Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
3 Pages V  < 1 2 3 >  
 Closed TopicStart new topic
Missing Menu Bar & Desktop Icons [CLOSED], HP Pavilion 733n Desktop
DanZaMan4251
post Nov 30 2007, 07:57 PM
Post #16


Member
**
Posts: 36
OS: Mac OS X, Vista
i trid them in safe mode, but still nothing
Go to the top of the page
 
+Quote Post
Essexboy
post Dec 1 2007, 04:29 AM
Post #17


GeekU Moderator
Group Icon
Posts: 19,163
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
OK I would like to try a new analysis programme to see if I can get at the root cause
  • Download avz4en.zip from here
  • Save it to your desktop and unzip it to a folder on your desktop
  • Double click on AVZ.exe to run it.
  • Choose from the menu "File" => "System Investigation"
  • Close all windows except for AVZ
  • Click on "Start" and save the report to your desktop.
  • Let the scan run and click "No" on the right when it asks you if you want to view it.
  • Upload the report you saved on your desktop onto this site in your next reply.
Go to the top of the page
 
+Quote Post
Essexboy
post Dec 1 2007, 11:09 AM
Post #18


GeekU Moderator
Group Icon
Posts: 19,163
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
In my wanderings around the net I came across this programme at Kellys Korner ( a reputable site)

Could you download and run Taskbar Repair Tool Plus and let me know if that works

http://www.kellys-korner-xp.com/taskbarplus!.htm
Go to the top of the page
 
+Quote Post
DanZaMan4251
post Dec 1 2007, 12:55 PM
Post #19


Member
**
Posts: 36
OS: Mac OS X, Vista
here is the log (It is a link)

