|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Skurken
Trooper
Joined: Jun 09, 2008
Posts: 11
Location: Sweden
|
 Posted: Wed Jun 11, 2008 11:56 am Post subject: Computer always sending data over the internet |
|
|
Hi!
I've noticed that my computer is always transmitting data over the internet to an unknown source. The "sent packets" indicator in my "wireless network connection status" dialog box is always increasing with about 3 packets per second even if I am not doing anything internetrelated and have shut down all browsers and other internetprograms. Is this some form of spyware? I've also noticed a slight decrease in internet speed. I'm using ESET NOD32 as a virusscanner and zonealarm as firewall and either of them can find any viruses or spyware. I've also tried with Ad-Aware and spybot search and destroy.
Heres my Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:59, on 2008-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Thanx for a great web page and for helping out!
|
|
| Back to top |
|
 |
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17541
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17541
|
| Posted: Tue Jun 24, 2008 10:01 am Post subject: |
|
|
Now that you've made an entry at the Unhandled Logs topic, you need to post a fresh log here (below this post).
**NOTE: You have a week to post the updated log. Do not post it as a new topic. If your new updated log is not posted, this topic will be locked and your post removed from the Unhandled Logs topic list.
_________________
Microsoft MVP Consumer Security 2006, 2007 & 2008
|
|
| Back to top |
|
|
Skurken
Trooper
Joined: Jun 09, 2008
Posts: 11
Location: Sweden
|
| Posted: Sun Jun 29, 2008 7:33 pm Post subject: New log |
|
|
Hi! Here's my new log!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:15, on 2008-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6121 bytes
Thanks
|
|
| Back to top |
|
|
ndmmxiaomayi
1st Responder
Joined: Oct 10, 2006
Posts: 668
Location: Little Red Dot
|
| Posted: Tue Jul 01, 2008 5:25 pm Post subject: |
|
|
Hi,
Please uninstall ZoneAlarm Spyblocker by going to Start > Control Panel and double clicking on Add/Remove Programs.
Here's why - http://securitygarden.blogspot.com/2007/12/beware-of-zonealarm.html
Note: You may have to re-install ZoneAlarm firewall after uninstalling ZoneAlarm Spyblocker.
- Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
- Save all your work and close all opened programs.
- Double click on dss.exe to run it. Follow the prompts.
- When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
- Please post the contents of the 2 log files in your next reply. 1 log per reply please.
|
|
| Back to top |
|
|
Skurken
Trooper
Joined: Jun 09, 2008
Posts: 11
Location: Sweden
|
| Posted: Fri Jul 04, 2008 4:06 pm Post subject: dss main.txt |
|
|
Hi! Thanks for the quick answer. The reason that I didn't reply immediately was that I was out of town for a while without a computer (oh, the pain!) Anyway, here's my dss main log:
Deckard's System Scanner v20071014.68
Run by Skurken on 2008-07-05 18:04:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
74: 2008-07-05 16:04:21 UTC - RP74 - Deckard's System Scanner Restore Point
73: 2008-07-05 11:56:50 UTC - RP73 - System Checkpoint
72: 2008-07-04 11:52:56 UTC - RP72 - System Checkpoint
71: 2008-07-02 15:09:35 UTC - RP71 - System Checkpoint
70: 2008-06-30 19:24:18 UTC - RP70 - Removed Ad-Aware
-- First Restore Point --
1: 2008-05-15 20:22:49 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Skurken.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:52, on 2008-07-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Skurken\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Skurken.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5863 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Bonjour-tjänst) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-05 18:02:12 446 --a------ C:\WINDOWS\Tasks\ParetoLogic Registration.job
