Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
 
 Reply to this topicStart new topic
Getting Popups in Firefox and IE, can't get rid of them...
oat
post Aug 6 2008, 07:58 PM
Post #1


Member
**
Posts: 10
OS: XP Pro
I just recently started getting popups for the first time in about 3 years since I built this system. I know quite a bit about computers and hardware, yet this has me baffled... I usually just reformat when something goes wrong but I decided to get to the bottom this since it seems so small. I deleted some malicious files in the system32 folder which I thought was the problem and about every 4 hours or so I'll get a popup...

CODE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:02 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\Options\install\tsnp2std.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SONYTRAY] C:\WINDOWS\Options\install\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Michael\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {99975082-EFA6-4480-B751-5152ECEEE4DC} (PCC_WebCombo.ComboBox) - https://cpower.collegepro.com/control/pcc_webcombo.cab
O16 - DPF: {B3014671-7872-4671-BE73-5D05EB5B2AF5} (Infragistics UltraGrid Control 2.0) - https://cpower.collegepro.com/control/IGUltraGrid20.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Giga Pocket Hardware Detector - Unknown owner - C:\Program Files\Sony\Giga Pocket\shwserv.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 10121 bytes
Go to the top of the page
 
+Quote Post
kahdah
post Aug 6 2008, 08:29 PM
Post #2


GeekU Teacher
Group Icon
Posts: 9,434
From: Somewhere
OS: Windows xp home



Hello oat

Welcome to G2Go. smile.gif
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to the top of the page
 
+Quote Post
oat
post Aug 6 2008, 09:11 PM
Post #3


Member
**
Posts: 10
OS: XP Pro
Thanks, Here is Main.txt

CODE
Deckard's System Scanner v20071014.68
Run by Michael on 2008-08-06 22:06:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-08-07 03:06:55 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-08-06 10:31:49 UTC - RP2 - System Checkpoint
1: 2008-08-05 10:20:16 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:29 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\Options\install\tsnp2std.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25} - C:\WINDOWS\system32\ddcCUlMd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {87a270c7-da8f-1189-2ce4-d559bc545aa8} - {8aa545cb-955d-4ec2-9811-f8ad7c072a78} - C:\WINDOWS\system32\qappds.dll
O2 - BHO: (no name) - {AC1E55BF-8CC9-4380-BA6D-1CB9829525A3} - C:\WINDOWS\system32\opnolICT.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SONYTRAY] C:\WINDOWS\Options\install\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Michael\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {99975082-EFA6-4480-B751-5152ECEEE4DC} (PCC_WebCombo.ComboBox) - https://cpower.collegepro.com/control/pcc_webcombo.cab
O16 - DPF: {B3014671-7872-4671-BE73-5D05EB5B2AF5} (Infragistics UltraGrid Control 2.0) - https://cpower.collegepro.com/control/IGUltraGrid20.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O20 - Winlogon Notify: ddcCUlMd - C:\WINDOWS\SYSTEM32\ddcCUlMd.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Giga Pocket Hardware Detector - Unknown owner - C:\Program Files\Sony\Giga Pocket\shwserv.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 10485 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080805-153547-484 O4 - HKLM\..\Run: [30025912] rundll32.exe "C:\WINDOWS\system32\chkuhslq.dll",b
backup-20080805-153547-567 O4 - HKLM\..\Run: [BM33316a8e] Rundll32.exe "C:\WINDOWS\system32\qngwbnxc.dll",s