file:///Volumes/USB/avz_sysinfo.htm


I will now try the taskbar restore
Go to the top of the page
 
+Quote Post
DanZaMan4251
post Dec 1 2007, 12:57 PM
Post #20


Member
**
Posts: 36
OS: Mac OS X, Vista
incase the link doesn't work


Results of system investigation

AVZ 4.25 http://z-oleg.com/secur/avz/

List of processes

File name PID Description Copyright MD5 Information
c:\windows\system32\alg.exe
Script: Quarantine, Delete, BC delete 2172 Application Layer Gateway Service © Microsoft Corporation. All rights reserved. ?? 43.50 KB, rsAh,
created: 8/5/2002 8:03:31 PM,
modified: 8/4/2004 12:56:48 AM
Command line:
C:\WINDOWS\System32\alg.exe
c:\program files\symantec\liveupdate\aluschedulersvc.exe
Script: Quarantine, Delete, BC delete 1848 Automatic LiveUpdate Scheduler Service Copyright © 1996-2007 Symantec Corporation ?? 541.36 KB, rsAh,
created: 11/25/2007 1:29:41 AM,
modified: 9/12/2007 6:27:24 PM
Command line:
"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
h:\avz4en\avz.exe
Script: Quarantine, Delete, BC delete 3952 AVZ Antiviral Toolkit AVZ Antiviral Toolkit ?? 696.00 KB, rsAh,
created: 12/1/2007 12:47:23 PM,
modified: 4/17/2007 2:58:46 PM
Command line:
"H:\avz4en\avz.exe"
c:\program files\common files\symantec shared\ccsvchst.exe
Script: Quarantine, Delete, BC delete 1368 Symantec Service Framework Copyright © 2000-2006 Symantec Corporation. All rights reserved. ?? 106.35 KB, rsAh,
created: 7/17/2007 7:53:26 PM,
modified: 7/17/2007 7:53:26 PM
Command line:
"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
c:\windows\system32\csrss.exe
Script: Quarantine, Delete, BC delete 724 Client Server Runtime Process © Microsoft Corporation. All rights reserved. ?? 6.00 KB, rsAh,
created: 8/5/2002 8:03:42 PM,
modified: 8/4/2004 12:56:50 AM
Command line:
C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
c:\windows\system32\ctfmon.exe
Script: Quarantine, Delete, BC delete 4040 CTF Loader © Microsoft Corporation. All rights reserved. ?? 15.00 KB, rsAh,
created: 8/5/2002 8:03:42 PM,
modified: 8/4/2004 12:56:50 AM
Command line:
ctfmon.exe
c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete 812 LSA Shell (Export Version) © Microsoft Corporation. All rights reserved. ?? 13.00 KB, rsAh,
created: 8/5/2002 8:04:38 PM,
modified: 8/4/2004 12:56:52 AM
Command line:
C:\WINDOWS\system32\lsass.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
Script: Quarantine, Delete, BC delete 176 Machine Debug Manager © Microsoft Corporation. All rights reserved. ?? 314.57 KB, rsAh,
created: 6/19/2003 10:25:00 PM,
modified: 6/19/2003 10:25:00 PM
Command line:
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
c:\progra~1\at&tgl~1\netcfgsv.exe
Script: Quarantine, Delete, BC delete 228 Network configuration service Copyright © 2002 AT&T. All Rights Reserved. ?? 72.00 KB, rsAh,
created: 9/25/2005 7:26:13 PM,
modified: 9/25/2002 7:00:00 AM
Command line:
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
c:\windows\system32\scsiaccess.exe
Script: Quarantine, Delete, BC delete 256 ?? 177.06 KB, rsAh,
created: 2/4/2003 7:22:30 AM,
modified: 2/4/2003 7:22:30 AM
Command line:
C:\WINDOWS\system32\ScsiAccess.EXE
c:\program files\spyware doctor\sdtrayapp.exe
Script: Quarantine, Delete, BC delete 376 PC Tools Tray Application Copyright © 2007 PC Tools. All rights reserved. ?? 1040.82 KB, rsAh,
created: 11/24/2007 9:50:54 PM,
modified: 11/2/2007 5:24:56 PM
Command line:
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
c:\windows\system32\services.exe
Script: Quarantine, Delete, BC delete 796 Services and Controller app © Microsoft Corporation. All rights reserved. ?? 105.50 KB, rsAh,
created: 8/5/2002 8:05:34 PM,
modified: 8/4/2004 12:56:56 AM
Command line:
C:\WINDOWS\system32\services.exe
c:\windows\system32\spoolsv.exe
Script: Quarantine, Delete, BC delete 1736 Spooler SubSystem App © Microsoft Corporation. All rights reserved. ?? 56.50 KB, rsAh,
created: 8/5/2002 8:05:40 PM,
modified: 6/10/2005 5:53:32 PM
Command line:
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete 996 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 KB, rsAh,
created: 8/5/2002 8:05:43 PM,
modified: 8/4/2004 12:56:58 AM
Command line:
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete 1064 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 KB, rsAh,
created: 8/5/2002 8:05:43 PM,
modified: 8/4/2004 12:56:58 AM
Command line:
C:\WINDOWS\system32\svchost -k rpcss
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete 428 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 KB, rsAh,
created: 8/5/2002 8:05:43 PM,
modified: 8/4/2004 12:56:58 AM
Command line:
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete 1104 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 KB, rsAh,
created: 8/5/2002 8:05:43 PM,
modified: 8/4/2004 12:56:58 AM
Command line:
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete 1220 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 KB, rsAh,
created: 8/5/2002 8:05:43 PM,
modified: 8/4/2004 12:56:58 AM
Command line:
C:\WINDOWS\System32\svchost.exe -k NetworkService
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete 1304 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 KB, rsAh,
created: 8/5/2002 8:05:43 PM,
modified: 8/4/2004 12:56:58 AM
Command line:
C:\WINDOWS\System32\svchost.exe -k LocalService
c:\program files\spyware doctor\svcntaux.exe
Script: Quarantine, Delete, BC delete 268 PC Tools Auxiliary Service Copyright © 2007 PC Tools. All rights reserved. ?? 303.82 KB, rsAh,
created: 11/24/2007 9:50:55 PM,
modified: 11/2/2007 5:24:58 PM
Command line:
"C:\Program Files\Spyware Doctor\svcntaux.exe"
c:\program files\spyware doctor\swdsvc.exe
Script: Quarantine, Delete, BC delete 316 Spyware Doctor Service Copyright © 2007 PC Tools. All rights reserved. ?? 1384.82 KB, rsAh,
created: 11/24/2007 9:50:55 PM,
modified: 11/2/2007 5:25:04 PM
Command line:
"C:\Program Files\Spyware Doctor\swdsvc.exe"
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
Script: Quarantine, Delete, BC delete 3048 Symantec Core Component Copyright © 2003 ?? 1147.13 KB, rsAh,
created: 11/25/2007 1:31:17 AM,
modified: 11/25/2007 1:31:17 AM
Command line:
"C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE"
c:\windows\system32\winlogon.exe
Script: Quarantine, Delete, BC delete 752 Windows NT Logon Application © Microsoft Corporation. All rights reserved. ?? 490.50 KB, rsAh,
created: 8/5/2002 8:06:03 PM,
modified: 8/4/2004 12:56:58 AM
Command line:
winlogon.exe
Detected:25, recognized as trusted 18
Module name Handle Description Copyright MD5 Used by processes
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL
Script: Quarantine, Delete, BC delete 1364721664 Active Debugging Proxy/Stub © Microsoft Corporation. All rights reserved. -- 176
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AV.loc
Script: Quarantine, Delete, BC delete 1877803008 Symantec AntiVirus Resource Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\AntiVirus\avDefMgr.dll
Script: Quarantine, Delete, BC delete 1875902464 Symantec AntiVirus Definition Manager Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll
Script: Quarantine, Delete, BC delete 1876623360 Symantec AntiVirus Exclusion Manager Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll
Script: Quarantine, Delete, BC delete 1876819968 Symantec AntiVirus Interface Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\AntiVirus\avModule.dll
Script: Quarantine, Delete, BC delete 1876033536 Symantec AntiVirus Module Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVScan.dll
Script: Quarantine, Delete, BC delete 1877147648 Symantec AntiVirus Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
Script: Quarantine, Delete, BC delete 1873936384 Symantec Application Core Manager Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSch32.dll
Script: Quarantine, Delete, BC delete 1874526208 Symantec AppCore Scheduler Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll
Script: Quarantine, Delete, BC delete 1874591744 Symantec AppCore ccSetting Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll
Script: Quarantine, Delete, BC delete 1794834432 Symantec Event Manager Client Side Interface Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\ccL60.dll
Script: Quarantine, Delete, BC delete 1788870656 Symantec Library Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
