky Anti-Virus database last update:  6/03/2008
     Kaspersky Anti-Virus database records: 604356
    -------------------------------------------------------------------------------
    
    Scan Settings:
    	Scan using the following antivirus database: extended
    	Scan Archives: true
    	Scan Mail Bases: true
    
    Scan Target - Folders:
    	K:\
    
    Scan Statistics:
    	Total number of scanned objects: 106939
    	Number of viruses found: 0
    	Number of infected objects: 0
    	Number of suspicious objects: 0
    	Duration of the scan process: 03:34:01
    
    Infected Object Name / Virus Name / Last Action
    K:\autorun.inf\lpt3.This folder was created by Flash_Disinfector	Object is locked	skipped
    K:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\cert8.db	Object is locked	skipped
    K:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\formhistory.dat	Object is locked	skipped
    K:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\history.dat	Object is locked	skipped
    K:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\key3.db	Object is locked	skipped
    K:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\parent.lock	Object is locked	skipped
    K:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\search.sqlite	Object is locked	skipped
    K:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\urlclassifier2.sqlite	Object is locked	skipped
    K:\Documents and Settings\Administrator\Cookies\index.dat	Object is locked	skipped
    K:\Documents and Settings\Administrator\Desktop\Mario.Forever.rar.part	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\Cache\668BAD30d01	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\Cache\_CACHE_001_	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\Cache\_CACHE_002_	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\Cache\_CACHE_003_	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\Cache\_CACHE_MAP_	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\4nm7avy4.default\XUL.mfl	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Pando\Pando Files\cert\cert8.db	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Pando\Pando Files\cert\key3.db	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Application Data\Pando\Pando Files\pando.log	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007030620070307\index.dat	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Temp\NAILogs\UpdaterUI_D4RKNESS-E00FBC.log	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_e4c.dat	Object is locked	skipped
    K:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
    K:\Documents and Settings\Administrator\NTUSER.DAT	Object is locked	skipped
    K:\Documents and Settings\Administrator\ntuser.dat.LOG	Object is locked	skipped
    K:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_D4RKNESS-E00FBC.log	Object is locked	skipped
    K:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_D4RKNESS-E00FBC.log	Object is locked	skipped
    K:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionLog.txt	Object is locked	skipped
    K:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\BufferOverflowProtectionLog.txt	Object is locked	skipped
    K:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\OnAccessScanLog.txt	Object is locked	skipped
    K:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
    K:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
    K:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
    K:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
    K:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
    K:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
    K:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
    K:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
    K:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
    K:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_260.dat	Object is locked	skipped
    K:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
    K:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG	Object is locked	skipped
    K:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_9.trc	Object is locked	skipped
    K:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
    K:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
    K:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
    K:\WINDOWS\Sti_Trace.log	Object is locked	skipped
    K:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
    K:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
    K:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
    K:\WINDOWS\system32\config\default	Object is locked	skipped
    K:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
    K:\WINDOWS\system32\config\SAM	Object is locked	skipped
    K:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
    K:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
    K:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
    K:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
    K:\WINDOWS\system32\config\software	Object is locked	skipped
    K:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
    K:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
    K:\WINDOWS\system32\config\system	Object is locked	skipped
    K:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
    K:\WINDOWS\system32\drivers\sptd.sys	Object is locked	skipped
    K:\WINDOWS\system32\h323log.txt	Object is locked	skipped
    K:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
    K:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
    K:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
    K:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
    K:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
    K:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
    K:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
    K:\WINDOWS\wiadebug.log	Object is locked	skipped
    K:\WINDOWS\wiaservc.log	Object is locked	skipped
    K:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
    
    Scan process completed.
    And here is another HijackThis log:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:20:28 PM, on 3/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    K:\WINDOWS\System32\smss.exe
    K:\WINDOWS\system32\winlogon.exe
    K:\WINDOWS\system32\services.exe
    K:\WINDOWS\system32\lsass.exe
    K:\WINDOWS\system32\svchost.exe
    K:\WINDOWS\System32\svchost.exe
    K:\WINDOWS\system32\spoolsv.exe
    K:\Program Files\Bonjour\mDNSResponder.exe
    K:\Program Files\McAfee\Common Framework\FrameworkService.exe
    K:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    K:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    K:\WINDOWS\system32\nvsvc32.exe
    k:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    K:\WINDOWS\Explorer.EXE
    K:\WINDOWS\system32\RUNDLL32.EXE
    K:\WINDOWS\RTHDCPL.EXE
    K:\Program Files\Winamp\winampa.exe
    K:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    K:\Program Files\McAfee\Common Framework\UdaterUI.exe
    K:\Program Files\Messenger\msmsgs.exe
    K:\WINDOWS\system32\ctfmon.exe
    K:\WINDOWS\System32\svchost.exe
    K:\Program Files\McAfee\Common Framework\McTray.exe
    K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    K:\WINDOWS\system32\svchost.exe
    G:\Usable Applications\CF ToolBox\CFToolbox\CFToolbox.exe
    K:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    K:\Program Files\Winamp\winamp.exe
    K:\WINDOWS\system32\WISPTIS.EXE
    K:\Program Files\uTorrent\uTorrent.exe
    K:\WINDOWS\notepad.exe
    K:\WINDOWS\notepad.exe
    K:\Program Files\Mozilla Firefox\firefox.exe
    K:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - K:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - K:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - K:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - K:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - K:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "K:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WinampAgent] "K:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "K:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "K:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKCU\..\Run: [DAEMON Tools] "K:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download Using &BitSpirit - K:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - K:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - K:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - K:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - K:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    
    --
    End of file - 6811 bytes
    and DDS's logs:->

    Main:

    Code:
    Deckard's System Scanner v20071014.68
    Run by Administrator on 2007-03-06 23:15:05
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------
    
    
    
    -- HijackThis (run as Administrator.exe) ---------------------------------------
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:15:10 PM, on 3/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    K:\WINDOWS\System32\smss.exe
    K:\WINDOWS\system32\winlogon.exe
    K:\WINDOWS\system32\services.exe
    K:\WINDOWS\system32\lsass.exe
    K:\WINDOWS\system32\svchost.exe
    K:\WINDOWS\System32\svchost.exe
    K:\WINDOWS\system32\spoolsv.exe
    K:\Program Files\Bonjour\mDNSResponder.exe
    K:\Program Files\McAfee\Common Framework\FrameworkService.exe
    K:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    K:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    K:\WINDOWS\system32\nvsvc32.exe
    k:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    K:\WINDOWS\Explorer.EXE
    K:\WINDOWS\system32\RUNDLL32.EXE
    K:\WINDOWS\RTHDCPL.EXE
    K:\Program Files\Winamp\winampa.exe
    K:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    K:\Program Files\McAfee\Common Framework\UdaterUI.exe
    K:\Program Files\Messenger\msmsgs.exe
    K:\WINDOWS\system32\ctfmon.exe
    K:\WINDOWS\System32\svchost.exe
    K:\Program Files\McAfee\Common Framework\McTray.exe
    K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    K:\WINDOWS\system32\svchost.exe
    G:\Usable Applications\CF ToolBox\CFToolbox\CFToolbox.exe
    K:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    K:\Program Files\Winamp\winamp.exe
    K:\Program Files\Internet Explorer\IEXPLORE.EXE
    K:\Program Files\Pando Networks\Pando\pando.exe
    K:\WINDOWS\system32\WISPTIS.EXE
    K:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    K:\Program Files\uTorrent\uTorrent.exe
    K:\Documents and Settings\Administrator\desktop\dss.exe
    K:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
    
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - K:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - K:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - K:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - K:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - K:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "K:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WinampAgent] "K:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "K:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "K:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKCU\..\Run: [DAEMON Tools] "K:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download Using &BitSpirit - K:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1BFC2953-77BD-4968-86B9-FA7FBDDC323C}: NameServer = 212.103.160.18,163.121.170.63,163.121.128.134,163.121.128.34
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - K:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - K:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - K:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - K:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    
    --
    End of file - 6921 bytes
    
    -- File Associations -----------------------------------------------------------
    
    .ini - Notepad++_file - DefaultIcon - unable to read value
    .ini - Notepad++_file - shell\open\command - "K:\Program Files\Notepad++\notepad++.exe" "%1"
    .js - Notepad++_file - DefaultIcon - unable to read value
    .js - Notepad++_file - shell\open\command - "K:\Program Files\Notepad++\notepad++.exe" "%1"
    .txt - Notepad++_file - DefaultIcon - unable to read value
    .txt - Notepad++_file - shell\open\command - "K:\Program Files\Notepad++\notepad++.exe" "%1"
    
    
    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
    
    R1 SCDEmu - k:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    
    S3 ssm_bus (Samsung Mobile USB Device II 1.0 driver (WDM)) - k:\windows\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
    S3 ssm_mdfl (Samsung Mobile USB Modem II 1.0 Filter) - k:\windows\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
    S3 ssm_mdm (Samsung Mobile USB Modem II 1.0 Drivers) - k:\windows\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
    
    
    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
    
    R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "k:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    R3 ServiceLayer - "k:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
    
    S3 FLEXnet Licensing Service - "k:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    
    
    -- Device Manager: Disabled ----------------------------------------------------
    
    No disabled devices found.
    