-- File Associations -----------------------------------------------------------

[COLOR=red].js - JSFile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7[/COLOR]
[COLOR=red].js - JSFile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"[/COLOR]
[COLOR=red].reg - regfile - shell\open\command - "regedit.exe" "%1"[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Gernuwa - c:\windows\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 AW_HOST - c:\windows\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awecho - c:\windows\system32\drivers\awechomd.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awlegacy - c:\windows\system32\drivers\awlegacy.sys <Not Verified; Symantec Corporation; pcAnywhere>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 COMMONFX - c:\windows\system32\drivers\commonfx.sys (file missing)
S3 COMMONFX.SYS - c:\windows\system32\drivers\commonfx.sys (file missing)
S3 CTAUDFX - c:\windows\system32\drivers\ctaudfx.sys (file missing)
S3 CTAUDFX.SYS - c:\windows\system32\drivers\ctaudfx.sys (file missing)
S3 CTERFXFX - c:\windows\system32\drivers\cterfxfx.sys (file missing)
S3 CTERFXFX.SYS - c:\windows\system32\drivers\cterfxfx.sys (file missing)
S3 CTSBLFX - c:\windows\system32\drivers\ctsblfx.sys (file missing)
S3 CTSBLFX.SYS - c:\windows\system32\drivers\ctsblfx.sys (file missing)
S3 xnacc (Microsoft Common Controller For Windows Driver Service) - c:\windows\system32\drivers\xnacc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apache2.2 - "c:\program files\apache software foundation\apache2.2\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 awhost32 (Symantec pcAnywhere Host Service) - "c:\program files\symantec\pcanywhere\awhost32.exe" <Not Verified; Symantec Corporation; pcAnywhere>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
R2 nTuneService (Performance Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 UpdateCenterService (Update Center Service) - c:\program files\nvidia corporation\system update\updatecenterservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S2 Giga Pocket Hardware Detector - c:\program files\sony\giga pocket\shwserv.exe (file missing)
S2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 TVersityMediaServer - "c:\program files\tversity\media server\mediaserver.exe"
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&51
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_13EB0070&REV_11\4&1A82106&0&5078
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_13EB0070&REV_11\4&1A82106&0&5078
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_13EB0070&REV_11\4&1A82106&0&5178
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_13EB0070&REV_11\4&1A82106&0&5178
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-31 18:39:02       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-06 and 2008-08-06 -----------------------------