Script: Quarantine, Delete, BC delete 1796014080 Symantec Library Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1848, 1368
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
Script: Quarantine, Delete, BC delete 536870912 Symantec Core Component Copyright © 2003 -- 3048
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Script: Quarantine, Delete, BC delete 4194304 Symantec Core Component Copyright © 2003 ?? 3048
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
Script: Quarantine, Delete, BC delete 1800798208 Symantec Proxy Factory Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\ccScanw.dll
Script: Quarantine, Delete, BC delete 1802174464 Symantec Scan Engine Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
Script: Quarantine, Delete, BC delete 1803091968 Symantec Settings Manager Engine Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
Script: Quarantine, Delete, BC delete 1803616256 Symantec ccService Engine Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Script: Quarantine, Delete, BC delete 4194304 Symantec Service Framework Copyright © 2000-2006 Symantec Corporation. All rights reserved. ?? 1368
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
Script: Quarantine, Delete, BC delete 1806303232 Symantec Trust Validation Engine Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1848, 1368
C:\Program Files\Common Files\Symantec Shared\CF\PEP2.dll
Script: Quarantine, Delete, BC delete 1838612480 Component Framework PEP2 Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NppDBWkr.dll
Script: Quarantine, Delete, BC delete 1727135744 NCODBWkr Copyright © 2007 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NppDSMgr.dll
Script: Quarantine, Delete, BC delete 1727266816 NCODSMgr Copyright © 2007 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
Script: Quarantine, Delete, BC delete 1761607680 Symantec Engine Common Object Model Loader Copyright © 1991-2006 Symantec Corporation. -- 1368
C:\Program Files\Common Files\Symantec Shared\Firewall\FWHelper.dll
Script: Quarantine, Delete, BC delete 1852309504 Firewall Utilities Copyright © 1997-2005 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\MSL\msl.dll
Script: Quarantine, Delete, BC delete 1854930944 MS Light Library © 2005-2006 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\NPC\DataPvdr.dll
Script: Quarantine, Delete, BC delete 1862598656 Norton Protection Center UI Data Provider Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\NPC\PEPEvnt.dll
Script: Quarantine, Delete, BC delete 1865744384 Norton Protection Center UI Eventing DLL Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\NPC\uiLicPlg.dll
Script: Quarantine, Delete, BC delete 1866661888 Norton Protection Center UI Licensing Plugin Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\QBackup.dll
Script: Quarantine, Delete, BC delete 1877671936 Quarantine/Backup Engine Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll
Script: Quarantine, Delete, BC delete 1768423424 Rule Preprocessor Copyright © 2004-2007 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCCli.dll
Script: Quarantine, Delete, BC delete 1768882176 SPBBC Client Copyright © 2005-2007 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Norton 360\AVSvcPlg.dll
Script: Quarantine, Delete, BC delete 1771569152 Norton Antivirus Service Plugin Event Handler Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\mmLU.dll
Script: Quarantine, Delete, BC delete 1771044864 LiveUpdate Middle Man Shim Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\mmLuPxy.dll
Script: Quarantine, Delete, BC delete 1774387200 Norton 360Proxy for mmLU Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\mmNCU.dll
Script: Quarantine, Delete, BC delete 1774518272 Norton Cleanup Plugin for Middle Man Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\mmNCURes.loc
Script: Quarantine, Delete, BC delete 1785135104 mmNCU Resource Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\mmWDF.dll
Script: Quarantine, Delete, BC delete 1775042560 Windows Defragmentation Plugin for Middle Man Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\mmWDFRes.dll
Script: Quarantine, Delete, BC delete 1775239168 mmWDF Resource Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\NTPFW.dll
Script: Quarantine, Delete, BC delete 1775960064 Firewall Plugin Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\SelfHeal.dll
Script: Quarantine, Delete, BC delete 1776812032 Self Heal Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\SetEvtHp.dll
Script: Quarantine, Delete, BC delete 1747779584 Settings Event Helper Copyright © 2007 Symantec Corporation. All rights reserved. -- 1368
C:\Program Files\Norton 360\tpBESvc.dll
Script: Quarantine, Delete, BC delete 1777467392 Norton 360 Backup Service Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\tpDataCl.dll
Script: Quarantine, Delete, BC delete 1779105792 IS Data Cl Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\tpIdleDt.dll
Script: Quarantine, Delete, BC delete 1780023296 Norton 360 Idle Scanner Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\tpMidMan.dll
Script: Quarantine, Delete, BC delete 1782972416 Norton 360 Middle Man Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Norton 360\tpSched.dll
Script: Quarantine, Delete, BC delete 1783824384 Norton 360 Scheduler Copyright © 1997-2007 Symantec Corporation -- 1368
C:\Program Files\Spyware Doctor\avengine\engine.dll
Script: Quarantine, Delete, BC delete 135593984 PC Tools Engine DLL for Windows NT/2000/XP Copyright PC Tools Research Pty Ltd 2006 -- 316
C:\Program Files\Spyware Doctor\avengine\SDAVgate.dll
Script: Quarantine, Delete, BC delete 132055040 Spyware Doctor Call Gate Copyright © 2006 PC Tools Research -- 316
C:\Program Files\Spyware Doctor\BH.dll
Script: Quarantine, Delete, BC delete 54460416 Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\cdialogs.dll
Script: Quarantine, Delete, BC delete 7536640 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 376
C:\Program Files\Spyware Doctor\commhlpr.dll
Script: Quarantine, Delete, BC delete 3538944 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\CommLib.dll
Script: Quarantine, Delete, BC delete 6553600 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 376, 316
C:\Program Files\Spyware Doctor\CommOM.dll
Script: Quarantine, Delete, BC delete 5308416 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 376, 316
C:\Program Files\Spyware Doctor\filehlpr.dll
Script: Quarantine, Delete, BC delete 3997696 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\FileStorage.sdp
Script: Quarantine, Delete, BC delete 47185920 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\IDBLib.sdp
Script: Quarantine, Delete, BC delete 47775744 Database Library Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\ikdll.dll
Script: Quarantine, Delete, BC delete 268435456 Kernel Interface DLL Copyright © PCTools Research Pty Ltd. 2006 -- 376, 268, 316
C:\Program Files\Spyware Doctor\Immunizer.sdp
Script: Quarantine, Delete, BC delete 52690944 Copyright © 2006-2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\inethlpr.dll
Script: Quarantine, Delete, BC delete 3801088 Spyware Doctor Component Copyright © 2006-2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\klg.dat
Script: Quarantine, Delete, BC delete 1509949440 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 2172, 3952, 724, 4040, 812, 176, 228, 256, 376, 796, 1736, 996, 1064, 428, 1104, 1220, 1304, 268, 3048, 752
C:\Program Files\Spyware Doctor\Localizer.sdp
Script: Quarantine, Delete, BC delete 52822016 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\NfyMan.sdp
Script: Quarantine, Delete, BC delete 54329344 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\PCToolsComponents.bpl
Script: Quarantine, Delete, BC delete 3604480 Copyright © 2007 PC Tools. All rights reserved. -- 376, 316
C:\Program Files\Spyware Doctor\PCTWSC.dll
Script: Quarantine, Delete, BC delete 52363264 PCTWSC Dynamic Link Library PC Tools Copyright © 2006 -- 316
C:\Program Files\Spyware Doctor\plugins\Browsers.SDP
Script: Quarantine, Delete, BC delete 123338752 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\cookie.sdp
Script: Quarantine, Delete, BC delete 123666432 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\grAV.sdp
Script: Quarantine, Delete, BC delete 123928576 Spyware Doctor Component Copyright © 2006-2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\grfiles.SDP