2008-07-05 17:13:00 258 --a------ C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job
2008-06-21 19:11:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-05 and 2008-07-05 -----------------------------
2008-07-05 17:52:09 262144 --a------ C:\Program Files\Uninstall Spy Blocker.dll <Not Verified; ZoneAlarm; ZoneAlarm Spy Blocker for Internet Explorer and Firefox>
2008-06-30 20:49:06 0 d-------- C:\Documents and Settings\Skurken\Application Data\Malwarebytes
2008-06-30 20:49:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 16:02:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 16:00:10 0 d-------- C:\Program Files\EsetOnlineScanner
2008-06-30 15:28:28 0 dr-h----- C:\Documents and Settings\Skurken\Recent
2008-06-14 02:41:04 0 d-------- C:\Documents and Settings\Skurken\Application Data\EAST Technologies
2008-06-11 20:14:14 57137 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-11 20:14:12 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-11 20:14:12 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-11 18:58:57 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-11 18:58:57 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-11 18:58:57 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-10 14:49:07 0 d-------- C:\Program Files\Trend Micro
2008-06-10 14:42:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 17:59:37 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 17:42:21 0 d-------- C:\Program Files\NetFlow Analyzer
2008-06-09 16:24:31 10242080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 16:21:00 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-09 16:20:56 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-09 16:20:51 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-09 16:20:35 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-09 16:19:55 0 d-------- C:\WINDOWS\Internet Logs
-- Find3M Report ---------------------------------------------------------------
2008-06-30 21:24:32 0 d-------- C:\Program Files\Common Files
2008-06-19 13:14:10 0 d-------- C:\Documents and Settings\Skurken\Application Data\Adobe
2008-06-09 17:42:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-09 16:42:09 0 d-------- C:\Program Files\Bonjour
2008-06-04 14:55:59 0 d-------- C:\Program Files\Apple Software Update
2008-05-31 15:46:15 0 d-------- C:\Program Files\iTunes
2008-05-22 10:40:18 0 d-------- C:\Documents and Settings\Skurken\Application Data\InstallShield
2008-05-22 09:57:48 0 d-------- C:\Documents and Settings\Skurken\Application Data\My Games
2008-05-22 09:56:26 0 d-------- C:\Documents and Settings\Skurken\Application Data\Xfire
2008-05-22 09:56:16 0 d---s---- C:\Program Files\Xfire
2008-05-19 15:36:36 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-19 15:35:30 0 d-------- C:\Program Files\Windows Live
2008-05-19 15:35:13 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-19 15:28:27 0 d-------- C:\Documents and Settings\Skurken\Application Data\vlc
2008-05-19 15:28:04 0 d-------- C:\Program Files\VideoLAN
2008-05-19 01:08:57 0 d-------- C:\Program Files\Realtek AC97
2008-05-18 20:19:55 0 d-------- C:\Program Files\AvRack
2008-05-18 14:30:50 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-18 14:29:36 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-18 14:29:15 0 d-------- C:\Documents and Settings\Skurken\Application Data\DivX
2008-05-18 14:27:54 0 d-------- C:\Documents and Settings\Skurken\Application Data\Macromedia
2008-05-18 12:14:50 0 d-------- C:\Program Files\DivX
2008-05-17 00:17:48 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 00:17:43 0 d-------- C:\Program Files\MSBuild
2008-05-17 00:16:24 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 00:12:06 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-17 00:11:55 0 d-------- C:\Documents and Settings\Skurken\Application Data\ATI
2008-05-17 00:09:44 0 d-------- C:\Documents and Settings\Skurken\Application Data\DAEMON Tools
2008-05-17 00:04:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-16 23:56:29 0 d-------- C:\Documents and Settings\Skurken\Application Data\Real