2008-08-06 09:00:41      2048 --a------ C:\WINDOWS\system32\tnjlfymw.exe
2008-08-06 08:57:42     95744 --a------ C:\WINDOWS\system32\qappds.dll
2008-08-06 08:57:41     95744 --a------ C:\WINDOWS\system32\hyjoyifu.dll
2008-08-05 15:26:56         0 d-------- C:\Program Files\Trend Micro
2008-08-05 09:01:41     81408 --a------ C:\WINDOWS\system32\chkuhslq.dll
2008-08-05 08:58:41     96768 --a------ C:\WINDOWS\system32\qyhgqo.dll
2008-08-05 08:58:41     96768 --a------ C:\WINDOWS\system32\jtwrrxcw.dll
2008-08-05 08:55:41      2048 --a------ C:\WINDOWS\system32\cxlhgohl.exe
2008-08-05 05:16:23         0 d-------- C:\WINDOWS\Prefetch
2008-08-05 05:07:58         0 d--h----- C:\Program Files\WindowsUpdate
2008-08-05 04:58:34         0 d-------- C:\Documents and Settings\Default User\Application Data\Creative
2008-08-05 02:51:23     95744 --a------ C:\WINDOWS\system32\byswmq.dll
2008-08-05 02:51:22     95744 --a------ C:\WINDOWS\system32\msamlhlw.dll
2008-08-05 02:51:16     91648 --a------ C:\WINDOWS\system32\hedfhsvf.dll
2008-08-05 02:50:15    891832 --ahs---- C:\WINDOWS\system32\TCIlonpo.ini2
2008-08-05 02:50:10    246784 --a------ C:\WINDOWS\system32\opnolICT.dll
2008-08-05 02:45:14     35328 --a------ C:\WINDOWS\system32\vtUkjJBr.dll
2008-08-05 02:45:14     35328 --a------ C:\WINDOWS\system32\tuvWnmmN.dll
2008-08-05 02:45:07     35328 --a------ C:\WINDOWS\system32\hgGAPgDV.dll
2008-08-05 02:45:06     35328 --a------ C:\WINDOWS\system32\ddcCUlMd.dll
2008-08-05 02:37:02   4874301 --a------ C:\WINDOWS\php5ts.dll <Not Verified; The PHP Group; PHP Script Interpreter>
2008-08-05 02:33:49         0 d-------- C:\php
2008-08-05 02:07:12         0 d-------- C:\Program Files\PHP
2008-08-05 02:01:25         0 d-------- C:\Program Files\EMS
2008-08-05 01:55:28         0 d-------- C:\Program Files\MySQL
2008-08-05 01:50:55         0 d-------- C:\Program Files\Apache Software Foundation
2008-08-04 17:32:41         0 d-------- C:\Program Files\Blaze Media Pro
2008-08-04 17:32:33         0 d--h----- C:\Documents and Settings\All Users\Application Data\{AE0BC752-61D9-47F3-849E-867386B3C499}
2008-08-04 15:24:59         0 d-------- C:\Program Files\winpwn
2008-08-04 13:56:46         0 d-------- C:\Documents and Settings\Michael\Application Data\DMCache
2008-08-04 00:14:16         0 d-------- C:\Documents and Settings\Michael\Application Data\FlashFXP
2008-08-04 00:13:24         0 d-------- C:\Program Files\FlashFXP
2008-08-04 00:13:24         0 d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-08-03 20:45:41         0 d-------- C:\Program Files\GlobalSCAPE
2008-08-02 02:04:14         0 d-------- C:\Documents and Settings\Michael\Application Data\PE Explorer
2008-08-02 01:57:10         0 d-------- C:\Program Files\VBReFormer
2008-08-01 02:41:11         0 d-------- C:\Program Files\TVersity
2008-07-30 20:42:49         0 d-------- C:\Program Files\iPod
2008-07-28 21:27:35         0 d-------- C:\Program Files\WinAVI Video Converter
2008-07-24 10:18:42         0 d-------- C:\Documents and Settings\Michael\Application Data\cmw
2008-07-24 02:28:07         0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-07-24 02:28:04         0 d-------- C:\Program Files\Orb Networks
2008-07-24 01:52:08         0 d-------- C:\Program Files\Quake III Arena
2008-07-23 13:58:26         0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-07-20 03:35:06         0 d-------- C:\Program Files\AllToAVI
2008-07-19 22:10:12         0 d-------- C:\Documents and Settings\Michael\Application Data\Media Player Classic
2008-07-19 17:45:41         0 d-------- C:\Program Files\BlackSunSoft.net
2008-07-19 16:43:38         0 d-------- C:\Program Files\MKVtoolnix
2008-07-17 21:46:45         0 d-------- C:\Documents and Settings\All Users\Application Data\DFX
2008-07-17 21:46:44         0 d-------- C:\Program Files\DFX
2008-07-17 21:46:44         0 d-------- C:\Program Files\Common Files\DFX
2008-07-17 21:37:42         0 d-------- C:\Program Files\MSECache
2008-07-17 21:35:56         0 d-------- C:\Program Files\Winamp
2008-07-17 21:35:56         0 d-------- C:\Documents and Settings\Michael\Application Data\Winamp
2008-07-16 15:51:32         0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-16 15:49:38         0 d-------- C:\Program Files\NOS
2008-07-16 15:49:38         0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-16 15:07:52         0 d-------- C:\Program Files\Yamb
2008-07-15 14:29:50      7244 --a------ C:\WINDOWS\system\vdsvrlnk.dll <Not Verified;; VirtualDub>
2008-07-15 14:29:50      9804 --a------ C:\WINDOWS\system\vdremote.dll <Not Verified;; VirtualDub>
2008-07-14 15:25:20         0 d-------- C:\Documents and Settings\Michael\Application Data\NeroDigital™
2008-07-13 21:51:53         0 d-------- C:\srcds
2008-07-12 02:02:34         0 d-------- C:\WINDOWS\Sun
2008-07-10 21:26:21    164767 --a------ C:\WINDOWS\Audio Converter Pro Uninstaller.exe
2008-07-10 20:52:38         0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-07-10 20:35:17         0 d-------- C:\Program Files\NVIDIA Corporation
2008-07-10 04:07:29         0 d-------- C:\Program Files\iTunes
2008-07-08 14:07:11         0 d-------- C:\Documents and Settings\Michael\Application Data\DivX
2008-07-08 14:06:55         0 d-------- C:\Program Files\River Past
2008-07-08 14:06:55         0 d-------- C:\Program Files\Common Files\River Past
2008-07-08 14:00:16         0 d-------- C:\Program Files\DivX
2008-07-08 13:59:11         0 d-------- C:\Program Files\DSP-worx
2008-07-08 13:59:01     52799 --a------ C:\WINDOWS\system32\RadLightPVAUninstall.exe <Not Verified; RadLight, LLC.; RadLight PVA DirectShow filter>
2008-07-08 13:58:51     52338 --a------ C:\WINDOWS\system32\RadLightOggUninstall.exe <Not Verified; RadLight, LLC.; RadLight Ogg Media DirectShow filters>
2008-07-08 13:58:46         0 d-------- C:\Program Files\GPL MPEG Decoder
2008-07-08 13:58:42         0 d-------- C:\Program Files\AC3Filter
2008-07-08 13:58:10         0 d-------- C:\Program Files\WMV9_VCM
2008-07-08 13:44:32    208896 --a------ C:\WINDOWS\system32\lame_enc.dll <Not Verified; www.mp3dev.org; Lame MP3 Encoder>
2008-07-08 13:36:30         0 d-------- C:\Program Files\Combined Community Codec Pack
2008-07-08 13:34:27    165008 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2008-07-08 13:34:27         0 d-------- C:\Documents and Settings\Michael\Application Data\River Past G5
2008-07-08 13:34:27         0 d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-07-08 13:07:57     36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-07-07 01:17:31         0 d-------- C:\WINDOWS\pss
2008-07-06 19:53:42         0 d-------- C:\Program Files\VentSrv
2008-07-06 13:43:23         0 d-------- C:\Program Files\Apple Software Update