Script: Quarantine, Delete, BC delete 124125184 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\grregistry.SDP
Script: Quarantine, Delete, BC delete 124452864 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\KLGuard.SDP
Script: Quarantine, Delete, BC delete 125370368 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\Network.SDP
Script: Quarantine, Delete, BC delete 125894656 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\Process.SDP
Script: Quarantine, Delete, BC delete 127401984 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\ScriptEngine.SDP
Script: Quarantine, Delete, BC delete 127926272 Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\SDNET.SDP
Script: Quarantine, Delete, BC delete 130088960 Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\plugins\StartUp.SDP
Script: Quarantine, Delete, BC delete 130678784 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\pwindow.dll
Script: Quarantine, Delete, BC delete 8257536 Popup Window Helper Copyright © 2007 PC Tools. All rights reserved. -- 376
C:\Program Files\Spyware Doctor\quarantine.sdp
Script: Quarantine, Delete, BC delete 337641472 Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\RebootManager.sdp
Script: Quarantine, Delete, BC delete 54722560 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\RegHelper.dll
Script: Quarantine, Delete, BC delete 3670016 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\rtl100.bpl
Script: Quarantine, Delete, BC delete 1374814208 Borland Component Package Copyright © 1997-2006 Borland Software Corporation -- 376, 268, 316
C:\Program Files\Spyware Doctor\scaneng.sdp
Script: Quarantine, Delete, BC delete 54919168 Copyright © 2006-2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\sdcore.dll
Script: Quarantine, Delete, BC delete 7929856 Spyware Doctor Component Copyright © 2006-2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\SDExtra.sdp
Script: Quarantine, Delete, BC delete 52166656 Copyright © 2006-2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\SDInfo.sdp
Script: Quarantine, Delete, BC delete 48103424 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\SDTrayApp.exe
Script: Quarantine, Delete, BC delete 4194304 PC Tools Tray Application Copyright © 2007 PC Tools. All rights reserved. ?? 376
C:\Program Files\Spyware Doctor\Settings.sdp
Script: Quarantine, Delete, BC delete 47644672 Spyware Doctor Component Copyright © 2006-2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\SH.dll
Script: Quarantine, Delete, BC delete 125108224 Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\stasks.sdp
Script: Quarantine, Delete, BC delete 55181312 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\svcntaux.exe
Script: Quarantine, Delete, BC delete 4194304 PC Tools Auxiliary Service Copyright © 2007 PC Tools. All rights reserved. ?? 268
C:\Program Files\Spyware Doctor\swdsvc.exe
Script: Quarantine, Delete, BC delete 4194304 Spyware Doctor Service Copyright © 2007 PC Tools. All rights reserved. ?? 316
C:\Program Files\Spyware Doctor\SysAccess.dll
Script: Quarantine, Delete, BC delete 3342336 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 376, 268, 316
C:\Program Files\Spyware Doctor\SystemMonitor.sdp
Script: Quarantine, Delete, BC delete 60751872 Copyright © 2003-2007 PC Tools. All rights reserved. -- 316
C:\Program Files\Spyware Doctor\vcl100.bpl
Script: Quarantine, Delete, BC delete 1375731712 Borland Component Package Copyright © 1997-2006 Borland Software Corporation -- 376, 268, 316
C:\Program Files\Spyware Doctor\whitelist.sdp
Script: Quarantine, Delete, BC delete 74579968 Spyware Doctor Component Copyright © 2007 PC Tools. All rights reserved. -- 316
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
Script: Quarantine, Delete, BC delete 268435456 SUPERAntiSpyware WinLogon Processor Copyright © 2005-2007 SUPERAntiSpyware.com and SUPERAdBlocker.com -- 752
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Script: Quarantine, Delete, BC delete 4194304 Automatic LiveUpdate Scheduler Service Copyright © 1996-2007 Symantec Corporation ?? 1848
C:\Program Files\Symantec\LiveUpdate\MSVCP71.dll
Script: Quarantine, Delete, BC delete 2084306944 Microsoft® C++ Runtime Library © Microsoft Corporation. All rights reserved. -- 1848
C:\Program Files\Symantec\LiveUpdate\MSVCR71.dll
Script: Quarantine, Delete, BC delete 2083913728 Microsoft® C Runtime Library © Microsoft Corporation. All rights reserved. -- 1848
C:\Program Files\Symantec\LiveUpdate\PSLuComServer_3_2.DLL
Script: Quarantine, Delete, BC delete 268435456 LiveUpdate Engine COM Module Copyright © 1996-2007 Symantec Corporation -- 1848
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
Script: Quarantine, Delete, BC delete 4194304 Network configuration service Copyright © 2002 AT&T. All Rights Reserved. ?? 228
C:\PROGRA~1\COMMON~1\SYMANT~1\APPCORE\APPPLG32.DLL
Script: Quarantine, Delete, BC delete 1874395136 Symantec Application Core Plugin Copyright © 1997-2007 Symantec Corporation -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTPLG.DLL
Script: Quarantine, Delete, BC delete 1795555328 Symantec Event Manager Service Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL
Script: Quarantine, Delete, BC delete 1803288576 Symantec Settings Manager Event Factory Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETPLG.DLL
Script: Quarantine, Delete, BC delete 1803354112 Symantec Settings Manager Service Copyright © 2000-2006 Symantec Corporation. All rights reserved. -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\FIREWALL\FWAGENT.DLL
Script: Quarantine, Delete, BC delete 1851785216 Firewall Agent Copyright © 1997-2005 Symantec Corporation -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\NPC\NPCWMIMN.DLL
Script: Quarantine, Delete, BC delete 1863254016 Norton Protection Center Wmi Monitor Service Copyright © 1997-2007 Symantec Corporation -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\OPC\{31011~1\CLTNETCN.DLL
Script: Quarantine, Delete, BC delete 1820590080 CLT NetConnect Copyright © 2007 Symantec Corporation. All rights reserved. -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSVC.DLL
Script: Quarantine, Delete, BC delete 1868824576 Symantec Network Service Plugin Copyright 2002 - 2007 Symantec Corporation -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL
Script: Quarantine, Delete, BC delete 1766850560 SPBBC Events Copyright © 2004-2007 Symantec Corporation. All rights reserved. -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\TPROCPLG.DLL
Script: Quarantine, Delete, BC delete 1812201472 ccTrustProcessor ccService Plugin Copyright © 2006-2007 Symantec Corporation. All rights reserved. -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\SRTSP32.DLL
Script: Quarantine, Delete, BC delete 1872691200 Symantec AutoProtect Copyright © 2006 - 2007 Symantec Corporation -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071127.002\ecmsvr32.dll
Script: Quarantine, Delete, BC delete 1761869824 Symantec Engine Common Object Model Server Copyright © 1991-2006 Symantec Corporation. -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071127.002\NAVENG32.DLL
Script: Quarantine, Delete, BC delete 1764491264 AV Engine Copyright © 1991-2007 Symantec Corporation. -- 1368
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071127.002\NAVEX32a.DLL
Script: Quarantine, Delete, BC delete 1762656256 AV Engine Copyright © 1991-2007 Symantec Corporation. -- 1368
C:\PROGRA~1\NORTON~1\TPENGEVT.DLL
Script: Quarantine, Delete, BC delete 1771372544 Norton 360 Event Copyright © 1997-2007 Symantec Corporation -- 1368
C:\WINDOWS\system32\MSVCP71.dll
Script: Quarantine, Delete, BC delete 2084306944 Microsoft® C++ Runtime Library © Microsoft Corporation. All rights reserved. -- 1368
C:\WINDOWS\system32\MSVCR71.dll
Script: Quarantine, Delete, BC delete 2083913728 Microsoft® C Runtime Library © Microsoft Corporation. All rights reserved. -- 1368, 3048
C:\WINDOWS\SYSTEM32\SYMNETI.DLL
Script: Quarantine, Delete, BC delete 1869283328 Symantec Network Driver Interface Copyright 2002 - 2007 Symantec Corporation -- 1368
C:\WINDOWS\system32\WgaLogon.dll
Script: Quarantine, Delete, BC delete 18677760 Windows Genuine Advantage Notification © 1995-2006 Microsoft Corporation -- 752
Modules detected:364, recognized as trusted 243
Kernel space modules

