Welcome Guest ( Log In | Register )

      
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
3 Pages V   1 2 3 >  
 Reply to this topicStart new topic
Dr Watson Postmortem Debugger, and others [RESOLVED]
SKousik
post Aug 22 2008, 04:13 PM
Post #1


Member
**
Posts: 24
OS: XP Home
I got the 'Dr Watson' thing today for the first time, and looked up what to do about it... I saw that another fellow had posted about it on this forum, so I figured I'd do the same. My computer did lock up after displaying that error. It has also been giving me 'Windows Explorer must close' errors every few hours, and then it freezes up for a few seconds, and sometimes the bottom toolbar disappears and then reappears. Also, it has been freezing up every 3 or 4 minutes for a few seconds each time, especially when I'm browsing the Internet. Today, it is refusing to show the site formatting for comcast.net and geekstogo.com, and shows only words and posted images. Other sites are working, but these two seem to be reduced to their text only. I used ADT, which kept freezing up on my computer, and SuperAntiSpyware, but finally downloaded Hijack This... Here's the HJT file. Thank you so much, for just having a site like this in existence!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:00 PM, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 9653 bytes
Go to the top of the page
 
+Quote Post
Jimmy2012
post Aug 26 2008, 03:32 PM
Post #2


Trusted Helper
Group Icon
Posts: 2,659
From: Ohio, USA
OS: linux, Windows XP
Hello SKousik, and welcome to Geeks to go. Sorry about the delay, everyone here has been very busy.

Please post a fresh HijackThis log in your next reply.
Go to the top of the page
 
+Quote Post
SKousik
post Aug 26 2008, 07:25 PM
Post #3


Member
**
Posts: 24
OS: XP Home
It's no problem! I'm very busy as well, and am very grateful for this website.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:37 PM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -

c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital

Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8

-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32

\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32

\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -

atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07

\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital

Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1

\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe

/Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online

9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program

Files\Quicken\bagent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32

\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

- C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation

- c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32

\Tablet.exe

--
End of file - 9783 bytes
Go to the top of the page
 
+Quote Post
Jimmy2012
post Aug 27 2008, 10:46 AM
Post #4


Trusted Helper
Group Icon
Posts: 2,659
From: Ohio, USA
OS: linux, Windows XP
Hello SKousik,
Before we get started please turn the word wrap off in your notepad. To do this please open up a notepad window and click Format>Word Wrap and it should be off now.

STEP 1
I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free).
Comodo
Zone Alarm
OutPost
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.