2008-05-16 23:54:57 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-16 23:54:56 0 d-------- C:\Program Files\Common Files\Real
2008-05-16 23:54:53 0 d-------- C:\Program Files\Real
2008-05-16 23:54:42 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-05-16 23:41:10 0 d-------- C:\Program Files\Gabest
2008-05-16 23:40:29 0 d-------- C:\Program Files\Microsoft.NET
2008-05-16 23:33:19 0 d-------- C:\Program Files\DVD Decrypter
2008-05-16 23:23:42 0 d-------- C:\Program Files\Messenger
2008-05-16 23:03:22 0 d-------- C:\Documents and Settings\Skurken\Application Data\Apple Computer
2008-05-16 23:03:15 0 d-------- C:\Program Files\iPod
2008-05-16 23:03:05 0 d-------- C:\Program Files\QuickTime
2008-05-16 23:02:28 0 d-------- C:\Program Files\Common Files\Apple
2008-05-16 22:45:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 22:45:46 0 d-------- C:\Documents and Settings\Skurken\Application Data\Mozilla
2008-05-16 22:34:01 159845 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-05-16 22:34:01 0 d-------- C:\Program Files\Marsu-Fix
2008-05-16 22:18:46 0 d-------- C:\Documents and Settings\Skurken\Application Data\WinRAR
2008-05-16 22:16:52 0 d-------- C:\Program Files\BitLord
2008-05-16 21:59:40 0 d-------- C:\Program Files\MicroStar
2008-05-16 21:59:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-16 21:56:57 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-16 21:55:49 0 d-------- C:\Program Files\ATI Technologies
2008-05-16 21:51:54 0 d-------- C:\Program Files\Realtek Sound Manager
2008-05-15 22:22:40 0 d-------- C:\Documents and Settings\Skurken\Application Data\Identities
2008-05-15 22:14:03 0 d-------- C:\Program Files\microsoft frontpage
2008-05-15 22:13:49 0 -rahs---- C:\MSDOS.SYS
2008-05-15 22:13:49 0 -rahs---- C:\IO.SYS
2008-05-15 22:13:49 0 --a------ C:\CONFIG.SYS
2008-05-15 22:13:49 0 --a------ C:\AUTOEXEC.BAT
2008-05-15 22:12:52 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-15 22:11:05 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-15 22:10:47 0 d-------- C:\Program Files\Movie Maker
2008-05-15 22:09:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-15 22:09:12 0 d-------- C:\Program Files\Online Services
2008-05-15 22:08:56 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-15 22:08:35 0 d-------- C:\Program Files\Windows NT
2008-05-15 01:53:05 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-15 01:53:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-15 01:52:18 62 --ahs---- C:\Documents and Settings\Skurken\Application Data\desktop.ini
2008-05-13 03:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 03:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-13 03:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 03:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-13 03:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 03:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-13 03:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 03:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 03:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WlanUtility.lnk - C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe [2006-04-19 09:56:18]
-- End of Deckard's System Scanner: finished at 2008-07-05 18:06:22 ------------
|
|
| Back to top |
|
|
Skurken
Trooper
Joined: Jun 09, 2008
Posts: 11
Location: Sweden
|
| Posted: Fri Jul 04, 2008 4:11 pm Post subject: dss extra.txt |
|
|
And here's my dss extra.txt log:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 Processor 3700+
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2047.48 MiB / 1593.08 MiB
Pagefile Memory (total/avail): 3939.89 MiB / 3588.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.39 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 107.24 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SP2504C - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: ZoneAlarm Firewall v7.0.473.000 (Check Point, LTD.)