Module Basic address Size in memory Description Manufacturer
drvmcdb.sys
Script: Quarantine, Delete, BC delete F73AA000 014000 (81920) Device Driver Copyright © VERITAS Software, Inc.
\SystemRoot\system32\drivers\drvnddm.sys
Script: Quarantine, Delete, BC delete F75B7000 00A000 (40960) Device Driver Manager Copyright © VERITAS Software, Inc.
\SystemRoot\System32\Drivers\dump_atapi.sys
Script: Quarantine, Delete, BC delete F4A12000 018000 (98304)
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
Script: Quarantine, Delete, BC delete F79C5000 002000 (8192)
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Script: Quarantine, Delete, BC delete F4A6C000 063000 (405504) Symantec Eraser Control Driver Copyright © 2000-2007 Symantec Corporation. All rights reserved.
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Script: Quarantine, Delete, BC delete F4A4D000 01F000 (126976) Symantec Eraser Utility Driver Copyright © 2000-2007 Symantec Corporation. All rights reserved.
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
Script: Quarantine, Delete, BC delete F77C7000 007000 (28672) CD/DVD Class Filter Driver Copyright © GEAR Software Inc. 2006
ikfilesec.sys
Script: Quarantine, Delete, BC delete F74D7000 00E000 (57344) File Security Device Driver Copyright © PCTools Research Pty Ltd. 2006
\SystemRoot\system32\drivers\iksysflt.sys
Script: Quarantine, Delete, BC delete F4E20000 014000 (81920) System Filter Device Driver Copyright © PCTools Research Pty Ltd. 2006
\SystemRoot\system32\drivers\iksyssec.sys
Script: Quarantine, Delete, BC delete F4D69000 017000 (94208) System Security Device Driver Copyright © PCTools Research Pty Ltd. 2006
\SystemRoot\system32\drivers\KCOM.SYS
Script: Quarantine, Delete, BC delete F7587000 00E000 (57344)
\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Script: Quarantine, Delete, BC delete F7B50000 001000 (4096)
\SystemRoot\System32\Drivers\MCSTRM.SYS
Script: Quarantine, Delete, BC delete F7A29000 002000 (8192) RealNetworks Virtual Path Manager® Copyright © RealNetworks, Inc. 1995-2002
\SystemRoot\System32\Drivers\MxlW2k.SYS
Script: Quarantine, Delete, BC delete F77BF000 007000 (28672) MusicMatch Access Layer KMD Copyright © 2000 MusicMatch, Inc.
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071127.002\NAVENG.SYS
Script: Quarantine, Delete, BC delete EF258000 013000 (77824) AV Engine Copyright © 1991-2007 Symantec Corporation.
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071127.002\NAVEX15.SYS
Script: Quarantine, Delete, BC delete EF26B000 0D2000 (860160) AV Engine Copyright © 1991-2007 Symantec Corporation.
\??\C:\Nexon\MapleStory\npkcrypt.sys
Script: Quarantine, Delete, BC delete F778F000 006000 (24576) nProtect KeyCrypt Driver Copyright © INCA Internet. 2000-2006
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Script: Quarantine, Delete, BC delete F785F000 007000 (28672) SASDIFSV Copyright © 2006
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Script: Quarantine, Delete, BC delete F75F7000 00C000 (49152) SASKUTIL.SYS Copyright © 2006
\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Script: Quarantine, Delete, BC delete F4BB2000 069000 (430080) SPBBC Driver Copyright © 2004-2007 Symantec Corporation. All rights reserved.
\SystemRoot\System32\Drivers\SRTSP.SYS
Script: Quarantine, Delete, BC delete EF33D000 049000 (299008) Symantec AutoProtect Copyright © 2006 - 2007 Symantec Corporation
\SystemRoot\System32\Drivers\SRTSPX.SYS
Script: Quarantine, Delete, BC delete F75C7000 00A000 (40960) Symantec AutoProtect Copyright © 2006 - 2007 Symantec Corporation
\SystemRoot\system32\drivers\sscdbhk5.sys
Script: Quarantine, Delete, BC delete F79AB000 002000 (8192) Shared Driver Component Copyright © VERITAS Software, Inc.
\SystemRoot\system32\drivers\ssrtln.sys
Script: Quarantine, Delete, BC delete F7827000 006000 (24576) Shared Driver Component Copyright © VERITAS Software, Inc.
\SystemRoot\System32\Drivers\SYMDNS.SYS
Script: Quarantine, Delete, BC delete F79E9000 002000 (8192) DNS Filter Driver Copyright 2002 - 2007 Symantec Corporation
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Script: Quarantine, Delete, BC delete F4C65000 025000 (151552) Symantec Event Library Copyright © Symantec Corporation 1992-2007
\SystemRoot\System32\Drivers\SYMFW.SYS
Script: Quarantine, Delete, BC delete EFD33000 022000 (139264) Firewall Filter Driver Copyright 2002 - 2007 Symantec Corporation
\SystemRoot\System32\Drivers\SYMIDS.SYS
Script: Quarantine, Delete, BC delete F00BC000 009000 (36864) IDS Filter Driver Copyright 2002 - 2007 Symantec Corporation
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20071122.001\SymIDSCo.sys
Script: Quarantine, Delete, BC delete EFD08000 02B000 (176128) IDS Core Driver Copyright © 2006-2007 Symantec Corporation
\SystemRoot\System32\Drivers\SYMNDIS.SYS
Script: Quarantine, Delete, BC delete F775F000 007000 (28672) NDIS Filter Driver Copyright 2002 - 2007 Symantec Corporation
\SystemRoot\System32\Drivers\SYMREDRV.SYS
Script: Quarantine, Delete, BC delete F7757000 006000 (24576) Redirector Filter Driver Copyright 2002 - 2007 Symantec Corporation
\SystemRoot\System32\Drivers\SYMTDI.SYS
Script: Quarantine, Delete, BC delete F4C8A000 02E000 (188416) Network Dispatch Driver Copyright 2002 - 2007 Symantec Corporation
\SystemRoot\system32\dla\tfsnboio.sys
Script: Quarantine, Delete, BC delete F788F000 006000 (24576) Direct Access Component Copyright © VERITAS Software, Inc.
\SystemRoot\system32\dla\tfsncofs.sys
Script: Quarantine, Delete, BC delete F702E000 009000 (36864) Direct Access Component Copyright © VERITAS Software, Inc.
\SystemRoot\system32\dla\tfsndrct.sys
Script: Quarantine, Delete, BC delete F7B23000 001000 (4096) Direct Access Component Copyright © VERITAS Software, Inc.
\SystemRoot\system32\dla\tfsndres.sys
Script: Quarantine, Delete, BC delete F7B22000 001000 (4096) Direct Access Component Copyright © VERITAS Software, Inc.
\SystemRoot\system32\dla\tfsnifs.sys
Script: Quarantine, Delete, BC delete F7607000 00E000 (57344) Direct Access Component Copyright © VERITAS Software, Inc.
\SystemRoot\system32\dla\tfsnopio.sys
Script: Quarantine, Delete, BC delete F4E73000 004000 (16384) Direct Access Component Copyright © VERITAS Software, Inc.
\SystemRoot\system32\dla\tfsnpool.sys
Script: Quarantine, Delete, BC delete F79CB000 002000 (8192) Direct Access Component Copyright © VERITAS Software, Inc.
\SystemRoot\system32\dla\tfsnudf.sys
Script: Quarantine, Delete, BC delete EFEFD000 017000 (94208) Direct Access Component Copyright © VERITAS Software, Inc.
\SystemRoot\system32\dla\tfsnudfa.sys
Script: Quarantine, Delete, BC delete EFEE5000 018000 (98304) Direct Access Component Copyright © VERITAS Software, Inc.
Modules detected - 163, recognized as trusted - 122
Services

