Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
all desktop icons gone
-
18-09-2007 03:51PM#1
Comments
-
-
-
-
-
-
Advertisement
-
-
-
-
-
here you go..ActorSeeksJob wrote:Post a HijackThis log.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:22:01, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\DAD\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.252.219.76:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {70A0FDE9-4E56-4979-92AB-C650EE04EFB6} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\xxyywwt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [TrojanScanner]
\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_11] C:\WINDOWS\system32\regsvr32 /s "C:\Program Files\Windows Media Player\mpvis.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMDM_Install_7] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mspmsnsv.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts
O4 - HKLM\..\RunOnce: [Trojan Remover] "D:\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://home.ntl.com/motive/files/MotivePreQual.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: xxyywwt - C:\WINDOWS\SYSTEM32\xxyywwt.dll
O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 15705 bytes0 -
Advertisement
-
-
Ok did what you asked..
1 Ran vundofix,..it reported nothing found.
2 ran combofix, followed instructions, see txt file below.
*** on reboot all my desktop icons & shortcuts are now back**:)
does that mean I'm sorted ?
ComboFix 07-09-18.4 - "DAD" 2007-09-19 12:52:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.353.1033.18.569 [GMT 1:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.ini\Autorun.inf
K:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
\LEGACY_NPF
((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.
2007-09-19 12:50 51,200 --a
C:\WINDOWS\NirCmd.exe
2007-09-19 12:44 <DIR> d
C:\VundoFix Backups
2007-09-19 11:08 <DIR> d
C:\Program Files\Windows Defender
2007-09-18 23:33 77,312 --a
C:\WINDOWS\system32\ztvunace26.dll
2007-09-18 23:33 75,264 --a
C:\WINDOWS\system32\unacev2.dll
2007-09-18 23:33 69,632 --a
C:\WINDOWS\system32\ztvcabinet.dll
2007-09-18 23:33 162,304 --a
C:\WINDOWS\system32\ztvunrar36.dll
2007-09-18 23:33 153,088 --a
C:\WINDOWS\system32\UNRAR3.dll
2007-09-18 23:33 <DIR> d-a
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-18 23:33 <DIR> d
C:\DOCUME~1\DAD\APPLIC~1\Simply Super Software
2007-09-18 23:33 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-09-18 23:25 <DIR> d
C:\WINDOWS\ServicePackFiles
2007-09-18 23:21 <DIR> d
C:\WINDOWS\EHome
2007-09-18 21:55 <DIR> d
C:\DOCUME~1\dad1\APPLIC~1\CyberLink
2007-09-18 21:55 <DIR> d
C:\DOCUME~1\dad1\APPLIC~1\AOL
2007-09-18 21:54 <DIR> d---s---- C:\DOCUME~1\dad1\UserData
2007-09-18 21:54 <DIR> d
C:\DOCUME~1\dad1\APPLIC~1\You've Got Pictures Screensaver
2007-09-18 21:54 <DIR> d
C:\DOCUME~1\dad1\APPLIC~1\Real
2007-09-18 21:41 <DIR> d
C:\WINDOWS\pss
2007-09-18 18:48 <DIR> d
C:\Program Files\Windows Live Safety Center
2007-09-18 13:42 <DIR> d---s---- C:\DOCUME~1\ADMINI~1.JUN\UserData
2007-09-18 13:35 628,788 --a
C:\WINDOWS\system32\nqtwa.bak1.ren
2007-09-18 13:34 629,738 --a
C:\WINDOWS\system32\nqtwa.ini.ren
2007-09-18 13:29 44,054 --a
C:\WINDOWS\system32\xxyywwt.dll.ren
2007-09-18 13:29 23,552 --a
C:\WINDOWS\system32\winjrs32.dll.ren
2007-08-27 17:13 97,672 --a
C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 17:13 537,992 --a
C:\WINDOWS\system32\SymNeti.dll
2007-08-27 17:13 31,624 --a
C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 17:13 28,040 --a
C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 17:13 23,944 --a
C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 17:13 189,320 --a
C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 17:13 161,160 --a
C:\WINDOWS\system32\SymRedir.dll
2007-08-27 17:13 12,680 --a
C:\WINDOWS\system32\drivers\symdns.sys
2007-08-26 00:50 <DIR> d
C:\Program Files\Nero
2007-08-26 00:50 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-25 00:36 <DIR> d
C:\DOCUME~1\DAD\APPLIC~1\AVS4YOU
2007-08-25 00:35 <DIR> d
C:\Program Files\Common Files\AVSMedia
2007-08-25 00:35 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-08-25 00:34 974,848 --a
C:\WINDOWS\system32\mfc70.dll
2007-08-25 00:34 487,424 --a
C:\WINDOWS\system32\msvcp70.dll
2007-08-25 00:34 261,632 --a
C:\WINDOWS\system32\mcdvd_32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 12:06
d
C:\Program Files\Common Files\Symantec Shared
2007-09-18 23:10
d
C:\Program Files\FlashGet
2007-09-18 10:36 805 --a
C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 10:36 123952 --a
C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-18 10:36 10676 --a
C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 10:36
d
C:\Program Files\Symantec
2007-08-28 20:17
d
C:\Program Files\Google
2007-08-27 23:35
d
C:\Program Files\SEGA
2007-08-26 20:43
d
C:\DOCUME~1\DAD\APPLIC~1\Ahead
2007-08-26 00:54
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-26 00:53
d
C:\Program Files\Common Files\Ahead