    
    -- Files created between 2007-02-06 and 2007-03-06 -----------------------------
    
    2008-03-03 15:30:20         0 d-------- K:\Documents and Settings\All Users\Application Data\PC Suite
    2008-03-03 15:30:20         0 d-------- K:\Documents and Settings\Administrator\Application Data\Nokia
    2008-03-03 15:30:06         0 d-------- K:\Program Files\Common Files\PCSuite
    2008-03-03 15:30:06         0 d-------- K:\Program Files\Common Files\Nokia
    2008-03-03 15:29:55         0 d-------- K:\Program Files\DIFX
    2008-03-03 15:29:38         0 d-------- K:\Documents and Settings\Administrator\Application Data\PC Suite
    2008-03-03 15:29:33         0 d-------- K:\Program Files\PC Connectivity Solution
    2008-03-03 15:29:20         0 d-------- K:\Program Files\Nokia
    2008-03-03 07:50:19         0 d-------- K:\Documents and Settings\Administrator\Application Data\Dev-Cpp
    2008-03-03 07:49:59         0 d-------- K:\Dev-Cpp
    2008-03-02 11:26:11         0 d-------- K:\Documents and Settings\Administrator\dwhelper
    2008-03-02 05:49:31         0 d--h----- K:\WINDOWS\PIF
    2008-03-02 04:51:00         0 d-------- K:\Program Files\MySQL
    2008-03-02 04:10:39         0 d-------- K:\Program Files\Google
    2008-03-02 03:48:18         0 d-------- K:\Program Files\VTFEdit
    2008-03-02 03:47:27         0 d-------- K:\Program Files\GCFScape
    2008-03-02 02:05:15         0 d-------- K:\Program Files\uTorrent
    2008-03-02 02:05:09         0 d-------- K:\Documents and Settings\Administrator\Application Data\uTorrent
    2008-03-02 01:38:24         0 d-------- K:\Program Files\Silkroad
    2008-03-02 01:31:22         0 d-------- K:\Downloads
    2008-03-01 22:56:33     98304 --a------ K:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
    2008-03-01 14:19:29         0 d-------- K:\Program Files\BitSpirit
    2008-03-01 13:09:40         0 d-------- K:\Program Files\Remotesoft
    2008-03-01 11:56:07         0 d-------- K:\Documents and Settings\Administrator\Contacts
    2008-03-01 11:54:48         0 d------c- K:\WINDOWS\system32\DRVSTORE
    2008-03-01 11:54:14         0 d-------- K:\Program Files\MSN Messenger
    2008-03-01 11:44:40         0 d-------- K:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-03-01 11:44:22         0 d-------- K:\Program Files\Yahoo!
    2008-03-01 11:41:36         0 d-------- K:\Documents and Settings\Administrator\Application Data\dvdcss
    2008-03-01 11:41:21         0 d-------- K:\Documents and Settings\Administrator\Application Data\vlc
    2008-03-01 08:18:41         0 d-------- K:\WINDOWS\Sun
    2008-03-01 08:18:41         0 d-------- K:\Documents and Settings\Administrator\Application Data\Sun
    2008-03-01 06:51:15         0 d-------- K:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2008-03-01 06:47:48         0 d-------- K:\Program Files\MSDN
    2008-03-01 06:41:33         0 d-------- K:\Program Files\Microsoft SQL Server
    2008-03-01 06:41:08         0 d-------- K:\Program Files\Microsoft Device Emulator
    2008-03-01 06:41:02         0 d-------- K:\Program Files\Microsoft SQL Server 2005 Mobile Edition
    2008-03-01 06:38:41         0 d-------- K:\Program Files\Hexprobe
    2008-03-01 06:37:37         0 d-------- K:\Program Files\URUSoft
    2008-03-01 06:35:36         0 d-------- K:\Program Files\MSBuild
    2008-03-01 06:29:57         0 d-------- K:\WINDOWS\Symbols
    2008-03-01 06:29:57         0 d-------- K:\Program Files\Microsoft.NET
    2008-03-01 06:29:57         0 d-------- K:\Program Files\HTML Help Workshop
    2008-03-01 06:29:57         0 d-------- K:\Program Files\Common Files\Business Objects
    2008-03-01 06:29:57         0 d-------- K:\Program Files\CE Remote Tools
    2008-03-01 06:29:57         0 d-------- K:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
    2008-03-01 06:29:56         0 d-------- K:\Program Files\Common Files\Merge Modules
    2008-03-01 06:28:02         0 d-------- K:\Program Files\Microsoft Visual Studio 8
    2008-03-01 06:28:02         0 d-------- K:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-01 06:09:30         0 d-------- K:\Program Files\Notepad++
    2008-03-01 06:09:30         0 d-------- K:\Documents and Settings\Administrator\Application Data\Notepad++
    2008-03-01 06:05:49         0 d-------- K:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-01 06:01:35         0 d-------- K:\Documents and Settings\All Users\Application Data\Adobe
    2008-03-01 06:00:52         0 d-------- K:\Program Files\Bonjour
    2008-03-01 05:54:21         0 d-------- K:\Program Files\Common Files\Macrovision Shared
    2008-03-01 05:52:36         0 d-------- K:\Program Files\Common Files\Adobe
    2008-03-01 05:49:06         0 d-------- K:\Documents and Settings\All Users\Application Data\Macromedia
    2008-03-01 05:49:02         0 d-------- K:\Program Files\Macromedia
    2008-03-01 05:49:02         0 d-------- K:\Program Files\Common Files\Macromedia
    2008-03-01 05:48:34         0 d-------- K:\WINDOWS\Downloaded Installations
    2008-03-01 05:47:40         0 d-------- K:\Program Files\DAEMON Tools
    2008-03-01 05:34:34         0 d-------- K:\Program Files\DFX
    2008-03-01 05:30:54         0 d-------- K:\Program Files\Java
    2008-03-01 05:30:53         0 d-------- K:\Program Files\Common Files\Java
    2008-03-01 05:15:14         0 d-------- K:\Documents and Settings\Administrator\Application Data\Macromedia
    2008-03-01 05:15:14         0 d-------- K:\Documents and Settings\Administrator\Application Data\Adobe
    2008-03-01 05:15:10      1158 --a------ K:\WINDOWS\mozver.dat
    2008-03-01 05:13:18         0 --a------ K:\WINDOWS\nsreg.dat
    2008-03-01 05:13:16         0 d-------- K:\Documents and Settings\Administrator\Application Data\Mozilla
    2008-03-01 04:52:17         0 d-------- K:\WINDOWS\RegisteredPackages
    2008-03-01 04:51:22         0 d-------- K:\Documents and Settings\Administrator\Application Data\pe explorer
    2008-03-01 04:51:08         0 d-------- K:\Program Files\Winamp
    2008-03-01 04:51:08         0 d-------- K:\Documents and Settings\Administrator\Application Data\Winamp
    2008-03-01 04:50:03         0 d-------- K:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-03-01 04:49:55    217088 --a------ K:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
    2008-03-01 04:49:55    180224 --a------ K:\WINDOWS\system32\xvidvfw.dll
    2008-03-01 04:49:55    765952 --a------ K:\WINDOWS\system32\xvidcore.dll
    2008-03-01 04:49:55    654848 --a------ K:\WINDOWS\system32\x264vfw.dll
    2008-03-01 04:49:55    630784 --a------ K:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
    2008-03-01 04:49:55    438272 --a------ K:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
    2008-03-01 04:49:55    144384 --a------ K:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
    2008-03-01 04:49:55    217088 --a------ K:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
    2008-03-01 04:49:55     39936 --a------ K:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
    2008-03-01 04:49:54   3596288 --a------ K:\WINDOWS\system32\qt-dx331.dll
    2008-03-01 04:49:54    196608 --a------ K:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-03-01 04:49:54     73728 --a------ K:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-03-01 04:49:54    639066 --a------ K:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
    2008-03-01 04:49:53     10752 --a------ K:\WINDOWS\system32\ff_vfw.dll
    2008-03-01 04:49:52         0 d-------- K:\Program Files\K-Lite Codec Pack
    2008-03-01 04:49:52         0 d-------- K:\Documents and Settings\All Users\Application Data\Real
    2008-03-01 04:49:52         0 d-------- K:\Documents and Settings\Administrator\Application Data\Real
    2008-03-01 04:47:05         0 d-------- K:\Program Files\VideoLAN
    2008-03-01 04:45:58         0 d-------- K:\Program Files\PE Explorer
    2008-03-01 04:42:59         0 d-------- K:\WINDOWS\system32\URTTemp
    2008-03-01 04:41:08         0 d-------- K:\Program Files\PowerISO
    2008-03-01 04:40:49         0 d-------- K:\Documents and Settings\Administrator\Application Data\WinRAR
    2008-03-01 04:40:07    682232 --a------ K:\WINDOWS\system32\drivers\sptd.sys
    2008-03-01 03:57:24         0 d--hs---- K:\WINDOWS\Installer
    2008-03-01 03:57:23         0 d-------- K:\Program Files\Common Files\ODBC
    2008-03-01 03:57:20         0 d-------- K:\Program Files\Common Files\SpeechEngines
    2008-03-01 03:57:19         0 dr------- K:\Program Files
    2008-03-01 03:57:19         0 d-------- K:\Program Files\Common Files
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\Default User\Templates
    2008-03-01 03:56:54         0 dr------- K:\Documents and Settings\Default User\Start Menu
    2008-03-01 03:56:54         0 dr-h----- K:\Documents and Settings\Default User\SendTo