Service Description Status File Group Dependencies
Automatic LiveUpdate Scheduler Automatic LiveUpdate Scheduler Running "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Script: Quarantine, Delete, BC delete RPCSS
ccEvtMgr Symantec Event Manager Running "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Script: Quarantine, Delete, BC delete Symantec Core Services RPCSS
ccSetMgr Symantec Settings Manager Running "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Script: Quarantine, Delete, BC delete Symantec Core Services RPCSS
CLTNetCnService Symantec Lic NetConnect service Running "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Script: Quarantine, Delete, BC delete
NetCfgSvr Network Configuration Service Running C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
Script: Quarantine, Delete, BC delete RPCSS
sdAuxService PC Tools Auxiliary Service Running C:\Program Files\Spyware Doctor\svcntaux.exe
Script: Quarantine, Delete, BC delete
sdCoreService PC Tools Security Service Running C:\Program Files\Spyware Doctor\swdsvc.exe
Script: Quarantine, Delete, BC delete
Symantec Core LC Symantec Core LC Running "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
Script: Quarantine, Delete, BC delete Symantec Services RPCSS
Detected - 50, recognized as trusted - 42
Drivers

Service Description Status File Group Dependencies
drvmcdb drvmcdb Running \SystemRoot\system32\drivers\drvmcdb.sys
Script: Quarantine, Delete, BC delete Filter
drvnddm drvnddm Running system32\drivers\drvnddm.sys
Script: Quarantine, Delete, BC delete Filter
eeCtrl Symantec Eraser Control driver Running \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Script: Quarantine, Delete, BC delete FltMgr
EraserUtilRebootDrv EraserUtilRebootDrv Running \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Script: Quarantine, Delete, BC delete
GEARAspiWDM GEARAspiWDM Running System32\Drivers\GEARAspiWDM.sys
Script: Quarantine, Delete, BC delete
IKFileSec File Security Driver Running \SystemRoot\system32\drivers\ikfilesec.sys
Script: Quarantine, Delete, BC delete FSFilter Anti-Virus FltMgr
IKSysFlt System Filter Driver Running system32\drivers\iksysflt.sys
Script: Quarantine, Delete, BC delete Boot Bus Extender
IKSysSec System Security Driver Running system32\drivers\iksyssec.sys
Script: Quarantine, Delete, BC delete Boot Bus Extender IKSysFlt
MCSTRM MCSTRM Running MCSTRM.sys
Script: Quarantine, Delete, BC delete MCSTRM
MxlW2k MxlW2k Running MxlW2k.sys
Script: Quarantine, Delete, BC delete Filter
NAVENG NAVENG Running \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071127.002\NAVENG.SYS
Script: Quarantine, Delete, BC delete
NAVEX15 NAVEX15 Running \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071127.002\NAVEX15.SYS
Script: Quarantine, Delete, BC delete
npkcrypt npkcrypt Running \??\C:\Nexon\MapleStory\npkcrypt.sys
Script: Quarantine, Delete, BC delete Keyboard
SASDIFSV SASDIFSV Running \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Script: Quarantine, Delete, BC delete
SASKUTIL SASKUTIL Running \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Script: Quarantine, Delete, BC delete
SPBBCDrv SPBBCDrv Running \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Script: Quarantine, Delete, BC delete
SRTSP SRTSP Running System32\Drivers\SRTSP.SYS
Script: Quarantine, Delete, BC delete FSFilter Anti-Virus SRTSPX
SRTSPX SRTSPX Running System32\Drivers\SRTSPX.SYS
Script: Quarantine, Delete, BC delete
sscdbhk5 sscdbhk5 Running system32\drivers\sscdbhk5.sys
Script: Quarantine, Delete, BC delete Filter
ssrtln ssrtln Running system32\drivers\ssrtln.sys
Script: Quarantine, Delete, BC delete Base
SYMDNS SYMDNS Running \SystemRoot\System32\Drivers\SYMDNS.SYS
Script: Quarantine, Delete, BC delete
SymEvent SymEvent Running \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Script: Quarantine, Delete, BC delete
SYMFW SYMFW Running \SystemRoot\System32\Drivers\SYMFW.SYS
Script: Quarantine, Delete, BC delete
SYMIDS SYMIDS Running \SystemRoot\System32\Drivers\SYMIDS.SYS
Script: Quarantine, Delete, BC delete
SYMIDSCO SYMIDSCO Running \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20071122.001\SymIDSCo.sys
Script: Quarantine, Delete, BC delete
SYMNDIS SYMNDIS Running \SystemRoot\System32\Drivers\SYMNDIS.SYS
Script: Quarantine, Delete, BC delete SymTDI
SYMREDRV SYMREDRV Running \SystemRoot\System32\Drivers\SYMREDRV.SYS
Script: Quarantine, Delete, BC delete
SYMTDI SYMTDI Running \SystemRoot\System32\Drivers\SYMTDI.SYS
Script: Quarantine, Delete, BC delete PNP_TDI Tcpip
tfsnboio tfsnboio Running system32\dla\tfsnboio.sys
Script: Quarantine, Delete, BC delete File system
tfsncofs tfsncofs Running system32\dla\tfsncofs.sys
Script: Quarantine, Delete, BC delete File system
tfsndrct tfsndrct Running system32\dla\tfsndrct.sys
Script: Quarantine, Delete, BC delete File system
tfsndres tfsndres Running system32\dla\tfsndres.sys
Script: Quarantine, Delete, BC delete Base
tfsnifs tfsnifs Running system32\dla\tfsnifs.sys
Script: Quarantine, Delete, BC delete Base
tfsnopio tfsnopio Running system32\dla\tfsnopio.sys
Script: Quarantine, Delete, BC delete Base
tfsnpool tfsnpool Running system32\dla\tfsnpool.sys
Script: Quarantine, Delete, BC delete Base
tfsnudf tfsnudf Running system32\dla\tfsnudf.sys
Script: Quarantine, Delete, BC delete File system
tfsnudfa tfsnudfa Running system32\dla\tfsnudfa.sys
Script: Quarantine, Delete, BC delete File system
Detected - 134, recognized as trusted - 97
Autoruns

File name Status Startup method Description
C:\Program Files\AIM\aim.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, AIM
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, ccApp
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, PC Pitstop Optimize Scheduler
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon, DLLName
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, SUPERAntiSpyware
C:\Program Files\Spyware Doctor\SDTrayApp.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SDTray
WgaLogon.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon, DLLName
appmgmts.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}, DLLName
Autoruns items detected - 51, recognized as trusted - 42
Internet Explorer extension modules (BHOs, Toolbars ...)