STEP 2
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

STEP 3
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

~~~~~~~~~~~
In your next reply please have these logs. You will need to use more then 1 reply for the logs to fit.
The SmitFraudFix log
The OTViewIt logs
And a fresh HijackThis log
Go to the top of the page
 
+Quote Post
SKousik
post Aug 27 2008, 02:51 PM
Post #5


Member
**
Posts: 24
OS: XP Home
Thank you!

However, SmitFraud simply isn't working. If I click it, it brings up command prompt, but I can't type anything into it. If I try to move it, it states that it is being used by another program.

Here are the OTViewIt logs:

OTViewIt logfile created on: 8/27/2008 5:15:00 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 65.70% Memory free
1.95 Gb Paging File | 1.60 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.53 Gb Total Space | 116.45 Gb Free Space | 81.13% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.11% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHREYAS
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[12/22/2004 05:45 PM | 00,235,120 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
[12/22/2004 05:45 PM | 00,255,600 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
[10/29/2007 02:27 PM | 00,587,096 | ---- | M] (Lavasoft AB) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[08/27/2008 04:32 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe
[08/18/2003 02:34 AM | 00,158,376 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\navapsvc.exe
[06/17/2005 04:00 PM | 00,749,568 | ---- | M] (Wacom Technology, Corp.) - C:\WINDOWS\system32\Tablet.exe
[05/07/1998 07:04 PM | 00,052,736 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system\hpsysdrv.exe
[10/07/2002 10:23 AM | 00,090,112 | ---- | M] () - C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
[05/23/2003 05:55 AM | 00,483,328 | ---- | M] (Hewlett-Packard) - C:\WINDOWS\system32\hphmon05.exe
[02/11/2003 11:02 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company) - C:\hp\KBD\kbd.exe
[10/22/2004 11:53 AM | 00,053,248 | ---- | M] (S3 Graphics, Inc.) - C:\WINDOWS\system32\VTTimer.exe
[12/22/2004 05:45 PM | 00,071,280 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[07/14/2003 08:52 PM | 00,040,960 | ---- | M] (Agere Systems) - C:\WINDOWS\ltmsg.exe
[08/14/2003 09:12 PM | 00,139,264 | ---- | M] (Alcor Micro, Corp.) - C:\Program Files\Multimedia Card Reader\shwicon2k.exe
[03/08/2005 12:42 AM | 00,176,128 | ---- | M] (HP) - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
[08/10/2003 03:26 AM | 00,193,816 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\SAVScan.exe
[09/07/2007 04:55 PM | 00,267,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[09/07/2004 01:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\ALCXMNTR.EXE
[08/27/2008 04:32 PM | 01,655,552 | ---- | M] () - C:\Program Files\COMODO\Firewall\cfp.exe
[05/07/2008 08:08 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.) - C:\Program Files\DNA\btdna.exe
[07/07/2003 11:20 AM | 00,233,472 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[06/11/2007 06:16 PM | 00,103,928 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[06/17/2005 04:35 PM | 00,114,688 | ---- | M] (Wacom Technology, Corp.) - C:\WINDOWS\system32\WTablet\TabUserW.exe
[07/07/2003 07:50 PM | 00,557,056 | ---- | M] (interMute, Inc.) - C:\Program Files\interMute\SpamSubtract\SpamSub.exe
[09/07/2007 04:55 PM | 00,503,608 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[07/19/2008 01:07 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/27/2008 05:14 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Ad-Aware 2007 Service [Auto | Running]
[10/29/2007 02:27 PM | 00,587,096 | ---- | M] (Lavasoft AB) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[12/13/2005 09:53 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[12/22/2004 05:45 PM | 00,255,600 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

(ccPwdSvc) Symantec Password Validation [On_Demand | Stopped]
[12/22/2004 05:45 PM | 00,087,664 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[12/22/2004 05:45 PM | 00,235,120 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

(cmdAgent) COMODO Firewall Pro Helper Service [Auto | Running]
[08/27/2008 04:32 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/14/2008 05:42 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 01:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[09/07/2007 04:55 PM | 00,503,608 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped]
[06/25/2005 07:26 PM | 00,069,632 | ---- | M] (Macromedia) - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

(navapsvc) Norton AntiVirus Auto Protect Service [Auto | Running]
[08/18/2003 02:34 AM | 00,158,376 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\navapsvc.exe

(NVSvc) NVIDIA Driver Helper Service [Auto | Stopped]
[08/19/2003 05:56 AM | 00,077,824 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Stopped]
[09/29/2004 01:14 PM | 00,069,632 | ---- | M] (HP) - C:\WINDOWS\system32\HPZipm12.exe

(SAVScan) SAVScan [On_Demand | Running]