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\Default User\Recent
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\Default User\PrintHood
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\Default User\NetHood
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\Default User\My Documents
    2008-03-01 03:56:54         0 dr-h----- K:\Documents and Settings\Default User\Local Settings
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\Default User\Favorites
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\Default User\Desktop
    2008-03-01 03:56:54         0 d---s---- K:\Documents and Settings\Default User\Cookies
    2008-03-01 03:56:54         0 d--h----- K:\Documents and Settings\All Users\Templates
    2008-03-01 03:56:54         0 dr------- K:\Documents and Settings\All Users\Start Menu
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\All Users\Favorites
    2008-03-01 03:56:54         0 dr------- K:\Documents and Settings\All Users\Documents
    2008-03-01 03:56:54         0 d-------- K:\Documents and Settings\All Users\Desktop
    2008-03-01 03:56:43         0 d-------- K:\WINDOWS\system32\CatRoot2
    2008-03-01 03:56:43         0 d-------- K:\WINDOWS\system32\CatRoot
    2008-03-01 03:56:38         0 dr-h----- K:\Documents and Settings\Default User\Application Data
    2008-03-01 03:56:38         0 d---s---- K:\Documents and Settings\Default User\Application Data\Microsoft
    2008-03-01 03:56:37         0 dr-h----- K:\Documents and Settings\All Users\Application Data
    2008-03-01 03:56:37         0 d---s---- K:\Documents and Settings\All Users\Application Data\Microsoft
    2008-03-01 03:56:15         0 d-------- K:\Documents and Settings
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\WinSxS
    2008-03-01 03:51:49         0 dr------- K:\WINDOWS\Web
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\twain_32
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\wins
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\wbem
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\usmt
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\spool
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\ShellExt
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\Setup
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\ras
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\oobe
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\npp
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\mui
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\inetsrv
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\IME
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\icsxml
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\ias
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\export
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\drivers
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\drivers\etc
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\drivers\disdn
    2008-03-01 03:51:49         0 dr-hs--c- K:\WINDOWS\system32\dllcache
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\dhcp
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\config
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\3com_dmi
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\3076
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\2052
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1054
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1042
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1041
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1037
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1033
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1031
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1028
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system32\1025
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\system
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\security
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Resources
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\repair
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Provisioning
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\PeerNet
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\pchealth
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\mui
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\msapps
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\msagent
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Media
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\java
    2008-03-01 03:51:49         0 d--h----- K:\WINDOWS\inf
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\ime
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Help
    2008-03-01 03:51:49         0 dr--s---- K:\WINDOWS\Fonts
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\ehome
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Driver Cache
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Debug
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Cursors
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Connection Wizard
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\Config
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\AppPatch
    2008-03-01 03:51:49         0 d-------- K:\WINDOWS\addins
    2008-03-01 02:34:11         0 d-------- K:\WINDOWS\OPTIONS
    2008-03-01 02:34:08         0 d-------- K:\Documents and Settings\Administrator\Application Data\InstallShield
    2008-03-01 02:34:01         0 d-------- K:\WINDOWS\system32\Lang
    2008-03-01 02:31:23     49152 --a------ K:\WINDOWS\system32\ChCfg.exe
    2008-03-01 02:31:11         0 d-------- K:\WINDOWS\system32\RTCOM
    2008-03-01 02:31:02         0 d-------- K:\Program Files\Realtek
    2008-03-01 02:31:02         0 d--h----- K:\Program Files\InstallShield Installation Information
    2008-03-01 02:30:59    499712 --a------ K:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
    2008-03-01 02:30:07         0 d-------- K:\WINDOWS\system32\ReinstallBackups
    2008-03-01 02:30:06         0 d-------- K:\Program Files\Intel
    2008-03-01 02:29:26         0 d-------- K:\WINDOWS\nview
    2008-03-01 02:29:10         0 d-------- K:\Program Files\Common Files\InstallShield
    2008-03-01 02:20:32         0 d-------- K:\Documents and Settings\Administrator\Application Data\Identities
    2008-03-01 02:20:24         0 d--h----- K:\Documents and Settings\Administrator\Templates
    2008-03-01 02:20:24         0 dr------- K:\Documents and Settings\Administrator\Start Menu
    2008-03-01 02:20:24         0 dr-h----- K:\Documents and Settings\Administrator\SendTo
    2008-03-01 02:20:24         0 dr-h----- K:\Documents and Settings\Administrator\Recent
    2008-03-01 02:20:24         0 d--h----- K:\Documents and Settings\Administrator\PrintHood
    2008-03-01 02:20:24   3407872 --ah----- K:\Documents and Settings\Administrator\NTUSER.DAT
    2008-03-01 02:20:24         0 d--h----- K:\Documents and Settings\Administrator\NetHood
    2008-03-01 02:20:24         0 dr------- K:\Documents and Settings\Administrator\My Documents
    2008-03-01 02:20:24         0 d--h----- K:\Documents and Settings\Administrator\Local Settings
    2008-03-01 02:20:24         0 dr------- K:\Documents and Settings\Administrator\Favorites
    2008-03-01 02:20:24         0 d-------- K:\Documents and Settings\Administrator\Desktop
    2008-03-01 02:20:24         0 d---s---- K:\Documents and Settings\Administrator\Cookies
    2008-03-01 02:20:24         0 dr-h----- K:\Documents and Settings\Administrator\Application Data
    2008-03-01 02:18:41         0 d-------- K:\WINDOWS\SoftwareDistribution
    2008-03-01 02:18:39         0 d---s---- K:\WINDOWS\system32\Microsoft
    2008-03-01 02:18:39         0 d-------- K:\WINDOWS\Prefetch
    2008-03-01 02:18:38    229376 --ah----- K:\Documents and Settings\LocalService\NTUSER.DAT
    2008-03-01 02:18:38         0 d--h----- K:\Documents and Settings\LocalService\Local Settings
    2008-03-01 02:18:38         0 d---s---- K:\Documents and Settings\LocalService\Cookies
    2008-03-01 02:18:38         0 d-------- K:\Documents and Settings\LocalService\Application Data
    2008-03-01 02:18:38         0 d---s---- K:\Documents and Settings\LocalService\Application Data\Microsoft
    2008-03-01 02:18:24    229376 --ah----- K:\Documents and Settings\NetworkService\NTUSER.DAT
    2008-03-01 02:18:24         0 d--h----- K:\Documents and Settings\NetworkService\Local Settings
    2008-03-01 02:18:24         0 d---s---- K:\Documents and Settings\NetworkService\Cookies
    2008-03-01 02:18:24         0 d-------- K:\Documents and Settings\NetworkService\Application Data
    2008-03-01 02:18:24         0 d---s---- K:\Documents and Settings\NetworkService\Application Data\Microsoft
    2008-03-01 02:15:49         0 d-------- K:\WINDOWS\system32\xircom