2007-08-26 00:38
d
C:\Program Files\Ahead
2007-08-15 14:25
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{DB82D04C-8FC1-489B-81AA-BE54061CEF97}
2007-08-15 14:05
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-14 21:29
d
C:\DOCUME~1\DAD\APPLIC~1\Atalasoft
2007-08-12 01:05
d
C:\Program Files\Altdo MP4 to AVI WMV DVD Converter&Burner
2007-08-12 00:53
d
C:\Program Files\Boilsoft MOV Converter
2007-08-11 21:18
d
C:\Program Files\DivX
2007-08-11 21:01
d
C:\DOCUME~1\DAD\APPLIC~1\Dr. DivX 2.0 OSS
2007-08-09 22:17
d
C:\Program Files\FlashFXP
2007-07-31 11:26
d
C:\Program Files\Common Files\Sony Shared
2007-07-27 00:06 43528 --a
C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-27 19:05 972072 --a
C:\WINDOWS\UNNeroMediaHome.exe
2007-06-26 14:12 972072 --a
C:\WINDOWS\UNNeroVision.exe
2007-02-04 15:42 24192 --a
C:\DOCUME~1\AL\usbsermptxp.sys
2007-02-04 15:42 22768 --a
C:\DOCUME~1\AL\usbsermpt.sys
2005-12-03 14:58 2657302 --a
C:\Program Files\FlashFXP.exe
2006-01-20 14:36:26 56 --sh--r C:\WINDOWS\system32\18D5BC39EA.sys
2005-10-19 10:21:58 8 --sh--r C:\WINDOWS\system32\C72AA29016.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 18:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-06 22:56]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 18:22 C:\WINDOWS\system32\nvmctray.dll]
"SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [2006-10-16 18:32]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 05:43]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-01-27 00:16]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-06-22 19:17]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"MSConfig"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe" [2004-08-04 13:00]
"TrojanScanner"="D:\Trojan Remover\Trjscan.exe" [2007-09-04 13:26]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 16:41]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-06-06 21:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Color Calibration.lnk -\SEC\MagicTune3.5_Client\GammaTray.exe [2006-06-22 18:40:26]
MagicTune 3.5.lnk -\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2006-06-22 18:40:34]
NaturalColorLoad.lnk -\SEC\Natural Color\NaturalColorLoad.exe [2006-06-22 18:39:01]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe [2005-10-19 18:40:13]
C:\DOCUME~1\DAD\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=\Qualcomm\Eudora\EuShlExt.dll [2005-11-14 16:15 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
winjrs32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
R0 AEC671X;AEC671X;C:\WINDOWS\system32\DRIVERS\AEC671X.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS
R3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
R3 XUIF;X10 USB Wireless Transceiver;C:\WINDOWS\system32\Drivers\x10ufx2.sys
S3 FlyPCI;FlyPCI;\??\C:\WINDOWS\system32\drivers\FlyPCI.sys
S3 PAC207;Q-TEC WEBCAM 110 USB;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-19 11:59:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-15 13:25:35 C:\WINDOWS\Tasks\EyeBatch 2.1 Updates.job"
- C:\WINDOWS\Installer\EyeBatch 2.1 Updates for All Users.lnk
"2007-09-19 10:11:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-14 22:13:44 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - DAD.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 13:04:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-19 13:06:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-19 13:05
.
--- E O F ---0 -
Not done just yet
Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
Open notepad (Start > Run and type notepad > click Ok) and copy/paste the text in the quote box below into it:File::
C:\WINDOWS\system32\nqtwa.bak1.ren
C:\WINDOWS\system32\nqtwa.ini.ren
C:\WINDOWS\system32\xxyywwt.dll.ren
C:\WINDOWS\system32\winjrs32.dll.ren
C:\WINDOWS\system32\winjrs32.dll
Folder::
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{DB82D04C-8FC1-489B-81AA-BE54061CEF97}
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
Save this as CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Run ComboFix again and post the resultant log file.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:
C:\WINDOWS\system32\18D5BC39EA.sys
Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
Repeat that for this file
C:\WINDOWS\system32\C72AA29016.sys
So post the ComboFix log and the two DSS texts in full, the results of the two files I asked you to scan, and tell me how your PC is running now.0 -
here you go,..results of latest combofix, will run Deckards & post both txt's in next post
ComboFix 07-09-18.4 - "DAD" 2007-09-20 10:10:15.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.353.1033.18.467 [GMT
1:00]
Command switches used :: C:\Documents and Settings\DAD\Desktop\Misc\combofix\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\nqtwa.bak1.ren
C:\WINDOWS\system32\nqtwa.ini.ren
C:\WINDOWS\system32\xxyywwt.dll.ren
C:\WINDOWS\system32\winjrs32.dll.ren
C:\WINDOWS\system32\winjrs32.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))
.