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Spel\\Civ 4 - BTS\\Civilization4.exe"="C:\\Spel\\Civ 4 - BTS\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Spel\\Civ 4 - BTS\\Beyond the Sword\\Civ4BeyondSword.exe"="C:\\Spel\\Civ 4 - BTS\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\\Spel\\Civ 4 - BTS\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="C:\\Spel\\Civ 4 - BTS\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Spel\\Guitar hero III\\GH3.exe"="C:\\Spel\\Guitar hero III\\GH3.exe:*:Enabled:Guitar Hero III"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Skurken\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAZURKEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Skurken
LOGONSERVER=\\MAZURKEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Skurken\LOCALS~1\Temp
TMP=C:\DOCUME~1\Skurken\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MAZURKEN
USERNAME=Skurken
USERPROFILE=C:\Documents and Settings\Skurken
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Skurken (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Guitar Hero III --> MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IEEE802.11a/b/g Wireless LAN Software --> MsiExec.exe /I{902C0D79-8D7F-4956-9DCB-A223D5BF55B3}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Marsu-Fix --> C:\WINDOWS\Marsu-Fix Uninstaller.exe
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Sökmarkeringsfönstret (Windows Live Toolbar) --> MsiExec.exe /X{D052C16B-1290-41CF-8EFB-79337027B2F7}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Smarta menyer (Windows Live Toolbar) --> MsiExec.exe /X{2770CB13-5093-4C94-A318-F103857E18B1}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live inloggningsassistenten --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}
Windows Live Messenger --> MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Live Toolbar --> MsiExec.exe /X{45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{64E09E82-610D-4FB9-8722-1D2D1CD65A6B}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Xbox 360 Controller for Windows --> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type172 / Error
Event Submitted/Written: 07/05/2008 06:06:06 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type171 / Error
Event Submitted/Written: 07/05/2008 06:06:06 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type170 / Error
Event Submitted/Written: 07/05/2008 06:06:06 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type169 / Error
Event Submitted/Written: 07/05/2008 06:05:30 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type168 / Error
Event Submitted/Written: 07/05/2008 06:05:30 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4181 / Warning
Event Submitted/Written: 07/05/2008 03:27:17 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type4180 / Warning
Event Submitted/Written: 07/05/2008 11:48:50 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type4179 / Warning
Event Submitted/Written: 07/05/2008 11:17:44 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0011094DC7E0. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type4173 / Warning
Event Submitted/Written: 07/05/2008 09:59:35 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type4171 / Error
Event Submitted/Written: 07/05/2008 09:36:08 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer THENILSSONCOMPU
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{88B6152D-1D6.
The master browser is stopping or an election is being forced.
-- End of Deckard's System Scanner: finished at 2008-07-05 18:06:22 ------------
Thanks again!
|
|
| Back to top |
|
|
ndmmxiaomayi
1st Responder
Joined: Oct 10, 2006
Posts: 668
Location: Little Red Dot
|
| Posted: Fri Jul 04, 2008 4:15 pm Post subject: |
|
|
Hi,
Are you aware that using Marsu-Fix is illegal?
|
|
| Back to top |
|
|
Skurken
Trooper
Joined: Jun 09, 2008
Posts: 11
Location: Sweden
|
| Posted: Sat Jul 05, 2008 12:40 pm Post subject: |
|
|
No, what does it do? When I googled it the results showed it was some kind of malware. We are several people using this computer and a friend of my son has done most of the installing. Should I remove it?
|
|
| Back to top |
|
|
ndmmxiaomayi
1st Responder
Joined: Oct 10, 2006
Posts: 668
Location: Little Red Dot
|
| Posted: Sat Jul 05, 2008 1:33 pm Post subject: |
|
|
Hi,
Marsu-Fix extends the number of days you could use NOD32 Antivirus trial. By default, the trial is 30 days. Marsu-Fix extends that by quite long.
Yes, please remove Marsu-Fix by clicking on Start > Control Panel and double clicking Add/Remove Programs. Removing Marsu-Fix may stop NOD32 from working properly. If that happens, you will need to remove ESET NOD32 Antivirus and install a free replacement.
Here are 2 free ones:
avast! 4 Home Edition
AntiVir Free Edition
In addition, please uninstall BitLord 1.1.
According to Castlecops' P2P Programs Policy, all P2P programs needs to be removed before we can continue helping.