-- Find3M Report ---------------------------------------------------------------

2008-08-06 21:24:07         0 d-------- C:\Program Files\Steam
2008-08-06 20:43:21         0 d-------- C:\Documents and Settings\Michael\Application Data\mIRC
2008-08-06 19:56:47         0 d-------- C:\Program Files\mIRC
2008-08-06 19:51:49         0 d-------- C:\Program Files\Symantec AntiVirus
2008-08-05 05:07:23         0 d-------- C:\Program Files\Movie Maker
2008-08-05 05:05:50     23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-05 05:05:16         0 d-------- C:\Program Files\Windows NT
2008-08-05 02:45:51         0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2008-08-05 02:31:53         0 d-------- C:\Program Files\Common Files\Adobe
2008-08-05 00:24:55         0 d-------- C:\Documents and Settings\Michael\Application Data\HLSW
2008-08-04 21:03:44         0 d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
2008-08-04 19:06:38       600 --a------ C:\Documents and Settings\Michael\Application Data\winscp.rnd
2008-08-04 04:06:33         0 d-------- C:\Documents and Settings\Michael\Application Data\dvdcss
2008-08-03 20:53:49         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 15:30:24         0 d-------- C:\Program Files\Java
2008-07-19 16:39:54       548 --a------ C:\Documents and Settings\Michael\Application Data\AutoGK.ini
2008-07-18 17:37:12     22664 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-17 21:46:44         0 d-------- C:\Program Files\Common Files
2008-07-14 15:21:47         0 d-------- C:\Program Files\WinAVIVideoConverter
2008-07-10 21:52:30         0 d-------- C:\Documents and Settings\Michael\Application Data\Ventrilo
2008-07-06 20:33:43         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 22:05:06         0 d-------- C:\Program Files\Activision
2008-07-03 19:48:49         0 d-------- C:\Program Files\DAEMON Tools Pro
2008-07-03 18:56:28         0 d-------- C:\Program Files\Sierra
2008-07-02 22:18:09         0 d-------- C:\Documents and Settings\Michael\Application Data\GlobalSCAPE
2008-07-02 21:13:21         0 d-------- C:\Documents and Settings\Michael\Application Data\Any DVD Converter Professional
2008-07-02 18:14:04     43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-07-02 18:14:04         0 d-------- C:\Program Files\AutoGK
2008-07-02 18:14:02         0 d-------- C:\Program Files\AviSynth 2.5
2008-07-02 18:13:45         0 d-------- C:\Program Files\Gabest
2008-07-02 14:29:43         0 d-------- C:\Program Files\Xvid
2008-06-27 03:08:03         0 d-------- C:\Program Files\Sony
2008-06-27 02:40:11         0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-27 02:39:44         0 d-------- C:\Program Files\SageTV
2008-06-27 00:49:15         0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-27 00:33:51         0 d-------- C:\Program Files\Common Files\Java
2008-06-27 00:33:36         0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2008-06-24 15:58:16         0 d-------- C:\Program Files\MSXML 4.0
2008-06-24 02:56:50         0 d-------- C:\Program Files\Pro Imaging Powertoys
2008-06-24 01:49:03         0 d-------- C:\Documents and Settings\Michael\Application Data\Nero
2008-06-24 01:48:10         0 d-------- C:\Program Files\Common Files\Nero
2008-06-24 01:47:03         0 d-------- C:\Program Files\Nero
2008-06-23 03:09:21         0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-23 03:09:21         0 d-------- C:\Documents and Settings\Michael\Application Data\Symantec
2008-06-23 03:09:07         0 d-------- C:\Program Files\Symantec
2008-06-22 19:06:58         0 d-------- C:\Program Files\QuickTime
2008-06-22 04:16:39         0 dr-h----- C:\Documents and Settings\Michael\Application Data\SecuROM
2008-06-21 22:50:28         0 d-------- C:\Program Files\Aspyr
2008-06-21 22:17:58         0 d-------- C:\Documents and Settings\Michael\Application Data\Sony
2008-06-21 22:17:56         0 d-------- C:\Program Files\VstPlugins
2008-06-21 22:12:17         0 d-------- C:\Documents and Settings\Michael\Application Data\Publish Providers
2008-06-21 22:12:17         0 d-------- C:\Documents and Settings\Michael\Application Data\NetMedia Providers
2008-06-21 22:08:51         0 d-------- C:\Program Files\Sony Setup
2008-06-21 21:38:51         0 d-------- C:\Program Files\Image-Line
2008-06-19 04:23:34         0 d-------- C:\Program Files\DVD Shrink
2008-06-18 16:32:28         0 d-------- C:\Program Files\Stardock
2008-06-17 03:27:24         0 d-------- C:\Program Files\uTorrent
2008-06-16 00:51:06         0 d-------- C:\Program Files\Outsim
2008-06-15 21:57:13         0 d---s---- C:\Program Files\HLSW