2007-09-19 12:50 51,200 --a
C:\WINDOWS\NirCmd.exe
2007-09-19 12:44 <DIR> d
C:\VundoFix Backups
2007-09-19 11:08 <DIR> d
C:\Program Files\Windows Defender
2007-09-18 23:33 77,312 --a
C:\WINDOWS\system32\ztvunace26.dll
2007-09-18 23:33 75,264 --a
C:\WINDOWS\system32\unacev2.dll
2007-09-18 23:33 69,632 --a
C:\WINDOWS\system32\ztvcabinet.dll
2007-09-18 23:33 162,304 --a
C:\WINDOWS\system32\ztvunrar36.dll
2007-09-18 23:33 153,088 --a
C:\WINDOWS\system32\UNRAR3.dll
2007-09-18 23:33 <DIR> d-a
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-18 23:33 <DIR> d
C:\DOCUME~1\DAD\APPLIC~1\Simply Super Software
2007-09-18 23:33 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-09-18 23:25 <DIR> d
C:\WINDOWS\ServicePackFiles
2007-09-18 23:21 <DIR> d
C:\WINDOWS\EHome
2007-09-18 21:55 <DIR> d
C:\DOCUME~1\dad1\APPLIC~1\CyberLink
2007-09-18 21:55 <DIR> d
C:\DOCUME~1\dad1\APPLIC~1\AOL
2007-09-18 21:54 <DIR> d---s---- C:\DOCUME~1\dad1\UserData
2007-09-18 21:54 <DIR> d
C:\DOCUME~1\dad1\APPLIC~1\You've Got Pictures Screensaver
2007-09-18 21:54 <DIR> d
C:\DOCUME~1\dad1\APPLIC~1\Real
2007-09-18 21:41 <DIR> d
C:\WINDOWS\pss
2007-09-18 18:48 <DIR> d
C:\Program Files\Windows Live Safety Center
2007-09-18 13:42 <DIR> d---s---- C:\DOCUME~1\ADMINI~1.JUN\UserData
2007-08-27 17:13 97,672 --a
C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 17:13 537,992 --a
C:\WINDOWS\system32\SymNeti.dll
2007-08-27 17:13 31,624 --a
C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 17:13 28,040 --a
C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 17:13 23,944 --a
C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 17:13 189,320 --a
C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 17:13 161,160 --a
C:\WINDOWS\system32\SymRedir.dll
2007-08-27 17:13 12,680 --a
C:\WINDOWS\system32\drivers\symdns.sys
2007-08-26 00:50 <DIR> d
C:\Program Files\Nero
2007-08-26 00:50 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-25 00:36 <DIR> d
C:\DOCUME~1\DAD\APPLIC~1\AVS4YOU
2007-08-25 00:35 <DIR> d
C:\Program Files\Common Files\AVSMedia
2007-08-25 00:35 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-08-25 00:34 974,848 --a
C:\WINDOWS\system32\mfc70.dll
2007-08-25 00:34 487,424 --a
C:\WINDOWS\system32\msvcp70.dll
2007-08-25 00:34 261,632 --a
C:\WINDOWS\system32\mcdvd_32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 23:41
d
C:\Program Files\FlashGet
2007-09-19 13:32
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-09-19 12:06
d
C:\Program Files\Common Files\Symantec Shared
2007-09-18 10:36 805 --a
C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 10:36 60800 --a
C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-18 10:36 123952 --a
C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-18 10:36 10676 --a
C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 10:36
d
C:\Program Files\Symantec
2007-08-28 20:17
d
C:\Program Files\Google
2007-08-27 23:35
d
C:\Program Files\SEGA
2007-08-26 20:43
d
C:\DOCUME~1\DAD\APPLIC~1\Ahead
2007-08-26 00:54
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-26 00:53
d
C:\Program Files\Common Files\Ahead
2007-08-26 00:38
d
C:\Program Files\Ahead
2007-08-14 21:29
d
C:\DOCUME~1\DAD\APPLIC~1\Atalasoft
2007-08-12 01:05
d
C:\Program Files\Altdo MP4 to AVI WMV DVD Converter&Burner
2007-08-12 00:53
d
C:\Program Files\Boilsoft MOV Converter
2007-08-11 21:18
d
C:\Program Files\DivX
2007-08-11 21:01
d
C:\DOCUME~1\DAD\APPLIC~1\Dr. DivX 2.0 OSS
2007-08-09 22:17
d
C:\Program Files\FlashFXP
2007-07-31 11:26
d
C:\Program Files\Common Files\Sony Shared
2007-07-30 19:19 92504 --a
C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a
C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a
C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a
C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a
C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a
C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a
C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a
C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a
C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a
C:\WINDOWS\system32\wups.dll
2007-07-27 00:06 524288 --a
C:\WINDOWS\system32\DivXsm.exe
2007-07-27 00:06 43528 --a
C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-27 00:06 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 00:06 200704 --a
C:\WINDOWS\system32\ssldivx.dll
2007-07-27 00:06 144704 --a
C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 00:06 129784 --a
C:\WINDOWS\system32\pxafs.dll
2007-07-27 00:06 120056 --a
C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 00:06 118520 --a
C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 00:06 1044480 --a
C:\WINDOWS\system32\libdivx.dll
2007-07-27 00:03 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 00:03 823296 --a
C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 00:03 81920 --a
C:\WINDOWS\system32\dpl100.dll
2007-07-27 00:03 802816 --a
C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 00:03 740442 --a
C:\WINDOWS\system32\DivX.dll
2007-07-27 00:03 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 00:03 57344 --a
C:\WINDOWS\system32\dpv11.dll
2007-07-27 00:03 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 00:03 344064 --a
C:\WINDOWS\system32\dpus11.dll
2007-07-27 00:03 294912 --a
C:\WINDOWS\system32\dpu11.dll
2007-07-27 00:03 294912 --a
C:\WINDOWS\system32\dpu10.dll
2007-07-27 00:03 196608 --a
C:\WINDOWS\system32\dtu100.dll
2007-07-27 00:03 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-27 19:05 972072 --a
C:\WINDOWS\UNNeroMediaHome.exe
2007-06-26 14:12 972072 --a
C:\WINDOWS\UNNeroVision.exe
2007-06-26 07:08 1104896 --a
C:\WINDOWS\system32\msxml3.dll
2007-02-04 15:42 24192 --a
C:\DOCUME~1\AL\usbsermptxp.sys
2007-02-04 15:42 22768 --a
C:\DOCUME~1\AL\usbsermpt.sys
2005-12-03 14:58 2657302 --a
C:\Program Files\FlashFXP.exe
2006-01-20 14:36:26 56 --sh--r C:\WINDOWS\system32\18D5BC39EA.sys
2005-10-19 10:21:58 8 --sh--r C:\WINDOWS\system32\C72AA29016.sys
.