    2008-03-01 02:15:48         0 d-------- K:\Program Files\microsoft frontpage
    2008-03-01 02:15:39    229376 --ah----- K:\Documents and Settings\Default User\NTUSER.DAT
    2008-03-01 02:14:40         0 d--hs---- K:\Documents and Settings\All Users\DRM
    2008-03-01 02:14:30         0 dr------- K:\WINDOWS\Offline Web Pages
    2008-03-01 02:14:30         0 d---s---- K:\WINDOWS\Downloaded Program Files
    2008-03-01 02:14:20         0 d--h----- K:\Program Files\WindowsUpdate
    2008-03-01 02:14:02         0 d-------- K:\WINDOWS\system32\DirectX
    2008-03-01 02:13:30         0 d---s---- K:\WINDOWS\Tasks
    2008-03-01 02:13:29         0 d-------- K:\Program Files\Common Files\MSSoap
    2008-03-01 02:13:26         0 d-------- K:\WINDOWS\system32\Macromed
    2008-03-01 02:13:26         0 d-------- K:\WINDOWS\srchasst
    2008-03-01 02:13:19         0 d-------- K:\Program Files\Movie Maker
    2008-03-01 02:13:12         0 d-------- K:\WINDOWS\system32\Restore
    2008-03-01 02:12:34     21640 --a------ K:\WINDOWS\system32\emptyregdb.dat
    2008-03-01 02:12:20         0 d-------- K:\WINDOWS\Registration
    2008-03-01 02:12:14         0 d-------- K:\Program Files\Online Services
    2008-03-01 02:12:09         0 d-------- K:\Program Files\Messenger
    2008-03-01 02:12:06         0 d-------- K:\Program Files\MSN Gaming Zone
    2008-03-01 02:11:32         0 d-------- K:\Program Files\Windows NT
    2008-03-01 02:11:29         0 d-------- K:\WINDOWS\system32\MsDtc
    2008-03-01 02:11:27         0 d-------- K:\WINDOWS\system32\Com
    2007-12-05 01:41:00   1626112 --a------ K:\WINDOWS\system32\nwiz.exe
    2007-12-05 01:41:00   1019904 --a------ K:\WINDOWS\system32\nvwimg.dll
    2007-12-05 01:41:00   1703936 --a------ K:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 01:41:00    466944 --a------ K:\WINDOWS\system32\nvshell.dll
    2007-12-05 01:41:00   1474560 --a------ K:\WINDOWS\system32\nview.dll
    2007-12-05 01:41:00   1339392 --a------ K:\WINDOWS\system32\nvdspsch.exe
    2007-12-05 01:41:00    442368 --a------ K:\WINDOWS\system32\nvappbar.exe
    2007-12-05 01:41:00    425984 --a------ K:\WINDOWS\system32\keystone.exe
    2007-03-21 20:54:16     69632 --a------ K:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
    2007-03-21 20:54:16     48560 --a------ K:\WINDOWS\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
    2007-03-21 20:54:16     77312 --a------ K:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
    2007-03-06 23:13:19         0 d-------- K:\Program Files\Trend Micro
    2007-03-06 21:22:46         0 d-------- K:\Documents and Settings\Administrator\Application Data\Help
    2007-03-06 16:23:29         0 d-------- K:\Program Files\DietMP3
    2007-03-06 09:30:34         0 d-------- K:\Program Files\Pando Networks
    2007-03-06 06:42:59         0 d-------- K:\Documents and Settings\Administrator\Application Data\Opera
    2007-03-06 06:42:50         0 d-------- K:\Program Files\Opera
    2007-03-05 10:36:53         0 d-------- K:\Program Files\7-Zip
    2007-03-05 10:18:46         0 d-------- K:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-03-05 10:18:45         0 d-------- K:\WINDOWS\system32\Kaspersky Lab
    2007-03-05 09:48:13     40960 --a------ K:\Virus Scan Helper.exe <Not Verified; ; Virus Scan Helper>
    2007-03-05 01:47:15     44928 --a------ K:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
    2007-03-05 01:16:50         0 d-------- K:\WINDOWS\system32\ActiveScan
    2007-03-05 01:16:48         0 d-------- K:\WINDOWS\LastGood
    2007-03-05 00:43:37         0 d--hs---- K:\System Volume Information
    2007-03-04 23:58:06         0 drahs---- K:\autorun.inf
    2007-03-04 23:56:22         0 d-------- K:\Documents and Settings\All Users\Application Data\Avg8
    2007-03-04 17:11:28         0 d-------- K:\masm32
    2007-03-04 16:28:36         0 d-------- K:\Documents and Settings\Administrator\Application Data\AdobeUM
    2007-03-04 15:08:01         0 d-------- K:\WINDOWS\Cache
    2007-03-04 10:22:53         0 d---s---- K:\Documents and Settings\Administrator\UserData
    2007-03-04 10:19:20         0 d-------- K:\Documents and Settings\Administrator\.housecall6.6
    2007-03-04 09:39:51         0 d-------- K:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
    2007-03-04 09:39:44         0 d-------- K:\Program Files\AVG
    2007-03-04 08:48:28         0 d-------- K:\QUARANTINE
    2007-03-04 08:27:41   1495552 --a------ K:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
    2007-03-04 08:27:41         0 d-------- K:\Program Files\Common Files\Cisco Systems
    2007-03-04 08:27:40         0 d-------- K:\Documents and Settings\All Users\Application Data\McAfee
    2007-03-04 08:26:57         0 d-------- K:\Program Files\McAfee
    2007-03-04 08:26:57         0 d-------- K:\Program Files\Common Files\McAfee
    2007-03-04 07:17:26         0 d-------- K:\WINDOWS\system32\LogFiles
    2007-03-03 17:58:50    126976 --a------ K:\WINDOWS\system32\WideToolkit.dll
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncSweden.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncSpanish.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncRussian.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncPortuguese.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    843776 --a------ K:\WINDOWS\system32\WideSyncOutlook.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    208896 --a------ K:\WINDOWS\system32\WideSyncManager.dll <Not Verified; ; WideSyncManager ?? ?? ?????>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncItalian.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncGerman.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    794708 --a------ K:\WINDOWS\system32\WideSyncGanChe.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncFrench.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncDutch.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    794708 --a------ K:\WINDOWS\system32\WideSyncBunChe.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50    667648 --a------ K:\WINDOWS\system32\WideSyncBrazilian.dll <Not Verified; Samsung Electronics; WiDESYNCOutlook Module>
    2007-03-03 17:58:50     32768 --a------ K:\WINDOWS\system32\WideSyncAdminAdapter.dll <Not Verified; ; WideSyncAdminAdapter ?? ?? ?????>
    2007-03-03 17:58:50    270336 --a------ K:\WINDOWS\system32\WideDBAdapter.dll <Not Verified; ; WideDBAdapter ?? ?? ?????>
    2007-03-03 17:58:50    122880 --a------ K:\WINDOWS\system32\regdrop.exe
    2007-03-03 17:58:50     45056 --a------ K:\WINDOWS\system32\ObexLib.dll <Not Verified; ; ObexLib ?? ?? ?????>
    2007-03-03 17:56:48         0 d-------- K:\Program Files\Common Files\L&H
    2007-03-03 17:56:34         0 d-------- K:\Program Files\Microsoft ActiveSync
    2007-03-03 17:55:59         0 d-------- K:\Program Files\Microsoft Works
    2007-03-03 17:55:41         0 d-------- K:\WINDOWS\SHELLNEW
    2007-03-03 17:54:32      5776 --a------ K:\WINDOWS\system32\drivers\ssm_whnt.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
    2007-03-03 17:54:32      5776 --a------ K:\WINDOWS\system32\drivers\ssm_wh.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
    2007-03-03 17:54:32     84512 --a------ K:\WINDOWS\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
    2007-03-03 17:54:32      6096 --a------ K:\WINDOWS\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
    2007-03-03 17:54:32      6112 --a------ K:\WINDOWS\system32\drivers\ssm_cmnt.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
    2007-03-03 17:54:32      6112 --a------ K:\WINDOWS\system32\drivers\ssm_cm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
    2007-03-03 17:54:32     52416 --a------ K:\WINDOWS\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
    2007-03-03 17:52:24    556544 -----n--- K:\WINDOWS\system32\NexPlayerX.dll <Not Verified; NEXTREAMING; NexPlayerX Module>
    2007-03-03 17:52:19    294912 --a------ K:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    166672 --a------ K:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    250128 --a------ K:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    168720 --a------ K:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19   1238288 --a------ K:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    252688 --a------ K:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:19    344064 --a------ K:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:18     44304 --a------ K:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2007-03-03 17:52:18     39424 --a------ K:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
    2007-03-03 17:52:15         0 d-------- K:\Program Files\Samsung
    2007-02-13 16:22:54    947472 --a------ K:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    
    