File name Type Description Manufacturer CLSID
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
Script: Quarantine, Delete, BC delete BHO NcoBHO Copyright © 2007 Symantec Corporation. All rights reserved. {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL
Script: Quarantine, Delete, BC delete BHO Comcast Toolbar {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL
Script: Quarantine, Delete, BC delete Toolbar Comcast Toolbar {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
Script: Quarantine, Delete, BC delete Toolbar UIBhoImpl Copyright © 2007 Symantec Corporation. All rights reserved. {90222687-F593-4738-B738-FBEE9C7B26DF}
C:\Program Files\AIM\aim.exe
Script: Quarantine, Delete, BC delete Extension module AOL Instant Messenger Copyright © 1996-2006 America Online, Inc. {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
Elements detected - 6, recognized as trusted - 1
Windows Explorer extension modules

File name Destination Description Manufacturer CLSID
deskpan.dll
Script: Quarantine, Delete, BC delete Display Panning CPL Extension {42071714-76d4-11d1-8b24-00a0c9068ff3}
Shell extensions for file compression {764BF0E1-F219-11ce-972D-00AA00A14F56}
Encryption Context Menu {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Media Band {32683183-48a0-441b-a342-7c2a440a9478}
User Accounts {7A9D77BD-5403-11d2-8785-2E0420524153}
C:\WINDOWS\system32\dla\tfswshx.dll
Script: Quarantine, Delete, BC delete DriveLetterAccess Direct Access Component Copyright © VERITAS Software, Inc. {5CA3D70E-1895-11CF-8E15-001234567890}
C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
Script: Quarantine, Delete, BC delete LDVP Shell Extensions Symantec AntiVirus Copyright 1991 - 2004 Symantec Corporation. All rights reserved. {BDA77241-42F6-11d0-85E2-00AA001FE28C}
C:\Program Files\iTunes\iTunesMiniPlayer.dll
Script: Quarantine, Delete, BC delete iTunes iTunes Mini Player DLL © 2003-2007 Apple Inc. All Rights Reserved. {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll
Script: Quarantine, Delete, BC delete KodakShellExtension Shell Extension Resource DLL Copyright © Eastman Kodak Company 2001-2005 {acb4a560-3606-11d3-aef4-00104bd0f92d}
{FE7D38F4-C665-4315-944C-0DB227D96E25}
{9E7A680E-755B-43B0-86BF-AD4E3337A690}
{321C91F8-7C5F-4B4E-9A93-CC7F358EDED3}
{F23CBD90-40CA-4A89-B6EA-C82848B3CD6C}
{8D5FAB8E-0DBA-4478-A2E6-C0CF93F57544}
{42C0D06C-E49B-46B1-9114-56459901346E}
{E6B52BBE-16A2-468E-867C-E9C7968F52C1}
{0FFA8EBD-46F2-492D-A053-6F0284C0EC51}
{17F94835-80D1-4B5C-81F3-F238036A57F9}
{066179EB-9737-4F80-A3FA-45AB3ED0535B}
{7961BEA7-AE69-4895-B4E3-E16D8A82B80B}
{491F7AE8-35DF-4449-BAF2-9FA6E0083FD0}
{09F3080C-5F4E-4BD2-BB00-95D6245F9547}
{403DA295-4E2E-4245-84EB-B3EBB1B9D84D}
{E6BA72EE-1913-406E-89C5-EC99DD351E2E}
{E94A3540-BED2-4FA2-84DB-001DB4254FDA}
{51FDAAA8-C780-4C9E-8293-50B874C15962}
{67DD0A3C-7A09-474B-91F8-520FE9128EAE}
{1268DC01-D679-4ECB-88A4-CDDDC82024FC}
{2600501D-60BA-41CA-B4F1-4B939655837C}
{B3429ECB-5864-4028-9DFC-16763C866EDC}
{A667EEDA-E331-412D-B4DF-3C16E0D9C6B8}
{CEBAF562-895E-47EA-9D05-835E09940D6B}
{3E428084-25B7-4FA7-A06B-AFB401290432}
{9C1B0EC0-56DB-4016-A06A-295E36A72F1F}
{52C2840C-916C-460D-BC7D-FCF0801A8FE2}
{61873B20-AA18-4E63-8F4A-1B8BFEA24224}
{99B16999-9C25-45E1-A851-4157B4FB464D}
C:\WINDOWS\system32\mscoree.dll
Script: Quarantine, Delete, BC delete Fusion Cache Microsoft .NET Runtime Execution Engine © Microsoft Corporation. All rights reserved. {1D2680C9-0E2A-469d-B787-065558BC7D43}
Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Elements detected - 214, recognized as trusted - 174
Print extension modules (print monitors, providers)

File name Type Name Description Manufacturer
Elements detected - 9, recognized as trusted - 9
Task Scheduler jobs

File name Job name Job status Description Manufacturer
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Script: Quarantine, Delete, BC delete AppleSoftwareUpdate.job The task is ready to run at its next scheduled time. Software Application Copyright © 2006
C:\Program Files\RegCure\RegCure.exe
Script: Quarantine, Delete, BC delete RegCure Program Check.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006
C:\Program Files\RegCure\RegCure.exe
Script: Quarantine, Delete, BC delete RegCure.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006
C:\Program Files\SpywareBot\SpywareBot.exe
Script: Quarantine, Delete, BC delete SpywareBot Scheduled Scan.job The task is ready to run at its next scheduled time.
Elements detected - 4, recognized as trusted - 0
SPI/LSP settings