((((((((((((((((((((((((((((( snapshot_2007-09-19_130513.28 )))))))))))))))))))))))))))))))))))))))))
.
----a-r 1,165,584 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-09-19 12:32:47 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
.
----a-r 1,165,584 2007-08-15 13:05:21 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-08-15 13:05:21 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-08-15 13:05:21 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-08-15 13:05:21 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 18:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-06 22:56]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 18:22 C:\WINDOWS\system32\nvmctray.dll]
"SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [2006-10-16 18:32]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 05:43]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-01-27 00:16]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-06-22 19:17]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"MSConfig"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe" [2004-08-04 13:00]
"TrojanScanner"="D:\Trojan Remover\Trjscan.exe" [2007-09-04 13:26]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 16:41]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-06-06 21:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Color Calibration.lnk -\SEC\MagicTune3.5_Client\GammaTray.exe [2006-06-22 18:40:26]
MagicTune 3.5.lnk -\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2006-06-22 18:40:34]
NaturalColorLoad.lnk -\SEC\Natural Color\NaturalColorLoad.exe [2006-06-22 18:39:01]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe [2005-10-19 18:40:13]
C:\DOCUME~1\DAD\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=\Qualcomm\Eudora\EuShlExt.dll [2005-11-14 16:15 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
R0 AEC671X;AEC671X;C:\WINDOWS\system32\DRIVERS\AEC671X.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS
R3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
R3 XUIF;X10 USB Wireless Transceiver;C:\WINDOWS\system32\Drivers\x10ufx2.sys
S3 FlyPCI;FlyPCI;\??\C:\WINDOWS\system32\drivers\FlyPCI.sys
S3 PAC207;Q-TEC WEBCAM 110 USB;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 08:59:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-15 13:25:35 C:\WINDOWS\Tasks\EyeBatch 2.1 Updates.job"
- C:\WINDOWS\Installer\EyeBatch 2.1 Updates for All Users.lnk
"2007-09-20 08:32:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-14 22:13:44 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - DAD.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 10:11:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-20 10:12:43
C:\ComboFix-quarantined-files.txt ... 2007-09-20 10:12
C:\ComboFix2.txt ... 2007-09-20 10:02
C:\ComboFix3.txt ... 2007-09-20 09:23
.
--- E O F ---0 -
MAIN
Deckard's System Scanner v20070905.67
Run by DAD on 2007-09-20 10:18:58
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
11: 2007-09-20 09:19:05 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2007-09-20 09:10:08 UTC - RP10 - ComboFix created restore point
9: 2007-09-20 08:26:46 UTC - RP9 - ComboFix created restore point
8: 2007-09-19 12:32:22 UTC - RP8 - Software Distribution Service 3.0
7: 2007-09-19 11:51:53 UTC - RP7 - ComboFix created restore point
-- First Restore Point --
1: 2007-09-18 20:35:52 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 15.45 GiB (less than 15%) free.
-- HijackThis Clone
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-20 10:22:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAHE.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\CmUCREye.exe
C:\Program Files\Common Files\X10\Common\X10nets.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\DAD\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKEY_LOCAL_MACHINE\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
O4 - HKEY_LOCAL_MACHINE\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKEY_LOCAL_MACHINE\..\Run: [TrojanScanner]\Trojan Remover\Trjscan.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk =\SEC\MagicTune3.5_Client\GammaTray.exe
O4 - Global Startup: MagicTune 3.5.lnk =\SEC\MagicTune3.5_Client\MagicTuneTray.exe
O4 - Global Startup: NaturalColorLoad.lnk =\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://home.ntl.com/motive/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
O23 - Service: CyberLink Media Library Service - Cyberlink - "C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
O23 - Service: MSCSPTISRV - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe"
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R0 AEC671X - c:\windows\system32\drivers\aec671x.sys <Not Verified; ACARD Technology Corp.; Acard® AEC-671X PCI Ultra/W SCSC-3 Controller>
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 MagicTune - c:\windows\system32\drivers\mtictwl.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.0.1>
R3 catchme - c:\docume~1\dad\locals~1\temp\catchme.sys (file missing)
S3 FlyPCI - c:\windows\system32\drivers\flypci.sys
S3 giveio - c:\windows\system32\giveio.sys
S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 PAC207 (Q-TEC WEBCAM 110 USB) - c:\windows\system32\drivers\pfc027.sys
S3 RT2500USB (RT2500 USB Wireless LAN Driver) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 usbsermptxp (Motorola USB Modem Driver for MPT XP) - c:\windows\system32\drivers\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\home cinema\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\home cinema\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 CyberLink Media Library Service - "c:\program files\home cinema\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe
R2 STI Simulator - c:\windows\system32\pastisvc.exe
R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
-- Device Manager: Disabled
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: RT2500 USB Wireless LAN Card
Device ID: USB\VID_148F&PID_2570\6&2B8D60B9&0&2
Manufacturer: Ralink Technology Corp.