    -- Find3M Report ---------------------------------------------------------------
    
    2008-03-01 03:56:54        62 --ahs---- K:\Documents and Settings\Administrator\Application Data\desktop.ini
    2007-03-05 00:34:57         0 --a------ K:\Documents and Settings\Administrator\Application Data\.googlewebacchosts
    
    
    -- Registry Dump ---------------------------------------------------------------
    
    *Note* empty entries & legit default entries are not shown
    
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="K:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 03:07 AM]
    "PHIME2002ASync"="K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 03:07 AM]
    "PHIME2002A"="K:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 03:07 AM]
    "NvCplDaemon"="K:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
    "nwiz"="nwiz.exe" [12/05/2007 01:41 AM K:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="K:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
    "RTHDCPL"="RTHDCPL.EXE" [11/14/2006 11:21 AM K:\WINDOWS\RTHDCPL.exe]
    "Alcmtr"="ALCMTR.EXE" [05/03/2005 12:43 PM K:\WINDOWS\Alcmtr.exe]
    "WinampAgent"="K:\Program Files\Winamp\winampa.exe" [10/10/2007 07:28 AM]
    "ShStatEXE"="K:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [10/16/2007 08:50 PM]
    "McAfeeUpdaterUI"="K:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="K:\Program Files\DAEMON Tools\daemon.exe" [04/04/2007 12:29 AM]
    "ctfmon.exe"="K:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:07 AM]
    "@"="" []
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"=K:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    
    *Newly Created Service* - MUKGXOBLWWPT
    *Newly Created Service* - RKPAVPROC
    *Newly Created Service* - SDTHOOK
    
    
    
    -- End of Deckard's System Scanner: finished at 2007-03-06 23:17:22 ------------
    Extra:

    Code:
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------
    
    -- System Information ----------------------------------------------------------
    
    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English
    
    CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz
    Percentage of Memory in Use: 30%
    Physical Memory (total/avail): 2047.48 MiB / 1418.86 MiB
    Pagefile Memory (total/avail): 3939.97 MiB / 3401.16 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1913.99 MiB
    
    C: is Removable (FAT32)
    D: is Fixed (NTFS) - 36.14 GiB total, 0.93 GiB free. 
    E: is Fixed (NTFS) - 23.73 GiB total, 0.85 GiB free. 
    F: is Fixed (FAT32) - 14.64 GiB total, 0.7 GiB free. 
    G: is Fixed (NTFS) - 44.42 GiB total, 2.08 GiB free. 
    H: is Fixed (NTFS) - 147.9 GiB total, 7.79 GiB free. 
    I: is Fixed (FAT32) - 84.96 GiB total, 2.83 GiB free. 
    J: is Fixed (NTFS) - 149.04 GiB total, 2.39 GiB free. 
    K: is Fixed (NTFS) - 30.11 GiB total, 3.6 GiB free. 
    L: is CDROM (No Media)
    M: is CDROM (No Media)
    
    \\.\PHYSICALDRIVE2 - WDC WD1600AVBS-63SVA0 - 149.05 GiB - 1 partition
      \PARTITION0 - Extended w/Extended Int 13 - 149.04 GiB - J:
    
    \\.\PHYSICALDRIVE3 - WDC WD2500JS-00MVB1 - 232.88 GiB - 2 partitions
      \PARTITION0 - Extended w/Extended Int 13 - 232.88 GiB - H: - I:
    
    \\.\PHYSICALDRIVE1 - WDC WD800BB-00JHC0 - 74.53 GiB - 3 partitions
      \PARTITION0 (bootable) - Unknown - 14.65 GiB - F:
      \PARTITION1 - Extended w/Extended Int 13 - 59.87 GiB - D: - E:
    
    \\.\PHYSICALDRIVE0 - WDC WD800BB-08JHC0 - 74.53 GiB - 2 partitions
      \PARTITION0 (bootable) - Installable File System - 30.11 GiB - K:
      \PARTITION1 - Extended w/Extended Int 13 - 44.42 GiB - G:
    
    \\.\PHYSICALDRIVE4 - Kingston DataTraveler 2.0 USB Device - 486.34 MiB - 1 partition
      \PARTITION0 (bootable) - Unknown - 488.97 MiB - C:
    
    
    
    -- Security Center -------------------------------------------------------------
    
    AUOptions is disabled.
    Windows Internal Firewall is enabled.
    
    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.
    UpdatesDisableNotify is set.
    
    AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.)
    
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "K:\\Program Files\\MSN Messenger\\msnmsgr.exe"="K:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "K:\\Program Files\\MSN Messenger\\livecall.exe"="K:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "K:\\Program Files\\Bonjour\\mDNSResponder.exe"="K:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "K:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="K:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "K:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="K:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "K:\\Program Files\\MSN Messenger\\msnmsgr.exe"="K:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "K:\\Program Files\\MSN Messenger\\livecall.exe"="K:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "K:\\Program Files\\BitSpirit\\BitSpirit.exe"="K:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
    "K:\\Program Files\\uTorrent\\uTorrent.exe"="K:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "I:\\[+] Web Applications\\Forums\\25 2 07\\sas-steamcom\\LeapFTP\\LeapFTP.exe"="I:\\[+] Web Applications\\Forums\\25 2 07\\sas-steamcom\\LeapFTP\\LeapFTP.exe:*:Enabled:File Transfer Protocol (FTP) Client"
    "K:\\Program Files\\Pando Networks\\Pando\\pando.exe"="K:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
    "K:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"="K:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe:*:Enabled:Microsoft Visual Studio 2005"
    