Namespace providers (NSP)
Manufacturer Status EXE file Description GUID
Detected - 3, recognized as trusted - 3
Transport protocols providers (TSP, LSP)
Manufacturer EXE file Description
Detected - 13, recognized as trusted - 13
Automatic SPI settings check results
LSP settings checked. No errors detected
TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 53300 [1064] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete
445 LISTENING 0.0.0.0 8200 [4] System
Script: Quarantine, Delete, BC delete
1026 LISTENING 0.0.0.0 38990 [2172] c:\windows\system32\alg.exe
Script: Quarantine, Delete, BC delete
UDP ports
123 LISTENING -- -- [1104] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete
Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Microsoft XML Parser for Java
C:\WINDOWS\system32\macromed\Director\SwDir.dll
Script: Quarantine, Delete, BC delete Shockwave ActiveX Control Copyright © 1985-2006 Adobe Systems, Inc. {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab
C:\WINDOWS\system32\LegitCheckControl.DLL
Script: Quarantine, Delete, BC delete Windows Genuine Advantage Validation © 1995-2006 Microsoft Corporation {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
{215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/download...ne_Inst_Win.cab
C:\WINDOWS\cpbrkpie.ocx
Script: Quarantine, Delete, BC delete cpbrkpie ActiveX Control Module Copyright © 1999-2005, Coupons Inc. {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab
{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
{D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
Elements detected - 11, recognized as trusted - 3
Control Panel Applets (CPL)

File name Description Manufacturer
Elements detected - 29, recognized as trusted - 29
Active Setup

File name Description Manufacturer CLSID
C:\WINDOWS\system32\ieudinit.exe
Script: Quarantine, Delete, BC delete IE Per User Active Setup Uninstall Utility © Microsoft Corporation. All rights reserved. <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
Elements detected - 15, recognized as trusted - 14
HOSTS file

Hosts file record
Protocols and handlers

File name Type Description Manufacturer CLSID
C:\WINDOWS\system32\mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
Script: Quarantine, Delete, BC delete Handler Belarc VoilaX Control (Belarc Pluggable Protocol) Copyright © 1997-2005 Belarc, Inc. {6318E0AB-2E93-11D1-B8ED-00608CC9A71F}
Elements detected - 34, recognized as trusted - 30


Script commands:

Add commands to script:
Blocking hooks using anti-rootkit
Enable AVZGuard
BootCleaner - import deleted file list
Registry cleanup after deleting files
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from the registry
File list:
Go to the top of the page
 
+Quote Post
Essexboy
post Dec 1 2007, 01:07 PM
Post #21


GeekU Moderator
Group Icon
Posts: 19,163
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
If you look within this folder C:\avz4en\avz4en\LOG you should find virusinfo_syscheck.htm could you attach that please as posting the text makes it very difficult to read smile.gif
Go to the top of the page
 
+Quote Post
DanZaMan4251
post Dec 1 2007, 01:28 PM
Post #22


Member
**
Posts: 36
OS: Mac OS X, Vista
the task bar restore did seem to do anthing
Go to the top of the page
 
+Quote Post
DanZaMan4251
post Dec 1 2007, 01:29 PM
Post #23


Member
**
Posts: 36
OS: Mac OS X, Vista
Upload failed. The file was larger than the available space
what should I do
Go to the top of the page
 
+Quote Post
Essexboy
post Dec 1 2007, 01:45 PM
Post #24


GeekU Moderator
Group Icon
Posts: 19,163
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
There should be a zip version in the same location try to upload that it should be less than 30kb
Go to the top of the page
 
+Quote Post
Essexboy
post Dec 1 2007, 01:55 PM
Post #25


GeekU Moderator
Group Icon
Posts: 19,163
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
I am actually starting to run out of options on restoring the task bar - but have you tried this
QUOTE
What you have to do is get the Taskbar back into view by pressing the Ctrl and the Esc keys at once. This brings up the Start Menu. You can then press the Esc key by itself to close the Start Menu, but the Taskbar should still be visible.
Go to the top of the page
 
+Quote Post
DanZaMan4251
post Dec 1 2007, 03:09 PM
Post #26


Member
**
Posts: 36
OS: Mac OS X, Vista
I can't find the folder
Go to the top of the page
 
+Quote Post
Essexboy
post Dec 1 2007, 03:30 PM
Post #27


GeekU Moderator
Group Icon
Posts: 19,163
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
It will be within the folder that you extracted the programme to (default desktop) Failing that could you run it again
  1. Download avz4en.zip from here
  2. Save it to your desktop and unzip it to a folder on your desktop
  3. Double click on AVZ.exe to run it.
  4. Choose from the menu "File" => "System Investigation"
  5. Close all windows except for AVZ
  6. Click on "Start" and save the report to your desktop.
  7. Let the scan run and click "No" on the right when it asks you if you want to view it.
  8. Upload the report you saved on your desktop onto this site in your next reply.
Did you try Control+escape to find your taskbar

Here is my latest run on the programme - when you attach the file in the file drop down box select html [attachment=16918:avz_sysinfo.htm]
Go to the top of the page
 
+Quote Post
Essexboy
post Dec 2 2007, 06:40 AM
Post #28


GeekU Moderator
Group Icon
Posts: 19,163
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
I believe the cavalry here at G2G may have found a solution for me

I would like you to download the attached zip file below, and unzip it to your C:\drive

[attachment=16928:FixShell.zip]

Locate the file FixShell.cmd and double click it to run the script. A cmd window will open, then close after a short while.


For the next part of the fix, you will need to have your original Windows disk ready as you may be asked to insert it.

Open Windows Task Manager again, and click New Task... again,

Type in sfc /scannow (Note the space between sfc and the slash)

Hit OK.

This will now check the integrity of all your windows system files and if required install new ones from your windows disk.

When all is complete, reboot your computer and let me know if you have your desktop icons and taskbar back again.
Go to the top of the page
 
+Quote Post
DanZaMan4251
post Dec 2 2007, 10:23 AM
Post #29


Member
**
Posts: 36
OS: Mac OS X, Vista
QUOTE(Essexboy @ Dec 2 2007, 06:40 AM) *
For the next part of the fix, you will need to have your original Windows disk ready as you may be asked to insert it.



I don't have the original disk because it is a HP and they don't come with back-up disks
Go to the top of the page
 
+Quote Post
Essexboy
post Dec 2 2007, 10:25 AM
Post #30


GeekU Moderator
Group Icon
Posts: 19,163
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
OK you will need to point it at the i386 folder on your recovery partition when asked for
Go to the top of the page
 
+Quote Post
 

3 Pages V  < 1 2 3 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Collapse

> Similar Topics

    Topic Title Replies / Views Topic Information
No New Posts   2 / 389 25th September 2005 - 08:49 AM
lugu07 started - last by Buckeye_Sam
No New Posts   0 / 295 14th November 2005 - 12:34 PM
Bigglesbutcha started - last by Bigglesbutcha
No New Posts 0 / 641 13th November 2007 - 03:06 AM
rengganis started - last by rengganis
No new   24 / 1,323 10th June 2008 - 06:43 AM
dressydoll started - last by sage5

RSS Time is now: 21st November 2009 - 07:12 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.