Name: RT2500 USB Wireless LAN Card
PNP Device ID: USB\VID_148F&PID_2570\6&2B8D60B9&0&2
Service: RT2500USB
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\C7425E10DC00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\C7425E10DC00
Service: NIC1394
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM3)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\2
Manufacturer: (Standard port types)
Name: Communications Port (COM2)
PNP Device ID: ACPI\PNP0501\2
Service: Serial
-- Scheduled Tasks
2007-09-20 09:59:01 250 --a
C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-09-20 09:32:05 330 --ah
C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-09-14 23:13:44 526 --a
C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - DAD.job
2007-08-15 14:25:35 270 --a
C:\WINDOWS\Tasks\EyeBatch 2.1 Updates.job
-- Files created between 2007-08-20 and 2007-09-20
2007-09-19 12:44:12 0 d
C:\VundoFix Backups
2007-09-19 11:08:19 0 d
C:\Program Files\Windows Defender
2007-09-18 23:48:00 0 d
C:\WINDOWS\Prefetch
2007-09-18 23:33:39 0 d-a
C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-18 23:33:04 162304 --a
C:\WINDOWS\system32\ztvunrar36.dll
2007-09-18 23:33:04 77312 --a
C:\WINDOWS\system32\ztvunace26.dll
2007-09-18 23:33:04 69632 --a
C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-09-18 23:33:04 153088 --a
C:\WINDOWS\system32\UNRAR3.dll
2007-09-18 23:33:04 75264 --a
C:\WINDOWS\system32\unacev2.dll
2007-09-18 23:33:02 0 d
C:\Documents and Settings\DAD\Application Data\Simply Super Software
2007-09-18 23:33:02 0 d
C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-09-18 23:25:49 0 d
C:\WINDOWS\ServicePackFiles
2007-09-18 23:21:35 0 d
C:\WINDOWS\EHome
2007-09-18 21:55:00 0 d
C:\Documents and Settings\dad1\Application Data\Macromedia
2007-09-18 21:55:00 0 d
C:\Documents and Settings\dad1\Application Data\Identities
2007-09-18 21:55:00 0 d
C:\Documents and Settings\dad1\Application Data\CyberLink
2007-09-18 21:55:00 0 d
C:\Documents and Settings\dad1\Application Data\AOL
2007-09-18 21:55:00 0 d
C:\Documents and Settings\dad1\Application Data\Adobe
2007-09-18 21:54:59 0 d---s---- C:\Documents and Settings\dad1\Application Data\Microsoft
2007-09-18 21:54:58 0 d--h
C:\Documents and Settings\dad1\NetHood
2007-09-18 21:54:58 0 dr
C:\Documents and Settings\dad1\My Documents
2007-09-18 21:54:58 0 d--h
C:\Documents and Settings\dad1\Local Settings
2007-09-18 21:54:58 0 dr
C:\Documents and Settings\dad1\Favorites
2007-09-18 21:54:58 0 d
C:\Documents and Settings\dad1\Desktop
2007-09-18 21:54:58 0 d--hs---- C:\Documents and Settings\dad1\Cookies
2007-09-18 21:54:58 0 dr-h
C:\Documents and Settings\dad1\Application Data
2007-09-18 21:54:58 0 d
C:\Documents and Settings\dad1\Application Data\You've Got Pictures Screensaver
2007-09-18 21:54:58 0 d
C:\Documents and Settings\dad1\Application Data\Real
2007-09-18 21:54:57 0 d---s---- C:\Documents and Settings\dad1\UserData
2007-09-18 21:54:57 0 d--h
C:\Documents and Settings\dad1\Templates
2007-09-18 21:54:57 0 dr
C:\Documents and Settings\dad1\Start Menu
2007-09-18 21:54:57 0 dr-h
C:\Documents and Settings\dad1\SendTo
2007-09-18 21:54:57 0 dr-h
C:\Documents and Settings\dad1\Recent
2007-09-18 21:54:57 0 d--h
C:\Documents and Settings\dad1\PrintHood
2007-09-18 21:54:56 1572864 --ah
C:\Documents and Settings\dad1\NTUSER.DAT
2007-09-18 21:41:30 0 d
C:\WINDOWS\pss
2007-09-18 18:48:33 0 d
C:\Program Files\Windows Live Safety Center
2007-09-18 13:42:26 0 d
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Macromedia
2007-09-18 13:42:26 0 d
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Identities
2007-09-18 13:42:26 0 d
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\CyberLink
2007-09-18 13:42:26 0 d
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\AOL
2007-09-18 13:42:26 0 d
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Adobe
2007-09-18 13:42:25 0 d---s---- C:\Documents and Settings\Administrator.JUNK_BACKROOM\UserData
2007-09-18 13:42:25 0 d--h
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Templates
2007-09-18 13:42:25 0 dr
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Start Menu
2007-09-18 13:42:25 0 dr-h
C:\Documents and Settings\Administrator.JUNK_BACKROOM\SendTo
2007-09-18 13:42:25 0 dr-h
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Recent
2007-09-18 13:42:25 0 d--h
C:\Documents and Settings\Administrator.JUNK_BACKROOM\PrintHood
2007-09-18 13:42:25 0 d--h
C:\Documents and Settings\Administrator.JUNK_BACKROOM\NetHood
2007-09-18 13:42:25 0 dr
C:\Documents and Settings\Administrator.JUNK_BACKROOM\My Documents
2007-09-18 13:42:25 0 d--h
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Local Settings
2007-09-18 13:42:25 0 dr
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Favorites
2007-09-18 13:42:25 0 d
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Desktop
2007-09-18 13:42:25 0 d--hs---- C:\Documents and Settings\Administrator.JUNK_BACKROOM\Cookies