    
    -- Environment Variables -------------------------------------------------------
    
    ALLUSERSPROFILE=K:\Documents and Settings\All Users
    APPDATA=K:\Documents and Settings\Administrator\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=K:\Program Files\Common Files
    COMPUTERNAME=D4RKNESS-E00FBC
    ComSpec=K:\WINDOWS\system32\cmd.exe
    DEFLOGDIR=K:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=K:
    HOMEPATH=\Documents and Settings\Administrator
    include=K:\Program Files\Microsoft Visual Studio\VC98\atl\include;K:\Program Files\Microsoft Visual Studio\VC98\mfc\include;K:\Program Files\Microsoft Visual Studio\VC98\include
    lib=K:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;K:\Program Files\Microsoft Visual Studio\VC98\lib
    LOGONSERVER=\\D4RKNESS-E00FBC
    MSDevDir=K:\Program Files\Microsoft Visual Studio\Common\MSDev98
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=K:\Program Files\PC Connectivity Solution\;K:\WINDOWS\system32;K:\WINDOWS;K:\WINDOWS\System32\Wbem;k:\Program Files\Microsoft SQL Server\90\Tools\binn\;K:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;K:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;K:\Program Files\Microsoft Visual Studio\Common\Tools;K:\Program Files\Microsoft Visual Studio\VC98\bin
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0409
    ProgramFiles=K:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=K:
    SystemRoot=K:\WINDOWS
    TEMP=K:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    TMP=K:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    USERDOMAIN=D4RKNESS-E00FBC
    USERNAME=Administrator
    USERPROFILE=K:\Documents and Settings\Administrator
    VS80COMNTOOLS=K:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
    VSEDEFLOGDIR=K:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
    windir=K:\WINDOWS
    
    
    -- User Profiles ---------------------------------------------------------------
    
    Administrator (admin)
    
    
    -- Add/Remove Programs ---------------------------------------------------------
    
     --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 K:\WINDOWS\INF\PCHealth.inf
    µTorrent --> "K:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    7-Zip 4.57 --> "K:\Program Files\7-Zip\Uninstall.exe"
    Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Dreamweaver CS3 --> K:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
    Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
    Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
    Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3 --> K:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
    Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
    Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
    Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
    Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
    Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    BitSpirit v3.2.2.215 Stable --> "K:\Program Files\BitSpirit\unins000.exe"
    Dev-C++ 5 beta 9 release (4.9.9.2) --> "K:\Dev-Cpp\uninstall.exe"
    DFX 8 for Winamp --> "K:\Program Files\Winamp\uninstall_dfx.exe"
    DietMP3 4.03.00 --> "K:\Program Files\DietMP3\unins000.exe"
    GCFScape 1.6.2 --> "K:\Program Files\GCFScape\unins000.exe"
    Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
    Hexprobe 3.2 --> "K:\Program Files\Hexprobe\unins000.exe"
    High Definition Audio Driver Package - KB888111 --> "K:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2 --> "K:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    K-Lite Mega Codec Pack 2.00 --> "K:\Program Files\K-Lite Codec Pack\unins000.exe"
    Kaspersky Online Scanner --> K:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
    Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
    Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
    Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
    McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
    Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
    Microsoft Document Explorer 2005 --> K:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
    Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft SQL Server 2005 --> "k:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
    Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
    Microsoft SQL Server Native Client --> MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
    Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
    Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 6.0 Standard Edition --> "K:\Program Files\Microsoft Visual Studio\VC98\Setup\1033\Setup.exe"
    Microsoft Visual J# 2.0 Redistributable Package --> K:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Microsoft Visual Studio 2005 Professional Edition - ENU --> K:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
    Mozilla Firefox (2.0.0.12) --> K:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSDN Library for Visual Studio 2005 --> msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
    MSDN Library for Visual Studio 2005 --> MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
    MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
    MySQL Connector/Net 5.0.8.1 --> "K:\Program Files\MySQL\MySQL Connector Net 5.0.8.1\unins000.exe"
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{3675AD63-CF95-4778-B981-225FB9225D7C}
    Nokia PC Suite --> MsiExec.exe /I{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC}
    Notepad++ --> K:\Program Files\Notepad++\uninstall.exe
    NVIDIA Drivers --> K:\WINDOWS\system32\nvuninst.exe UninstallGUI
    Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
    Panda ActiveScan --> K:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
    Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
    PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
    PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PE Explorer 1.98 R2 --> "K:\Program Files\PE Explorer\unins000.exe"
    PowerISO --> "K:\Program Files\PowerISO\uninstall.exe"
    REALTEK GbE & FE Ethernet PCI-E NIC Driver --> K:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.exe -runfromtemp -l0x0009 -removeonly
    Realtek High Definition Audio Driver --> RunDll32 K:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9  -removeonly
    Remotesoft .NET Explorer --> MsiExec.exe /I{3E3739CA-E65C-404C-B0F4-BD206E2C2DD5}
    Samsung Mobile USB Modem Software --> K:\Program Files\SAMSUNG\Samsung Mobile USB Modem\SSM_Uninstall.exe
    Samsung PC Studio II 2.0 PIMS & File Manager --> RunDll32 K:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{D4E01931-9B3F-49BD-B19B-511000A1E039}\Setup.exe" -l0x9 
    Samsung USB Driver (MCCI 4.24) --> K:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795} 
    Silkroad --> K:\Program Files\Silkroad\Remove.Exe
    Subtitle Workshop 2.51 --> "K:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
    VideoLAN VLC media player 0.8.6a --> K:\Program Files\VideoLAN\VLC\uninstall.exe
    VTFEdit 1.2.1 --> "K:\Program Files\VTFEdit\unins000.exe"
    WiDESYNC 2.0 --> RunDll32 K:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{11AEA686-CD61-4C11-B410-330119375147}\setup.exe" -l0x9 
    Winamp --> "K:\Program Files\Winamp\UninstWA.exe"
    Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> K:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u K:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> K:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u K:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    WinRAR archiver --> K:\Program Files\WinRAR\uninstall.exe
    Yahoo! Messenger --> K:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U K:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    
    
    -- Application Event Log -------------------------------------------------------
    
    Event Record #/Type1243 / Error
    Event Submitted/Written: 03/04/2007 09:03:52 AM
    Event ID/Source: 259 / McLogEvent
    Event Description:
    The file k:\autorun.inf contains Generic!atr Trojan. Detected with Scan Engine 5200.2160 DAT version 5243.0000.
    
    Event Record #/Type947 / Warning
    Event Submitted/Written: 03/04/2007 07:19:26 AM
    Event ID/Source: 3 / SQLBrowser
    Event Description:
    The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.
    
    Event Record #/Type906 / Warning
    Event Submitted/Written: 03/04/2007 07:15:02 AM
    Event ID/Source: 3 / SQLBrowser
    Event Description:
    The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.
    
    Event Record #/Type863 / Warning
    Event Submitted/Written: 03/03/2007 08:28:52 PM
    Event ID/Source: 3 / SQLBrowser
    Event Description:
    The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.
    
    Event Record #/Type845 / Warning
    Event Submitted/Written: 03/03/2007 06:02:51 PM
    Event ID/Source: 3 / SQLBrowser
    Event Description:
    The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.
    
    
    
    -- Security Event Log ----------------------------------------------------------
    
    No Errors/Warnings found.
    
    
    -- System Event Log ------------------------------------------------------------
    
    Event Record #/Type971 / Warning
    Event Submitted/Written: 03/06/2007 10:54:59 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    
    Event Record #/Type951 / Warning
    Event Submitted/Written: 03/06/2007 09:27:16 AM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    
    Event Record #/Type936 / Error
    Event Submitted/Written: 03/06/2007 02:06:44 AM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    The McAfee McShield service terminated unexpectedly.  It has done this 2 time(s).
    
    Event Record #/Type930 / Error
    Event Submitted/Written: 03/05/2007 04:52:33 PM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).
    
    Event Record #/Type929 / Warning
    Event Submitted/Written: 03/05/2007 02:12:58 PM
    Event ID/Source: 36 / W32Time
    Event Description:
    The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.
    
    
    
    -- End of Deckard's System Scanner: finished at 2007-03-06 23:17:22 ------------
    Thank You
    Geändert von 0x01 (06.03.2008 um 22:27 Uhr)

  8. #8
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: My Logfile - Virus

    It is looking pretty good at this point, and Kaspersky didn't pick up any active infection in that scan. I see now my read of some extension changes are due to you installing notepad++ at some past point, so not an issue. Before we do some cleanup of what we added there are there any problems at this time we can address?