[08/10/2003 03:26 AM | 00,193,816 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\SAVScan.exe

(TabletService) TabletService [Auto | Running]
[06/17/2005 04:00 PM | 00,749,568 | ---- | M] (Wacom Technology, Corp.) - C:\WINDOWS\system32\Tablet.exe

===== Driver Services - Non-Microsoft Only =====

(AFS2K) AFS2K [System | Running]
[10/07/2004 09:16 PM | 00,035,840 | ---- | M] (Oak Technology Inc.) - C:\WINDOWS\System32\drivers\AFS2K.SYS

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[10/01/2004 10:24 AM | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [On_Demand | Stopped]
[09/16/2005 12:46 PM | 00,044,224 | R--- | M] (BVRP Software) - C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

(cmdGuard) COMODO Firewall Pro Sandbox Driver [System | Running]
[08/27/2008 04:32 PM | 00,087,056 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\cmdguard.sys

(cmdHlp) COMODO Firewall Pro Helper Driver [System | Running]
[08/27/2008 04:32 PM | 00,024,208 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\cmdhlp.sys

(dmboot) dmboot [Disabled | Stopped]
[04/14/2008 12:14 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[04/14/2008 12:14 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/29/2002 08:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(fasttx2k) fasttx2k [Boot | Running]
[06/19/2003 04:59 AM | 00,140,800 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\Fasttx2k.sys

(FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [On_Demand | Running]
[12/16/2004 01:36 PM | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) - C:\WINDOWS\system32\drivers\fetnd5bv.sys

(FETNDISB) VIA Rhine Family Fast Ethernet Adapter Driver Service [On_Demand | Stopped]
[01/16/2003 02:05 AM | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) - C:\WINDOWS\system32\drivers\fetnd5b.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[09/19/2006 04:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Stopped]
[03/08/2005 12:43 AM | 00,051,120 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Stopped]
[03/08/2005 12:43 AM | 00,016,496 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Stopped]
[03/08/2005 12:43 AM | 00,021,744 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys

(ialm) ialm [On_Demand | Stopped]
[04/15/2003 08:39 PM | 00,090,907 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(Inspect) COMODO Firewall Pro Firewall Driver [Boot | Running]
[08/27/2008 04:32 PM | 00,079,760 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\inspect.sys

(ltmodem5) Agere Modem Driver [On_Demand | Running]
[07/02/2003 02:33 AM | 00,652,497 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\ltmdmnt.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Stopped]
[12/05/2005 11:26 PM | 00,039,424 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(NAVENG) NAVENG [On_Demand | Running]
[09/24/2003 11:00 AM | 00,067,800 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030924.008\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[09/24/2003 11:00 AM | 00,539,576 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030924.008\NAVEX15.SYS

(nv) nv [On_Demand | Stopped]
[04/13/2008 10:04 PM | 01,897,408 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nvcap) nVidia WDM Video Capture (universal) [Auto | Stopped]
[07/30/2003 05:15 AM | 00,126,348 | ---- | M] () - C:\WINDOWS\system32\drivers\nvcap.sys

(NVXBAR) nVidia WDM A/V Crossbar [Auto | Stopped]
[07/30/2003 05:15 AM | 00,013,006 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nvxbar.sys

(nv_agp) NVIDIA nForce AGP Bus Filter [Boot | Running]
[09/03/2003 02:51 AM | 00,021,120 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv_agp.SYS

(Passthru) Service [On_Demand | Running]
[08/27/2008 04:28 PM | 00,104,864 | ---- | M] () - C:\WINDOWS\system32\drivers\ndisio.sys

(PenClass) Pen Class [Boot | Running]
[04/09/2001 04:45 PM | 00,008,138 | ---- | M] (Wacom Technology Corporation) - C:\WINDOWS\system32\drivers\PenClass.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[09/03/2003 10:01 AM | 00,010,368 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys

(PID_0928) Logitech QuickCam Express(PID_0928) [On_Demand | Stopped]
[12/05/2005 11:27 PM | 00,287,360 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LV561AV.SYS

(Ps2) Ps2 [On_Demand | Running]
[06/04/2001 05:00 PM | 00,014,112 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\PS2.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/29/2002 08:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[07/18/2006 07:13 PM | 00,020,640 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [On_Demand | Stopped]
[10/04/2002 08:04 PM | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\R8139n51.sys

(S3Psddr) S3Psddr [On_Demand | Stopped]
[04/13/2008 10:04 PM | 00,166,912 | ---- | M] (S3 Graphics, Inc.) - C:\WINDOWS\system32\drivers\s3gnbm.sys

(SASDIFSV) SASDIFSV [System | Running]
[05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Stopped]
[05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SAVRT) SAVRT [On_Demand | Running]
[08/07/2003 02:02 AM | 00,300,736 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\savrt.sys

(SAVRTPEL) SAVRTPEL [System | Running]