2007-09-18 13:42:25 0 dr-h
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data
2007-09-18 13:42:25 0 d
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\You've Got Pictures Screensaver
2007-09-18 13:42:25 0 d
C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Real
2007-09-18 13:42:25 0 d---s---- C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Microsoft
2007-09-18 13:42:23 1572864 --ah
C:\Documents and Settings\Administrator.JUNK_BACKROOM\NTUSER.DAT
2007-08-26 00:50:31 0 d
C:\Program Files\Nero
2007-08-26 00:50:31 0 d
C:\Documents and Settings\All Users\Application Data\Nero
2007-08-25 00:36:06 0 d
C:\Documents and Settings\DAD\Application Data\AVS4YOU
2007-08-25 00:35:58 0 d
C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-08-25 00:35:11 0 d
C:\Program Files\Common Files\AVSMedia
2007-08-25 00:34:39 261632 --a
C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
-- Find3M Report
2007-09-19 23:41:03 0 d
C:\Program Files\FlashGet
2007-09-19 12:06:55 0 d
C:\Program Files\Common Files\Symantec Shared
2007-09-18 10:36:15 0 d
C:\Program Files\Symantec
2007-09-17 21:43:28 34742 --a
C:\Documents and Settings\DAD\Application Data\wklnhst.dat
2007-08-28 20:17:53 0 d
C:\Program Files\Google
2007-08-27 23:35:43 0 d
C:\Program Files\SEGA
2007-08-26 20:43:11 0 d
C:\Documents and Settings\DAD\Application Data\Ahead
2007-08-26 00:53:06 0 d
C:\Program Files\Common Files\Ahead
2007-08-26 00:38:02 0 d
C:\Program Files\Ahead
2007-08-25 00:35:11 0 d
C:\Program Files\Common Files
2007-08-14 21:29:36 0 d
C:\Documents and Settings\DAD\Application Data\Atalasoft
2007-08-12 01:05:08 0 d
C:\Program Files\Altdo MP4 to AVI WMV DVD Converter&Burner
2007-08-12 00:54:36 34 --ah
C:\WINDOWS\system32\MP4 to AVI WMV DVD Converter&Burner_sysquict.dat
2007-08-12 00:53:36 0 d
C:\Program Files\Boilsoft MOV Converter
2007-08-11 21:18:53 0 d
C:\Program Files\DivX
2007-08-11 21:01:23 0 d
C:\Documents and Settings\DAD\Application Data\Dr. DivX 2.0 OSS
2007-08-09 22:17:45 0 d
C:\Program Files\FlashFXP
2007-07-31 11:26:06 0 d
C:\Program Files\Common Files\Sony Shared
2007-07-27 00:06:22 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 00:03:48 196608 --a
C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-27 00:03:48 81920 --a
C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-27 00:03:38 802816 --a
C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-27 00:03:38 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 00:03:38 823296 --a
C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 00:03:38 740442 --a
C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 00:03:02 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-10 17:09:59 192 --a
C:\setuplog
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 22:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/06/2006 18:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/05/2006 22:56]
"NvMediaCenter"="NvMCTray.dll" [01/06/2006 18:22 C:\WINDOWS\system32\nvmctray.dll]
"SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [16/10/2006 18:32]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [27/10/2005 05:43]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [27/01/2006 00:16]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [22/06/2006 19:17]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 18:30]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57]
"MSConfig"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe" [04/08/2004 13:00]
"TrojanScanner"="D:\Trojan Remover\Trjscan.exe" [04/09/2007 13:26]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [20/07/2007 16:41]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [06/06/2007 21:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 19:03]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 20:05]
C:\Documents and Settings\DAD\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
Color Calibration.lnk -\SEC\MagicTune3.5_Client\GammaTray.exe [22/06/2006 18:40:26]
MagicTune 3.5.lnk -\SEC\MagicTune3.5_Client\MagicTuneTray.exe [22/06/2006 18:40:34]
NaturalColorLoad.lnk -\SEC\Natural Color\NaturalColorLoad.exe [22/06/2006 18:39:01]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe [19/10/2005 18:40:13]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=\Qualcomm\Eudora\EuShlExt.dll [14/11/2005 16:15 86016]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
-- End of Deckard's System Scanner: finished at 2007-09-20 10:25:01
EXTRA
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1022.42 MiB / 486.16 MiB
Pagefile Memory (total/avail): 2460.7 MiB / 2025.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.23 MiB
C: is Fixed (NTFS) - 116.41 GiB total, 15.45 GiB free. is Fixed (NTFS) - 107.91 GiB total, 94.94 GiB free.
E: is Fixed (FAT32) - 8.55 GiB total, 4.12 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Fixed (FAT32) - 232.83 GiB total, 210.69 GiB free.