  9. #9
    Einsteiger
    Registriert seit
    04.03.2008
    Beiträge
    17

    AW: My Logfile - Virus

    - Thank you so much there's no other Problem, I Appreciate you help

    - Actually there's just one problem but it's not related to Viruses i think but it happened since i got Infected when i booted up my Computer.. Every time i boot my PC the chkdsk scans the Partition "J" and gives me some errors, the partition is NTFS, I don't know if you can help me or not, Here's the log anyway:

    Code:
    Checking file system on J:
    The type of the file system is NTFS.
    Volume label is 0x07.
    
    
    One of your disks needs to be checked for consistency. You
    may cancel the disk check, but it is strongly recommended
    that you continue.
    Windows will now check the disk.                         
    Read failure with status 0xc000009c at offset 0x55f041000 for 0x10000 bytes.
    Read failure with status 0xc000009c at offset 0x55f041000 for 0x1000 bytes.
    File record segment 14848 is unreadable.
    Read failure with status 0xc000009c at offset 0x55f041000 for 0x1000 bytes.
    File record segment 14849 is unreadable.
    Read failure with status 0xc000009c at offset 0x55f041000 for 0x1000 bytes.
    File record segment 14850 is unreadable.
    Read failure with status 0xc000009c at offset 0x55f041000 for 0x1000 bytes.
    File record segment 14851 is unreadable.
    Read failure with status 0xc000009c at offset 0x569171000 for 0x10000 bytes.
    Read failure with status 0xc000009c at offset 0x56917b000 for 0x1000 bytes.
    File record segment 179944 is unreadable.
    Read failure with status 0xc000009c at offset 0x56917b000 for 0x1000 bytes.
    File record segment 179945 is unreadable.
    Read failure with status 0xc000009c at offset 0x56917b000 for 0x1000 bytes.
    File record segment 179946 is unreadable.
    Read failure with status 0xc000009c at offset 0x56917b000 for 0x1000 bytes.
    File record segment 179947 is unreadable.
    Read failure with status 0xc000009c at offset 0x569c41000 for 0x10000 bytes.
    Read failure with status 0xc000009c at offset 0x569c43000 for 0x1000 bytes.
    File record segment 190984 is unreadable.
    Read failure with status 0xc000009c at offset 0x569c43000 for 0x1000 bytes.
    File record segment 190985 is unreadable.
    Read failure with status 0xc000009c at offset 0x569c43000 for 0x1000 bytes.
    File record segment 190986 is unreadable.
    Read failure with status 0xc000009c at offset 0x569c43000 for 0x1000 bytes.
    File record segment 190987 is unreadable.
    The attribute list length 0xd8 in file 0x3246d is incorrect.
    The expected value is 0x0.
    Truncating corrupt attribute list for file 205933.
    The attribute list in file 0x3246d does not contain
    standard information attribute.
    Deleted corrupt attribute list for file 205933.
    Deleting orphan file record segment 206544.
    Deleting orphan file record segment 206550.
    Deleting orphan file record segment 206552.
    Deleting orphan file record segment 206555.
    Deleting orphan file record segment 206556.
    Deleting orphan file record segment 206557.
    Deleting orphan file record segment 206558.
    Deleting orphan file record segment 206559.
    Deleting orphan file record segment 206560.
    Deleting orphan file record segment 206561.
    Deleting orphan file record segment 206564.
    Deleting orphan file record segment 206565.
    Deleting orphan file record segment 206571.
    Deleting orphan file record segment 206572.
    Deleting orphan file record segment 206573.
    Deleting orphan file record segment 206574.
    Read failure with status 0xc000009c at offset 0x55f041c00 for 0x400 bytes.
    Read failure with status 0xc000009c at offset 0x56917bc00 for 0x400 bytes.
    Read failure with status 0xc000009c at offset 0x569c43800 for 0x400 bytes.
    Read failure with status 0xc000009c at offset 0x56ab47000 for 0x1000 bytes.
    Read failure with status 0xc000009c at offset 0x56ab46000 for 0x4000 bytes.
    Read failure with status 0xc000009c at offset 0x56ab47000 for 0x1000 bytes.
    The index buffer at VCN 0x1 of index $I30 in file 0x6494
    cannot be read.
    Correcting error in index $I30 for file 25748.
    The index bitmap $I30 in file 0x6494 is incorrect.
    Correcting error in index $I30 for file 25748.
    The down pointer of current index entry with length 0x70 is invalid.
    a8 64 00 00 00 00 a8 64 70 00 54 00 01 00 00 00  .d.....dp.T.....
    94 64 00 00 00 00 94 64 a0 25 0a d3 34 bf c6 01  .d.....d.%..4...
    00 f8 97 a5 bb 0a c6 01 42 2e 2a a9 be 74 c8 01  ........B.*..t..
    00 70 0f 25 d4 53 c8 01 00 20 01 00 00 00 00 00  .p.%.S... ......
    c2 17 01 00 00 00 00 00 20 20 00 00 00 00 00 00  ........  ......
    09 03 62 00 69 00 72 00 64 00 39 00 2e 00 77 00  ..b.i.r.d.9...w.
    61 00 76 00 00 00 00 00 ff ff ff ff ff ff ff ff  a.v.............
    b7 64 00 00 00 00 b7 64 90 00 78 00 01 00 00 00  .d.....d..x.....
    Sorting index $I30 in file 25748.
    The index root $I30 is missing in file 0x3246d.
    Correcting error in index $I30 for file 205933.
    The file name index present bit in file 0x3246d should not be set.
    Correcting a minor error in file 205933.
    Index entry weapon of index $I30 in file 0x3962 points to unused file 0x3a03.
    Deleting index entry weapon in index $I30 of file 14690.
    Index entry IM6B8C~1.PNG of index $I30 in file 0x2bb76 points to unused file 0x2beeb.
    Deleting index entry IM6B8C~1.PNG in index $I30 of file 179062.
    Index entry Image02096.png of index $I30 in file 0x2bb76 points to unused file 0x2beeb.
    Deleting index entry Image02096.png in index $I30 of file 179062.
    Index entry SR064B~1.JPG of index $I30 in file 0x2c2b1 points to unused file 0x2ea0a.
    Deleting index entry SR064B~1.JPG in index $I30 of file 180913.
    Index entry SRO[2007-05-08 14-36-40]_24.jpg of index $I30 in file 0x2c2b1 points to unused file 0x2ea0a.
    Deleting index entry SRO[2007-05-08 14-36-40]_24.jpg in index $I30 of file 180913.
    Cleaning up minor inconsistencies on the drive.
    CHKDSK is recovering lost files.
    Recovering orphaned file bird1.wav (25749) into directory file 25748.
    Recovering orphaned file bird10.wav (25750) into directory file 25748.
    Recovering orphaned file bird11.wav (25751) into directory file 25748.
    Recovering orphaned file bird12.wav (25752) into directory file 25748.
    Recovering orphaned file bird13.wav (25753) into directory file 25748.
    Recovering orphaned file bird14.wav (25754) into directory file 25748.
    Recovering orphaned file bird15.wav (25755) into directory file 25748.
    Recovering orphaned file bird16.wav (25756) into directory file 25748.
    Recovering orphaned file bird17.wav (25757) into directory file 25748.
    Recovering orphaned file bird18.wav (25758) into directory file 25748.
    Recovering orphaned file bird19.wav (25759) into directory file 25748.
    Recovering orphaned file bird2.wav (25760) into directory file 25748.
    Recovering orphaned file bird20.wav (25761) into directory file 25748.
    Recovering orphaned file bird3.wav (25762) into directory file 25748.
    Recovering orphaned file bird4.wav (25763) into directory file 25748.
    Recovering orphaned file bird5.wav (25764) into directory file 25748.
    Recovering orphaned file bird6.wav (25765) into directory file 25748.
    Recovering orphaned file bird7.wav (25766) into directory file 25748.
    Recovering orphaned file bird8.wav (25767) into directory file 25748.
    Cleaning up 8 unused index entries from index $SII of file 0x9.
    Cleaning up 8 unused index entries from index $SDH of file 0x9.
    Cleaning up 8 unused security descriptors.
    Inserting data attribute into file 205933.
    Read failure with status 0xc000009c at offset 0x55a8b5000 for 0x10000 bytes.
    Read failure with status 0xc000009c at offset 0x55a8bc000 for 0x1000 bytes.
    Replacing bad clusters in logfile.
    Adding 5 bad clusters to the Bad Clusters File.
    Correcting errors in the master file table's (MFT) DATA attribute.
    CHKDSK discovered free space marked as allocated in the
    master file table (MFT) bitmap.
    Correcting errors in the Volume Bitmap.
    Windows has made corrections to the file system.
    