[08/07/2003 02:02 AM | 00,035,008 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\Savrtpel.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[04/13/2008 10:09 PM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SiS315) SiS315 [On_Demand | Stopped]
[05/06/2003 06:34 PM | 00,394,752 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\sisgrp.sys

(SISAGP) SiS AGP Filter [Boot | Running]
[02/20/2003 07:18 PM | 00,036,608 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGPX.SYS

(SiSkp) SiSkp [System | Running]
[04/11/2003 11:51 AM | 00,010,624 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\srvkp.sys

(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [On_Demand | Stopped]
[08/17/2001 02:56 PM | 00,007,552 | ---- | M] (Sony Corporation) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS

(SunkFilt) Alcor Micro Corp - 9360 [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\sunkfilt.sys

(Sunkfiltp) HP && Alcor Micro Corp for Phison [On_Demand | Running]
[09/04/2003 03:07 PM | 00,033,804 | ---- | M] (Alcor Micro Corp.) - C:\WINDOWS\system32\drivers\sunkfiltp.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/16/2003 03:22 AM | 00,082,136 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(SYMREDRV) SYMREDRV [On_Demand | Running]
[08/16/2003 04:07 AM | 00,015,176 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [Auto | Running]
[08/16/2003 04:05 AM | 00,176,963 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(viaagp1) VIA AGP Filter [Boot | Running]
[07/02/2003 02:42 PM | 00,027,904 | ---- | M] (VIA Technologies, Inc.) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS

(viagfx) viagfx [On_Demand | Running]
[12/07/2004 08:08 PM | 00,172,672 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) - C:\WINDOWS\system32\drivers\vtmini.sys

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [On_Demand | Stopped]
[04/15/2003 08:40 PM | 00,113,504 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmsbw.sys

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [On_Demand | Stopped]
[04/15/2003 08:40 PM | 00,078,752 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmkchw.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor" = ALCXMNTR.EXE [09/07/2004 01:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"AutoTKit" = C:\hp\bin\AUTOTKIT.EXE [06/18/2003 10:19 PM | 00,053,248 | ---- | M] ()
"CamMonitor" = c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [10/07/2002 10:23 AM | 00,090,112 | ---- | M] ()
"ccApp" = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/22/2004 05:45 PM | 00,071,280 | ---- | M] (Symantec Corporation)
"COMODO Firewall Pro" = "C:\Program Files\COMODO\Firewall\cfp.exe" -h [08/27/2008 04:32 PM | 01,655,552 | ---- | M] ()
"HotKeysCmds" = C:\WINDOWS\System32\hkcmd.exe [04/07/2003 10:07 AM | 00,114,688 | ---- | M] (Intel Corporation)
"HPDJ Taskbar Utility" = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe [03/08/2005 12:42 AM | 00,176,128 | ---- | M] (HP)
"HPHmon05" = C:\WINDOWS\System32\hphmon05.exe [05/23/2003 05:55 AM | 00,483,328 | ---- | M] (Hewlett-Packard)
"HPHUPD05" = c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe File not found
"hpsysdrv" = c:\windows\system\hpsysdrv.exe [05/07/1998 07:04 PM | 00,052,736 | ---- | M] (Hewlett-Packard Company)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM | 00,267,064 | ---- | M] (Apple Inc.)
"KBD" = C:\HP\KBD\KBD.EXE [02/11/2003 11:02 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company)
"LTMSG" = LTMSG.exe 7 [07/14/2003 08:52 PM | 00,040,960 | ---- | M] (Agere Systems)
"MSPY2002" = C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC [08/29/2002 03:00 PM | 00,059,392 | ---- | M] ()
"PS2" = C:\WINDOWS\system32\ps2.exe [10/16/2002 07:57 PM | 00,081,920 | ---- | M] (Hewlett-Packard Company)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [06/29/2007 06:24 AM | 00,286,720 | ---- | M] (Apple Inc.)
"Recguard" = C:\WINDOWS\SMINST\RECGUARD.EXE [09/14/2002 12:42 AM | 00,212,992 | ---- | M] ()
"SetDefPrt" = C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe [11/11/2004 05:14 PM | 00,049,152 | ---- | M] (Brother Industories, Ltd.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Sunkist2k" = C:\Program Files\Multimedia Card Reader\shwicon2k.exe [08/14/2003 09:12 PM | 00,139,264 | ---- | M] (Alcor Micro, Corp.)
"UpdateManager" = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [08/19/2003 11:01 AM | 00,110,592 | ---- | M] (Sonic Solutions)
"VTTimer" = VTTimer.exe [10/22/2004 11:53 AM | 00,053,248 | ---- | M] (S3 Graphics, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"BackupNotify" = c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [06/23/2003 12:25 AM | 00,024,576 | ---- | M] ( )
"BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" [05/07/2008 08:08 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.)
"MsnMsgr" = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
"NVIEW" = rundll32.exe nview.dll,nViewLoadHook [08/19/2003 05:56 AM | 00,852,038 | ---- | M] (NVIDIA Corporation)
"RecordNow!" = File not found
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 05:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)