L: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 116.41 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 116.47 GiB - - E:
\\.\PHYSICALDRIVE1 -
\\.\PHYSICALDRIVE4 -
\\.\PHYSICALDRIVE5 -
\\.\PHYSICALDRIVE3 - EPSON Stylus Storage USB Device
\\.\PHYSICALDRIVE2 - WD 2500BB External USB Device - 232.89 GiB - 1 partition
\PARTITION0 - Unknown - 232.88 GiB - K:
-- Security Center
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FW: Norton Internet Worm Protection v2006 (Symantec)
AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DAD\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JUNK_BACKROOM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DAD
LOGONSERVER=\\JUNK_BACKROOM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DAD\LOCALS~1\Temp
TMP=C:\DOCUME~1\DAD\LOCALS~1\Temp
USERDOMAIN=JUNK_BACKROOM
USERNAME=DAD
USERPROFILE=C:\Documents and Settings\DAD
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles
DAD (admin)
AL (admin)
dad1 (new local, admin)
Administrator.JUNK_BACKROOM (new local, admin)
-- Add/Remove Programs
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -f"D:\Medieval - Total War\Uninst.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4Musics Multiformat Converter v1.5 --> C:\PROGRA~1\4MUSIC~2\UNWISE.EXE C:\PROGRA~1\4MUSIC~2\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
America's Army --> MsiExec.exe /I{6778954C-13C2-4333-AF77-F5C885EB280F}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
AVS Disc Creator version 2.1 --> "d:\AVSMedia\DiscCreator\unins000.exe"
AVS Video Tools 5.1 --> "d:\AVSMedia\VideoTools\unins000.exe"
BearShare --> C:\PROGRA~1\BEARSH~1\\UNWISE.EXE C:\PROGRA~1\BEARSH~1\\INSTALL.LOG
BinToAscii --> MsiExec.exe /X{AC16C64C-BD9F-45BF-A4B2-057BAF4E5357}
BookSmart 1.7.7 1.7.7 --> d:\BookSmart\uninstall.exe
BreezeBrowser v2.9 --> C:\Program Files\BreezeSys\BreezeBrowser\UnGins.exe "C:\Program Files\BreezeSys\BreezeBrowser\install.log"
C-Media Card Reader Driver USB2.0 --> C:\WINDOWS\system32\CmUCRRm.exe
C-Media USB2.0 Card Reader --> C:\WINDOWS\CmiUCRUninstall.exe C:\Program Files\C-Media USB2.0 Card Reader
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Canon EOS 20D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}
Canon Utilities EOS Capture 1.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1DD47D49-F046-4919-831F-EE576A04D5B2}
Canon Utilities EOS Viewer Utility 1.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D1CA45BE-431A-4FA7-8E98-AFE546F96D58}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
Creatix V.92 Data Fax Modem --> agrsmdel
DBOX2 Image-Flashing-Assistent 2.3.1 Multilanguage --> "D:\dbox\DBOX_IFA\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Downloader Pro --> "C:\Program Files\BreezeSys\Downloader Pro\Uninstall.exe" "C:\Program Files\BreezeSys\Downloader Pro\install.log"
Dr. DivX 2.0 OSS --> C:\DivX\Dr. DivX 2.0 OSS\Remove.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
eTrust Registration --> MsiExec.exe /X{6BFF4534-7608-41F0-85F7-31A0569D8960}
Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F615BE-8963-4535-B8E7-C5E88FF37D98}\setup.exe" -l0x9
exPressIT --> C:\Program Files\Rocky Mountain Traders\exPressIT\uninstall.exe exPressIT
EyeBatch 2.1 --> "C:\Documents and Settings\All Users\Application Data\{DB82D04C-8FC1-489B-81AA-BE54061CEF97}\EBInstall.exe" REMOVE=TRUE MODIFY=FALSE
FlashFXP v3 --> "C:\Program Files\FlashFXP\unins000.exe"
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Earth Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.0 --> "C:\Documents and Settings\DAD\Desktop\HijackThis.exe" /uninstall
HJ-Split 2.2 --> "C:\Program Files\FreeByte\HJ-Split\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
Informations about your PC --> MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
K-Lite Codec Pack 2.34 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MagicTune3.5_Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C04D433-2EDF-4AFB-B31B-C0B13065092F}\setup.exe" -l0x9
MediaFACE 5.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{70A3C0E1-1953-4A95-9C66-99FDCDD5E357}
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Medion Info Display --> C:\WINDOWS\UnInst32.exe VFDUtil.uni
Microsoft AutoRoute 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image 2006 Standard Edition --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Standard 2006 --> MsiExec.exe /I{06680048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Money --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP G:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
MiraFoto --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19ADA2D0-D577-11D2-A14E-08002BE4D8DC}\Setup.exe" -l0x9
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.5) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.7) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.7 (en)"
MP3 Player Utilities 3.68 --> MsiExec.exe /I{5DFDB75C-DA8C-45DB-987C-67000BB6C3B9}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Natural Color --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Nero 7 Premium --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetMos Multi-IO Controller --> NmUninst.exe
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
OpenMG Secure Module 4.3.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL
PDF Manual NW-A10003000 --> MsiExec.exe /X{BF2F7927-92AF-4F5D-8B93-658F63DF8727}
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PowerCinema --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
PowerCinema Linux 4.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
Q-TEC WEBCAM 110 USB --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{91D56FB8-789A-424E-9C0F-F399FCEE2E6E} /l1033
Quake 4(TM) Demo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BAB004F0-F04C-49DD-8118-AE4A7697C469} /l1033
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegistryFix v5.5 --> "C:\Program Files\RegistryFix\unins000.exe"
RT2500 USB Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x9 -removeonly
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Skype 1.4 --> "C:\Program Files\Skype\Phone\unins000.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SSC Service Utility v4.20 --> "C:\Program Files\SSC Service Utility\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
TMPGEnc 4.0 XPress --> MsiExec.exe /I{AB212B59-FF45-4C18-B369-F630CB268DAF}
Trojan Remover 6.6.2 --> "D:\Trojan Remover\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb937833) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {ACB40B61-03E6-4F6F-AA5E-7B02A89E8AD3}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
USB Wireless Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B338EA45-9F18-4FE4-A079-89668D1F6519}\Setup.exe" -l0x9
videon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x9
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
X-Lite 2.0 release 1105x --> d:\X-Lite\unins000.exe
X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Xfire (remove only) --> "D:\Xfire\uninst.exe"
-- Application Event Log
Event Record #/Type25697 / Error
Event Submitted/Written: 09/20/2007 10:01:26 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Trjscan.exe, version 6.6.2.1228, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type25674 / Warning
Event Submitted/Written: 09/20/2007 09:27:49 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type25644 / Warning
Event Submitted/Written: 09/19/2007 11:41:21 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type25632 / Success
Event Submitted/Written: 09/19/2007 07:51:59 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type25600 / Warning
Event Submitted/Written: 09/19/2007 01:00:33 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event Record #/Type14032 / Warning
Event Submitted/Written: 09/20/2007 10:23:32 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%JUNK_BACKROOM27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JUNK_BACKROOM27 can't undo changes that you allow.