2008-06-14 21:36:20         0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-14 04:42:27         0 d-------- C:\Program Files\Windows Live
2008-06-14 04:42:09         0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-13 16:32:57         0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-12 13:44:08         0 d-------- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Pro
2008-06-08 22:42:36         0 d-------- C:\Program Files\Creative
2008-06-08 14:13:21         0 d-------- C:\Program Files\QuickPar
2008-06-08 14:04:46         0 d-------- C:\Documents and Settings\Michael\Application Data\vlc
2008-06-08 04:46:01         0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 04:38:22         0 d-------- C:\Documents and Settings\Michael\Application Data\Digsby
2008-06-08 04:38:11         0 d-------- C:\Program Files\Digsby
2008-06-08 03:32:34         0 d-------- C:\Documents and Settings\Michael\Application Data\Sony Corporation
2008-06-08 03:28:08         0 d-------- C:\Program Files\Sony Visual Communication Camera (VGP-UVC100)
2008-06-08 01:11:09         0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-08 01:10:54         0 d-------- C:\Program Files\Microsoft.NET
2008-06-08 01:10:54         0 d-------- C:\Program Files\Common Files\ODBC
2008-06-08 01:08:51         0 d-------- C:\Program Files\Ventrilo
2008-06-08 01:01:08         0 d-------- C:\Documents and Settings\Michael\Application Data\Logitech
2008-06-08 00:59:25         0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-08 00:58:57         0 d-------- C:\Program Files\Logitech
2008-06-08 00:58:57         0 d-------- C:\Documents and Settings\Michael\Application Data\InstallShield
2008-06-08 00:50:43         0 d-------- C:\Program Files\Messenger
2008-06-08 00:46:36    250048 -rahs---- C:\ntldr
2008-06-08 00:22:39         0 d-------- C:\Program Files\VideoLAN
2008-06-08 00:18:49         0 d-------- C:\Program Files\Lavasoft
2008-06-08 00:18:24         0 d-------- C:\Documents and Settings\Michael\Application Data\WinRAR
2008-06-07 23:46:12         0 d-------- C:\Program Files\ESEA
2008-06-07 23:46:01         0 d-------- C:\Program Files\CEVO
2008-06-07 23:41:23         0 d-------- C:\Documents and Settings\Michael\Application Data\Creative
2008-06-07 23:37:55         0 d-------- C:\Program Files\Bonjour
2008-06-07 23:36:59         0 d-------- C:\Program Files\Common Files\Apple
2008-06-07 23:20:34         0 d-------- C:\Documents and Settings\Michael\Application Data\Macromedia
2008-06-07 23:14:03         0 d-------- C:\Documents and Settings\Michael\Application Data\SmartFTP
2008-06-07 23:13:57         0 d-------- C:\Documents and Settings\Michael\Application Data\nomp
2008-06-07 23:13:50         0 d-------- C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-06-07 23:11:10         0 --a------ C:\WINDOWS\nsreg.dat
2008-06-07 23:11:09         0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-06-07 23:01:16         0 d-------- C:\Documents and Settings\Michael\Application Data\Identities
2008-06-07 22:58:03         0 d-------- C:\Program Files\microsoft frontpage
2008-06-07 22:57:53         0 -rahs---- C:\MSDOS.SYS
2008-06-07 22:57:53         0 -rahs---- C:\IO.SYS
2008-06-07 22:57:53         0 --a------ C:\CONFIG.SYS
2008-06-07 22:57:53         0 --a------ C:\AUTOEXEC.BAT
2008-06-07 22:56:20         0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-07 22:55:17         0 d-------- C:\Program Files\Online Services
2008-06-07 22:55:10         0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-07 17:50:23         0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-07 17:50:02        62 --ahs---- C:\Documents and Settings\Michael\Application Data\desktop.ini
2008-06-06 12:28:34     29952 --a------ C:\WINDOWS\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
2008-06-06 12:28:30    430080 --a------ C:\WINDOWS\ntuneoem.dll <Not Verified; NVIDIA; NVIDIA nTune>
2008-05-30 18:22:48    802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 18:22:48    823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:48    823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46    815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46    683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-27 18:16:44     61440 --a------ C:\WINDOWS\system32\NormalizeDSP.dll
2008-05-23 08:12:58    323584 --a------ C:\WINDOWS\system32\AudioGenie2.dll <Not Verified; Stefan Toengi; audiogenie Module>