"Yahoo! Pager" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [06/11/2007 06:16 PM | 04,670,968 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/23/2005 11:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[09/10/2003 04:53 PM | 00,036,953 | -H-- | M] (America Online, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
[07/07/2003 11:20 AM | 00,233,472 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[02/16/2005 08:54 PM | 00,450,560 | ---- | M] (Logitech) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[07/30/2003 07:49 AM | 00,057,344 | ---- | M] (Intuit Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
[06/17/2005 04:35 PM | 00,114,688 | ---- | M] (Wacom Technology, Corp.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

[Owner Startup Folder - C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
[03/16/2005 08:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[04/08/2004 08:04 PM | 00,225,280 | ---- | M] (Leader Technologies) - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
[07/07/2003 07:50 PM | 00,557,056 | ---- | M] (interMute, Inc.) - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (&Yahoo! Toolbar Helper) - [03/20/2007 05:39 PM | 00,803,864 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 05:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
""
HKLM CLSID: () - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Norton AntiVirus) - File not found c:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP View) - [09/03/2003 09:42 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/20/2007 05:39 PM | 00,803,864 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP View) - [09/03/2003 09:42 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Norton AntiVirus) - File not found c:\Program Files\Norton AntiVirus\NavShExt.dll

"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP View) - [09/03/2003 09:42 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/20/2007 05:39 PM | 00,803,864 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 91 00 00 00 [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
" C:\WINDOWS\system32\guard32.dll" - [08/27/2008 04:32 PM | 00,143,104 | ---- | M] () C:\WINDOWS\system32\guard32.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/14/2008 12:23 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 05:42 AM | 00,141,312 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe [11/27/2007 06:45 PM | 00,588,080 | ---- | M] ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/14/2008 12:23 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 05:42 AM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe [05/07/2008 08:08 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\system32\fuh.exe" = C:\WINDOWS\system32\fuh.exe File not found
"C:\WINDOWS\system32\ukxg.exe" = C:\WINDOWS\system32\ukxg.exe File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [09/07/2007 04:55 PM | 15,995,704 | ---- | M] (Apple Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe [12/11/2007 01:00 AM | 01,873,280 | ---- | M] (Cerulean Studios)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\explorer.exe [04/14/2008 05:42 AM | 01,033,728 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/14/2008 05:42 AM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
"C:\Documents and Settings\Owner\dlyexnl.exe \s" - [08/27/2008 04:29 PM | 00,033,792 | ---- | M] () C:\Documents and Settings\Owner\dlyexnl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/14/2008 05:42 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/14/2008 05:42 AM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [04/19/2007 01:41 PM | 00,294,912 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxsrvc.dll [04/07/2003 10:06 AM | 00,315,392 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0689CEC2-8D77-4684-9520-B9193268E020}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D1B79580-F7BF-4154-B1C8-C37567E831D5}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FA2FEC05-30B4-4CE9-8247-8DC06D68104A}]
Servers: | Description: VIA Rhine II Fast Ethernet Adapter

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[10/10/2003 10:32 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTOEXEC.BAT []
[07/28/2001 06:07 AM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ]

Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[09/11/2002 03:02 AM | 00,000,045 | -HS- | M] () D:\Autorun.inf [ FAT32 ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4d0d76-8ee3-11db-9e54-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4d0d76-8ee3-11db-9e54-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4d0d76-8ee3-11db-9e54-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b971416-540e-11db-9e06-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b971416-540e-11db-9e06-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b971416-540e-11db-9e06-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c1cb312-4e70-11db-9e00-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c1cb312-4e70-11db-9e00-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c1cb312-4e70-11db-9e00-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a50201-9965-11dc-9fae-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a50201-9965-11dc-9fae-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a50201-9965-11dc-9fae-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8906e00a-7c6b-11da-9cb9-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8906e00a-7c6b-11da-9cb9-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8906e00a-7c6b-11da-9cb9-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a623bf2-4e68-11dc-9f46-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a623bf2-4e68-11dc-9f46-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a623bf2-4e68-11dc-9f46-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38cc91-1b03-11db-9daf-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38cc91-1b03-11db-9daf-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38cc91-1b03-11db-9daf-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69094d0-db2e-11db-9ebd-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69094d0-db2e-11db-9ebd-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69094d0-db2e-11db-9ebd-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/03/2008 04:33 PM | -H-D | C] - C:\$AVG8.VAULT$
[08/27/2008 04:49 PM | ---D | C] - C:\SmitfraudFix
[08/03/2008 04:17 PM | 00,000,403 | ---- | C] () - C:\WINDOWS\System32\dllcache\npdrmv2.zip
[08/03/2008 04:17 PM | 00,000,420 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmploc.js
[08/03/2008 04:17 PM | 00,000,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapp.gif
[08/03/2008 04:17 PM | 00,000,733 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst15.wpl
[08/03/2008 04:17 PM | 00,000,760 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapph.gif
[08/03/2008 04:17 PM | 00,000,772 | ---- | C] () - C:\WINDOWS\System32\dllcache\cntd.gif
[08/03/2008 04:17 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnt.gif
[08/03/2008 04:17 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnth.gif
[08/03/2008 04:17 PM | 00,000,775 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst14.wpl
[08/03/2008 04:17 PM | 00,000,783 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst13.wpl
[08/03/2008 04:17 PM | 00,000,784 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst9.wpl
[08/03/2008 04:17 PM | 00,000,787 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst10.wpl
[08/03/2008 04:17 PM | 00,000,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst11.wpl
[08/03/2008 04:17 PM | 00,000,855 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpocm.inf
[08/03/2008 04:17 PM | 00,000,908 | ---- | C] () - C:\WINDOWS\System32\dllcache\skins.inf
[08/03/2008 04:17 PM | 00,000,999 | ---- | C] () - C:\WINDOWS\System32\dllcache\bktrh.gif
[08/03/2008 04:17 PM | 00,001,036 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst8.wpl
[08/03/2008 04:17 PM | 00,001,046 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst7.wpl
[08/03/2008 04:17 PM | 00,001,049 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst2.wpl
[08/03/2008 04:17 PM | 00,001,148 | ---- | C] () - C:\WINDOWS\System32\dllcache\snd.htm
[08/03/2008 04:17 PM | 00,001,250 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst1.wpl
[08/03/2008 04:17 PM | 00,001,367 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoffh.gif
[08/03/2008 04:17 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoff.gif
[08/03/2008 04:17 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taonh.gif
[08/03/2008 04:17 PM | 00,001,398 | ---- | C] () - C:\WINDOWS\System32\dllcache\taon.gif
[08/03/2008 04:17 PM | 00,001,448 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst4.wpl
[08/03/2008 04:17 PM | 00,001,451 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst12.wpl
[08/03/2008 04:17 PM | 00,001,474 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst3.wpl
[08/03/2008 04:17 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst5.wpl
[08/03/2008 04:17 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst6.wpl
[08/03/2008 04:17 PM | 00,001,771 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.css
[08/03/2008 04:17 PM | 00,001,885 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.cnt
[08/03/2008 04:17 PM | 00,002,371 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpauseh.gif
[08/03/2008 04:17 PM | 00,002,375 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplayh.gif
[08/03/2008 04:17 PM | 00,002,450 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpause.gif
[08/03/2008 04:17 PM | 00,002,469 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplay.gif
[08/03/2008 04:17 PM | 00,002,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm5.gif
[08/03/2008 04:17 PM | 00,002,545 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogo.gif
[08/03/2008 04:17 PM | 00,002,778 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogoh.gif
[08/03/2008 04:17 PM | 00,003,187 | ---- | C] () - C:\WINDOWS\System32\dllcache\tour.js
[08/03/2008 04:17 PM | 00,004,193 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm8.gif
[08/03/2008 04:17 PM | 00,005,290 | ---- | C] () - C:\WINDOWS\System32\dllcache\vidsamp.gif
[08/03/2008 04:17 PM | 00,005,789 | ----