After you've completed the above steps, please run Deckard's System Scanner again and post back the log.
|
|
| Back to top |
|
|
Skurken
Trooper
Joined: Jun 09, 2008
Posts: 11
Location: Sweden
|
| Posted: Sun Jul 06, 2008 10:53 am Post subject: New dss log |
|
|
Hi! Thanks for helping me obtain a legal anti-virus program. I also removed Bitlord
Dss only gave me one log, main.txt, this time. Extra.txt didn't show up so i'm only posting main.txt
Here's the log:
Deckard's System Scanner v20071014.68
Run by Skurken on 2008-07-07 12:45:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Skurken.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:46, on 2008-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Skurken\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Skurken.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6304 bytes
-- Files created between 2008-06-07 and 2008-07-07 -----------------------------
2008-07-07 12:36:50 0 d-------- C:\Program Files\Alwil Software
2008-06-30 20:49:06 0 d-------- C:\Documents and Settings\Skurken\Application Data\Malwarebytes
2008-06-30 20:49:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 16:02:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 16:00:10 0 d-------- C:\Program Files\EsetOnlineScanner
2008-06-30 15:28:28 0 dr-h----- C:\Documents and Settings\Skurken\Recent
2008-06-14 02:41:04 0 d-------- C:\Documents and Settings\Skurken\Application Data\EAST Technologies
2008-06-11 20:14:14 57137 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-11 20:14:12 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-11 20:14:12 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-11 18:58:57 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-11 18:58:57 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-11 18:58:57 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-10 14:49:07 0 d-------- C:\Program Files\Trend Micro
2008-06-10 14:42:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 17:59:37 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 17:42:21 0 d-------- C:\Program Files\NetFlow Analyzer
2008-06-09 16:24:31 13056032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 16:21:00 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-09 16:20:56 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-09 16:20:51 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-09 16:20:35 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-09 16:19:55 0 d-------- C:\WINDOWS\Internet Logs
-- Find3M Report ---------------------------------------------------------------
2008-07-07 12:11:03 0 d-------- C:\Program Files\BitLord
2008-06-30 21:24:32 0 d-------- C:\Program Files\Common Files
2008-06-19 13:14:10 0 d-------- C:\Documents and Settings\Skurken\Application Data\Adobe
2008-06-09 17:42:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-09 16:42:09 0 d-------- C:\Program Files\Bonjour
2008-06-04 14:55:59 0 d-------- C:\Program Files\Apple Software Update
2008-05-31 15:46:15 0 d-------- C:\Program Files\iTunes
2008-05-22 10:40:18 0 d-------- C:\Documents and Settings\Skurken\Application Data\InstallShield
2008-05-22 09:57:48 0 d-------- C:\Documents and Settings\Skurken\Application Data\My Games
2008-05-22 09:56:26 0 d-------- C:\Documents and Settings\Skurken\Application Data\Xfire
2008-05-22 09:56:16 0 d---s---- C:\Program Files\Xfire
2008-05-19 15:36:36 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-19 15:35:30 0 d-------- C:\Program Files\Windows Live
2008-05-19 15:35:13 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-19 15:28:27 0 d-------- C:\Documents and Settings\Skurken\Application Data\vlc
2008-05-19 15:28:04 0 d-------- C:\Program Files\VideoLAN
2008-05-19 01:08:57 0 d-------- C:\Program Files\Realtek AC97
2008-05-18 20:19:55 0 d-------- C:\Program Files\AvRack
2008-05-18 14:30:50 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-18 14:29:36 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-18 14:29:15 0 d-------- C:\Documents and Settings\Skurken\Application Data\DivX
2008-05-18 14:27:54 0 d-------- C:\Documents and Settings\Skurken\Application Data\Macromedia
2008-05-18 12:14:50 0 d-------- C:\Program Files\DivX
2008-05-17 00:17:48 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 00:17:43 0 d-------- C:\Program Files\MSBuild
2008-05-17 00:16:24 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 00:12:06 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-17 00:11:55 0 d-------- C:\Documents and Settings\Skurken\Application Data\ATI
2008-05-17 00:09:44 0 d-------- C:\Documents and Settings\Skurken\Application Data\DAEMON Tools
2008-05-17 00:04:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-16 23:56:29 0 d-------- C:\Documents and Settings\Skurken\Application Data\Real
2008-05-16 23:54:57 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-16 23:54:56 0 d-------- C:\Program Files\Common Files\Real
2008-05-16 23:54:53 0 d---- | | |
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