For more information please see the following:
%JUNK_BACKROOM275
Scan ID: {1AC87B99-C799-4A9C-8B03-E8F048169E9F}
User: JUNK_BACKROOM\DAD
Name: %JUNK_BACKROOM271
ID: %JUNK_BACKROOM272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %JUNK_BACKROOM276
Alert Type: %JUNK_BACKROOM278
Detection Type: 1.1.1593.02
Event Record #/Type14031 / Warning
Event Submitted/Written: 09/20/2007 10:23:32 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%JUNK_BACKROOM27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JUNK_BACKROOM27 can't undo changes that you allow.
For more information please see the following:
%JUNK_BACKROOM275
Scan ID: {8EAE9582-B171-4B58-8A89-AD2989060C90}
User: JUNK_BACKROOM\DAD
Name: %JUNK_BACKROOM271
ID: %JUNK_BACKROOM272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %JUNK_BACKROOM276
Alert Type: %JUNK_BACKROOM278
Detection Type: 1.1.1593.02
Event Record #/Type14030 / Warning
Event Submitted/Written: 09/20/2007 10:23:32 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%JUNK_BACKROOM27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JUNK_BACKROOM27 can't undo changes that you allow.
For more information please see the following:
%JUNK_BACKROOM275
Scan ID: {E39BF684-5C94-4D07-B40F-BD661B6D931C}
User: JUNK_BACKROOM\DAD
Name: %JUNK_BACKROOM271
ID: %JUNK_BACKROOM272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %JUNK_BACKROOM276
Alert Type: %JUNK_BACKROOM278
Detection Type: 1.1.1593.02
Event Record #/Type14029 / Warning
Event Submitted/Written: 09/20/2007 10:23:30 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%JUNK_BACKROOM27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JUNK_BACKROOM27 can't undo changes that you allow.
For more information please see the following:
%JUNK_BACKROOM275
Scan ID: {ED2AFB73-CE0E-41CA-9FAF-52B4993C58AB}
User: JUNK_BACKROOM\DAD
Name: %JUNK_BACKROOM271
ID: %JUNK_BACKROOM272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %JUNK_BACKROOM276
Alert Type: %JUNK_BACKROOM278
Detection Type: 1.1.1593.02
Event Record #/Type14028 / Warning
Event Submitted/Written: 09/20/2007 10:23:30 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%JUNK_BACKROOM27 Real-Time Protection agent has detected changes.0 -
-
ok, did all of the above & posted all results as requested, ever since first run of COMBOFIX yesterday all my desktop icons came back & system seem to be running stable, on each boot/login since then a windows box pops up informing me that (I have requested to change the way windows starts up & gives me a number of startup choices) I have been clicking cancel as I am not sure what to do, maybe one of the programs I downloaded in an attempt to fix the problems I was having is generating this,..but as I said the system is running fine now.ActorSeeksJob wrote:Not done just yet
Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
Open notepad (Start > Run and type notepad > click Ok) and copy/paste the text in the quote box below into it:
Save this as CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Run ComboFix again and post the resultant log file.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:
C:\WINDOWS\system32\18D5BC39EA.sys
Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
Repeat that for this file
C:\WINDOWS\system32\C72AA29016.sys
So post the ComboFix log and the two DSS texts in full, the results of the two files I asked you to scan, and tell me how your PC is running now.0 -
-
-
ActorSeeksJob wrote:Hey I meant to post this yesterday but the site was messing up for me and I had to dash. Just need to do a little cleanup
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - (no file)
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
So can you post back with a new HijackThis log and let me know if you are still having that start up problem(we can fix it I think)
All above done & here's the log file, things are running great now
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:58:47, on 21/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\DAD\Desktop\Misc\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.252.219.76:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TrojanScanner]\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://home.ntl.com/motive/files/MotivePreQual.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 15508 bytes0 -
Advertisement
-
Advertisement