2008-05-22 17:22:18   3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 17:19:46    196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 17:19:46     81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 17:18:54     12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 14:01:00   1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00   1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00   1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00    466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00   1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00   1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00    442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00    425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25}]
08/05/2008 02:45 AM    35328    --a------    C:\WINDOWS\system32\ddcCUlMd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8aa545cb-955d-4ec2-9811-f8ad7c072a78}]
08/06/2008 08:57 AM    95744    --a------    C:\WINDOWS\system32\qappds.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC1E55BF-8CC9-4380-BA6D-1CB9829525A3}]
08/05/2008 02:50 AM    246784    --a------    C:\WINDOWS\system32\opnolICT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 07:26 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 08:33 PM]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [12/13/2007 05:43 PM]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [12/13/2007 05:57 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\WINDOWS\KHALMNPR.Exe]
"SONYTRAY"="C:\WINDOWS\Options\install\tsnp2std.exe" [05/29/2006 07:14 PM]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [06/16/2006 01:19 PM]
"CTHelper"="CTHELPER.EXE" [08/11/2006 02:56 PM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [08/11/2006 02:56 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 05:29 PM]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [03/19/2002 05:30 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/03/2008 02:23 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/16/2008 02:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [06/11/2008 11:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [06/06/2008 12:25 PM]
"Orb"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [05/13/2008 08:29 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/8/2008 12:59:17 AM]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [6/13/2008 4:09:14 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25}"= C:\WINDOWS\system32\ddcCUlMd.dll [08/05/2008 02:45 AM 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCUlMd]
ddcCUlMd.dll 08/05/2008 02:45 AM 35328 C:\WINDOWS\system32\ddcCUlMd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 05/02/2008 02:42 AM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 02/14/2006 12:00 PM 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnolICT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30025912]
rundll32.exe "C:\WINDOWS\system32\chkuhslq.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM33316a8e]
Rundll32.exe "C:\WINDOWS\system32\qngwbnxc.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs    eaphost
dot3svc    dot3svc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e7ff37d-3f75-11dd-aee0-044b80808003}]
AutoRun\command- F:\setup\rsrc\Autorun.exe
dinstall\command- F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4473a12a-38af-11dd-aede-044b80808003}]
AutoRun\command- H:\Setup.exe -auto




-- End of Deckard's System Scanner: finished at 2008-08-06 22:09:30 ------------


This post has been edited by oat: Aug 6 2008, 09:13 PM
Go to the top of the page
 
+Quote Post
oat
post Aug 6 2008, 09:13 PM
Post #4


Member
**
Posts: 10
OS: XP Pro
Here is Extra.txt

CODE
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU     E6550  @ 2.33GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU     E6550  @ 2.33GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 2046.46 MiB / 1175.63 MiB
Pagefile Memory (total/avail): 3938.84 MiB / 3243.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.53 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 160.97 GiB free.
D: is Fixed (NTFS) - 149.04 GiB total, 46.94 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST3160812AS - 149.05 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 149.04 GiB - D:

\\.\PHYSICALDRIVE0 - ST3250410AS - 232.88 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.
FirewallOverride is set.

AV: Symantec AntiVirus Corporate Edition v10.1.5.5000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\steamapps\\oat07\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\oat07\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW Application"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"="C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe:*:Enabled:Guitar Hero III"
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe:*:Enabled:pcAnywhere Host"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C&#