     156280288 KB total disk space.
     153988292 KB in 199333 files.
         75092 KB in 6727 indexes.
            20 KB in bad sectors.
        277576 KB in use by the system.
         65536 KB occupied by the log file.
       1939308 KB available on disk.
    
          4096 bytes in each allocation unit.
      39070072 total allocation units on disk.
        484827 allocation units available on disk.
    
    Internal Info:
    40 27 03 00 f4 24 03 00 40 2e 05 00 00 00 00 00  @'...$..@.......
    0e 00 00 00 00 00 00 00 1d 00 00 00 00 00 00 00  ................
    6e 6e 5d 4d 00 00 00 00 08 05 51 83 00 00 00 00  nn]M......Q.....
    4a 0c 52 2f 00 00 00 00 00 00 00 00 00 00 00 00  J.R/............
    00 00 00 00 00 00 00 00 d8 29 f9 3a 01 00 00 00  .........).:....
    20 3f a9 bf 00 00 00 00 20 40 07 00 a5 0a 03 00   ?...... @......
    00 00 00 00 00 10 b3 b6 24 00 00 00 47 1a 00 00  ........$...G...
    Checking file system on J:
    The type of the file system is NTFS.
    Volume label is 0x07.
    
    
    One of your disks needs to be checked for consistency. You
    may cancel the disk check, but it is strongly recommended
    that you continue.
    Windows will now check the disk.                         
    The file reference 0x3a00000000003a00 of index entry _F83C2~1.TGA of index $I30
    with parent 0x3962 is not the same as 0x3a02000000003a00.
    Deleting index entry _F83C2~1.TGA in index $I30 of file 14690.
    The file reference 0x3a00000000003a00 of index entry _fill_red_n.tga of index $I30
    with parent 0x3962 is not the same as 0x3a02000000003a00.
    Deleting index entry _fill_red_n.tga in index $I30 of file 14690.
    Unable to locate the file name attribute of index entry _fontmenu.tga
    of index $I30 with parent 0x3962 in file 0x3a01.
    Deleting index entry _fontmenu.tga in index $I30 of file 14690.
    Unable to locate the file name attribute of index entry _FONTM~1.TGA
    of index $I30 with parent 0x3962 in file 0x3a01.
    Deleting index entry _FONTM~1.TGA in index $I30 of file 14690.
    Unable to locate the file name attribute of index entry _logosmall.tga
    of index $I30 with parent 0x3962 in file 0x3a02.
    Deleting index entry _logosmall.tga in index $I30 of file 14690.
    Unable to locate the file name attribute of index entry _LOGOS~1.TGA
    of index $I30 with parent 0x3962 in file 0x3a02.
    Deleting index entry _LOGOS~1.TGA in index $I30 of file 14690.
    Unable to locate the file name attribute of index entry IM5B80~1.PNG
    of index $I30 with parent 0x2bb76 in file 0x2bee8.
    Deleting index entry IM5B80~1.PNG in index $I30 of file 179062.
    Unable to locate the file name attribute of index entry IM5B84~1.PNG
    of index $I30 with parent 0x2bb76 in file 0x2bee9.
    Deleting index entry IM5B84~1.PNG in index $I30 of file 179062.
    Index entry IM6B88~1.PNG of index $I30 in file 0x2bb76 points to unused file 0x2beea.
    Deleting index entry IM6B88~1.PNG in index $I30 of file 179062.
    Unable to locate the file name attribute of index entry Image02093.png
    of index $I30 with parent 0x2bb76 in file 0x2bee8.
    Deleting index entry Image02093.png in index $I30 of file 179062.
    Unable to locate the file name attribute of index entry Image02094.png
    of index $I30 with parent 0x2bb76 in file 0x2bee9.
    Deleting index entry Image02094.png in index $I30 of file 179062.
    Index entry Image02095.png of index $I30 in file 0x2bb76 points to unused file 0x2beea.
    Deleting index entry Image02095.png in index $I30 of file 179062.
    Index entry SR0440~1.JPG of index $I30 in file 0x2c2b1 points to unused file 0x2ea09.
    Deleting index entry SR0440~1.JPG in index $I30 of file 180913.
    Index entry SRF341~1.JPG of index $I30 in file 0x2c2b1 points to unused file 0x2ea08.
    Deleting index entry SRF341~1.JPG in index $I30 of file 180913.
    Index entry SRO[2007-05-08 14-36-02]_23.jpg of index $I30 in file 0x2c2b1 points to unused file 0x2ea08.
    Deleting index entry SRO[2007-05-08 14-36-02]_23.jpg in index $I30 of file 180913.
    Index entry SRO[2007-05-08 14-36-26]_82.jpg of index $I30 in file 0x2c2b1 points to unused file 0x2ea09.
    Deleting index entry SRO[2007-05-08 14-36-26]_82.jpg in index $I30 of file 180913.
    Cleaning up minor inconsistencies on the drive.
    Cleaning up 24 unused index entries from index $SII of file 0x9.
    Cleaning up 24 unused index entries from index $SDH of file 0x9.
    Cleaning up 24 unused security descriptors.
    Correcting errors in the master file table's (MFT) BITMAP attribute.
    Correcting errors in the Volume Bitmap.
    Windows has made corrections to the file system.
    
     156280288 KB total disk space.
     153426092 KB in 198041 files.
         74720 KB in 6661 indexes.
            20 KB in bad sectors.
        277580 KB in use by the system.
         65536 KB occupied by the log file.
       2501876 KB available on disk.
    
          4096 bytes in each allocation unit.
      39070072 total allocation units on disk.
        625469 allocation units available on disk.
    
    Internal Info:
    40 27 03 00 a9 1f 03 00 7b 28 05 00 00 00 00 00  @'......{(......
    13 00 00 00 00 00 00 00 23 00 00 00 00 00 00 00  ........#.......
    66 4c 39 28 00 00 00 00 38 d9 ab 60 00 00 00 00  fL9(....8..`....
    dc cf 18 27 00 00 00 00 00 00 00 00 00 00 00 00  ...'............
    00 00 00 00 00 00 00 00 f2 33 0d c7 00 00 00 00  .........3......
    20 3f a9 bf 00 00 00 00 20 40 07 00 99 05 03 00   ?...... @......
    00 00 00 00 00 b0 62 94 24 00 00 00 05 1a 00 00  ......b.$.......
    Thank You so Much
    Geändert von 0x01 (07.03.2008 um 07:28 Uhr)

  10. #10
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: My Logfile - Virus

    Does it also continue each time to find file systems errors like those showing in that log? Also, as I believe it provides the option, have you used McAfee to scan just that one partition yet?

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Help. ICQ spreading virus. My HJ logfile.
    Von Dieter_K im Forum Archiv
    Antworten: 23
    Letzter Beitrag: 07.03.2007, 14:42
  2. Hijackthis Logfile - remove Virus
    Von Maggur im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 30.05.2006, 17:29
  3. Logfile - Virus??
    Von Unregistriert im Forum Archiv
    Antworten: 41
    Letzter Beitrag: 02.06.2005, 23:49
  4. Virus Logfile
    Von Txlady im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 23.04.2005, 20:37
  5. Logfile - welcher Trojaner/Virus?
    Von Unregistriert im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 14.03.2005, 16:47

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •