Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

What is winjvd32.dll (file missing) mean?

Started by baby_blue_6_4 , Sep 03 2006 08:59 PM

Please log in to reply

#1
baby_blue_6_4

Posted 03 September 2006 - 08:59 PM

Member

Member
13 posts

ok i ran hijack this and got a log but the only thing that i noticed was the line that said O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing) so i did a search for the file name and it brought me to this site. i keep having a slight issue with my msconfig poping up when i start windows xp home edition saying that it was been changed and some c++ error message appears before the msconfig thing pops up. at one point the startup was selected at selective with only load system services,load startup items, and use original boot .ini so i selected normal startup and restarted. i looked now and it's still says selective startup but all of the boxes are checked. i hadn't noticed that there was a problem until i couldn't connect to the internet or even make a new connection. also while looking in my startup menu in msconfig i noticed that there is a blank entry with the location of HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run there is no filename or location as to where it is running from. i have installed pc bug doctor, ad-aware se professional/ad watch se professional, norton system works, xoftspy, spyware terminator, spybot search and destroy. i'm running the free scan from pandasoftware right now and it says it found 3 spyware files so far but i have a ton more files to scan, so i can post the findings when i get them, along with a hijack log after i try to run all that i have installed. i just wanted to know what that file is for. thanks for the help.

(edit: ok here is the scan results for the panda: spyware cookies- YieldManager,Com.com, and Toplist.)
(edit: ok here is what spyware terminator found: (note all the said failed to delete i manually deleted)
Scan Progress (Full Scan)
Start time: 9/7/2006 4:21:09 AM

Processes Scanning
PowerProfile : C:\WINDOWS\SYSTEM32\POWRPROF.DLL
Wextract : C:\WINDOWS\SYSTEM32\ADVPACK.DLL
NVIEW : C:\WINDOWS\SYSTEM32\NVIEW.DLL
ezShieldProtector : C:\WINDOWS\SYSTEM32\EZSP_PX.EXE
CtHelper : C:\WINDOWS\CTHELPER.EXE
Explorer : C:\WINDOWS\EXPLORER.EXE
Shdocvw : C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
NvCplDaemon : C:\WINDOWS\SYSTEM32\NVCPL.DLL
SSJava : C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
Startup Scanning
WindowFX : C:\PROGRAM FILES\STARDOCK\OBJECT DESKTOP\WINDOWFX\WFXLOAD.EXE
SsAAD.exe : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SsAAD.exe
SsAAD.exe : C:\Program Files\Sony\SonicStage\SSAAD.exe
NBJ : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NBJ
NBJ : C:\PROGRAM FILES\AHEAD\NERO BACKITUP\NBJ.EXE
CursorXP : C:\PROGRAM FILES\STARDOCK\CURSOR XP\CURSORXP.EXE
Creative Detector : D:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
AWMON : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AWMON
AWMON : C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
Hide IP Platinum : D:\PROGRAM FILES\HIDE IP PLATINUM\HIDEIPPLA.EXE
ezShieldProtector : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ezShieldProtector for Px
ezShieldProtector : C:\WINDOWS\SYSTEM32\EZSP_PX.EXE
NvCplDaemon : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NvCplDaemon
NvCplDaemon : C:\WINDOWS\SYSTEM32\NVCPL.DLL
WD Button Manager : C:\WINDOWS\system32\WDBTNMGR.EXE
UpdReg : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdReg
UpdReg : C:\WINDOWS\UPDREG.EXE
RealSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TkBellExe
RealSched : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
SBDrvDet : C:\PROGRAM FILES\CREATIVE\SB DRIVE DET\SBDRVDET.EXE
NvMixerTray : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NvMediaCenter
NvMixerTray : C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL
NeroFilterCheck : C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NEROCHECK.EXE
LogonStudio : C:\PROGRAM FILES\STARDOCK\LOGONSTUDIO\LOGONSTUDIO.EXE
CTSysVol : C:\PROGRAM FILES\CREATIVE\SBAUDIGY2ZS\SURROUND MIXER\CTSYSVOL.EXE
CtHelper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CTHelper
CtHelper : C:\WINDOWS\CTHELPER.EXE
CTDVDDET : C:\PROGRAM FILES\CREATIVE\SBAUDIGY2ZS\DVDAUDIO\CTDVDDET.EXE
SymantecAntivirus : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccApp
SymantecAntivirus : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
ZTgServerSwitch : C:\PROGRAM FILES\SUPPORT.COM\CLIENT\LSERVER\SERVER.VBS
BootSkin Startup Jobs : C:\PROGRAM FILES\STARDOCK\BOOTSKIN\BOOTSKIN.EXE
SunJavaUpdateSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched
SunJavaUpdateSched : C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE
Invalid Startup Items : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tcmonitor=D:\Program Files\The Cleaner\tcm.exe
MSConfig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MSConfig
MSConfig : C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.EXE
QuickTimeTask : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QuickTime Task
QuickTimeTask : C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
Nwiz : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nwiz
Nwiz : C:\WINDOWS\system32\NWIZ.EXE
AppInit_DLLs : C:\WINDOWS\system32\WBSYS.DLL
Explorer : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
Explorer : C:\WINDOWS\EXPLORER.EXE
Toolbars Scanning
Norton AntiVirus ( Toolbar ) : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {C4069E3A-68F1-403E-B40E-20066696354B}
Norton AntiVirus ( Toolbar ) : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVSHEXT.DLL
CNisExt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
CNisExt : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ADBLOCKING\NISSHEXT.DLL
Flashget : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {E0E899AB-F487-11D5-8D29-0050BA6940E3}
Shdocvw : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
Shdocvw : C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
Shdocvw : explorer.exe PID: 2932
Shdocvw : NMain.exe PID: 3468
Shdocvw : winamp.exe PID: 2284
Shdocvw : SpywareTerminator.Exe PID: 2248
Shdocvw : NAVW32.EXE PID: 844
Shdocvw : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11D0-B416-00C04FB90376}
Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Browser Helper Objects Scanning
Spybot S&D : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
SSJava : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSJava : C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
SSJava : explorer.exe PID: 2932
CNisExt : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNavExtBho Class ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class ( BHO ) : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVSHEXT.DLL
IE Explorer Bars
IE Extensions
Services Scanning
ccEvtMgr : HKLM\SYSTEM\CurrentControlSet\Services\ccEvtMgr
Protocol filters Scanning
Protocol handlers Scanning
WinSock2 Scanning
Uninstallers Scanning
D:\PROGRAM FILES\ABISOFT\CODER\UNINSTAL.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\UNWISE.EXE
C:\WINDOWS\ISUNINST.EXE
C:\WINDOWS\system32\MSIEXEC.EXE
C:\PROGRAM FILES\COMMON FILES\ADOBE\SVG VIEWER 3.0\UNINSTALL\WINSTALL.EXE
C:\PROGRAM FILES\ANARK\CLIENT\AMINSTAL.EXE
D:\PROGRAM FILES\RED STORM ENTERTAINMENT\RAVENSHIELD\TEMPLEUNINSTALL.EXE
D:\PROGRAM FILES\AUDACITY\UNINS000.EXE
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
D:\PROGRAM FILES\AVI CODEC PACK\UNINSTALL.EXE
D:\PROGRAM FILES\BAYGENIE\UNINS000.EXE
C:\Program Files\Stardock\BootSkin\UNWISE.EXE
C:\PROGRAM FILES\STARDOCK\CURSOR XP\CURXPUTIL.EXE
D:\PROGRAM FILES\LAVALYS\EVEREST HOME EDITION\UNINS000.EXE
C:\WINDOWS\EXPSTUDIO AUDIO EDITOR FREE 3.96 UNINSTALLER.EXE
C:\PROGRAM FILES\FILEPLANET\DOWNLOAD MANAGER\UNINST.EXE
D:\PROGRAM FILES\FOLDER LOCK\UNINSTALL.EXE
D:\PROGRAM FILES\HIDE IP PLATINUM\UNINS000.EXE
J:\2\HIJACKTHIS.EXE
C:\Program Files\Stardock\Object Desktop\IconPackager\ICONPACKAGER.EXE
C:\PROGRAM FILES\ICQLITE\ICQLITEUNINSTALL.EXE
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe
C:\PROGRAM FILES\INTERACTUAL\INTERACTUAL PLAYER\INUNINST.EXE
C:\PROGRAM FILES\KAZAA LITE K++\UNINS000.EXE
C:\WINDOWS\$NTUNINSTALLKB834707$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB867282$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\MUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB873333$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB873339$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB883939$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB885250$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB885835$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB885836$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB886185$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB887472$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB887742$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB888113$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB888302$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890046$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890047$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890175$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890859$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890923$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB891781$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB893066$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB893086$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB893756$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$MSI31UNINSTALL_KB893803$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$MSI31UNINSTALL_KB893803V2$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB894391$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896344$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896358$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896422$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896423$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896424$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896428$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896688$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896727$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB898458$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB898461$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899587$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899588$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899591$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB900485$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB900725$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB901017$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB901214$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB902400$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB903235$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB904706$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905414$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905749$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905915$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB908519$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB908531$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB910437$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911280$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911562$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911564$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911565$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911567$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911927$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB912812$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB912919$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB913446$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB913580$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB914388$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB914389$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB916281$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB916595$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917159$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917344$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917422$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917734_WMP10$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917953$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB918439$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB918899$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920214$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920670$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920683$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB921398$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB921883$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB922616$\SPUNINST\SPUNINST.EXE
D:\PROGRAM FILES\KC SOFTWARES\VIDEOINSPECTOR\UNINS000.EXE
C:\PROGRAM FILES\K-LITE CODEC PACK\UNINS000.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LSETUP.EXE
C:\Program Files\Stardock\LogonStudio\UNWISE.EXE
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\UPDATES\HOTFIX.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
C:\PROGRAM FILES\NERO\NERO 7\NERO\UNINSTALL\UNNERO.EXE
C:\WINDOWS\UNNEROBACKITUP.EXE
C:\WINDOWS\UNNEROMEDIAHOME.EXE
C:\WINDOWS\UNRECODE.EXE
C:\WINDOWS\UNNEROSHOWTIME.EXE
C:\WINDOWS\UNNEROVISION.EXE
C:\WINDOWS\SYSTEM32\NVUDISP.EXE
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\OPENMG\HOTFIXES\HOTFIX4.5-06-05-12-01\HOTFIXSETUP\SETUP.EXE
C:\PROGRAM FILES\POWERSTRIP\UNINSTAL.EXE
C:\PROGRAM FILES\PCBUGDOCTOR\UNINS000.EXE
C:\WINDOWS\system32\SETUPAPI.DLL
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\R1PUNINST.EXE
D:\PROGRAM FILES\REGION CENSUS\UNINS000.EXE
D:\PROGRAM FILES\RED STORM ENTERTAINMENT\RAVENSHIELD\UNRESCUE_THE_PRESIDENT.EXE
D:\PROGRAM FILES\SC4TOOL\UNINSTAL.EXE
C:\PROGRAM FILES\SHAREAZA\UNINSTALL\UNINS000.EXE
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\UNINSTFL.EXE
D:\PROGRAM FILES\SIMCITY 4 STARTUP MANAGER\UNINSTAL.EXE
C:\PROGRAM FILES\CREATIVE\SBAUDIGY2ZS\PROGRAM\SETUP.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\UNINS000.EXE
D:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
C:\Program Files\Stardock\SDCentral\UNWISE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMSETUP\{3BD0196C-6553-460C-A0C4-90D8AE5D60D2}.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMSETUP\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEMREQUIREMENTSLAB\UNINSTALL.EXE
C:\PROGRAM FILES\TABLET\REMOVE.EXE
D:\PROGRAM FILES\RED STORM ENTERTAINMENT\RAVENSHIELD\UNINSTALLTB.EXE
D:\PROGRAM FILES\ULTRA FRACTAL 3\UNINST.EXE
D:\PROGRAM FILES\UNLOCKER\UNINST.EXE
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGFIX.EXE
C:\PROGRAM FILES\WINAMP\UNINST-VIS_MILK.DLL.EXE
D:\PROGRAM FILES\VIDEOLAN\VLC\UNINSTALL.EXE
C:\PROGRAM FILES\WINAMP\UNINSTWA.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMSETSDK.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\SETUP_WM.EXE
C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\SPUNINST\SPUNINST.EXE
C:\PROGRAM FILES\WINRAR\UNINSTALL.EXE
D:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\XOFTSPY\UNINSTALL.EXE
C:\PROGRAM FILES\XVID\UNINSTXVID.EXE
C:\PROGRAM FILES\XVID\UNINST.EXE
C:\Program Files\Yahoo!\Messenger\UNWISE.EXE
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
C:\PROGRAM FILES\DIVX\DIVXCODECUNINSTALL.EXE
C:\PROGRAM FILES\DIVX\DIVXPLAYERUNINSTALL.EXE
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
D:\PROGRAM FILES\MAXIS\SIMCITY 4 DELUXE\EAUNINSTALL.EXE
C:\PROGRAM FILES\SONY\DOWNLOAD TAXI\UNINS000.EXE
Start Menu Scanning
RealTray : C:\Documents and Settings\Mike\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk
SynchronizationManager : C:\Documents and Settings\Mike\Start Menu\Programs\Accessories\Synchronize.lnk
Explorer : C:\Documents and Settings\Mike\Start Menu\Programs\Accessories\Windows Explorer.lnk
ICQ : C:\Documents and Settings\All Users\Start Menu\ICQ 5.lnk
Explorer : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk
Explorer : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk
ICQ : C:\Documents and Settings\All Users\Start Menu\Programs\ICQ 5\ICQ 5.lnk
AWMON : C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft Ad-Aware SE Professional\Ad-Watch SE Professional.lnk
RealTray : C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
RealTray : C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer.lnk
RealTray : C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
MessengerService : C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
Desktop Scanning
Favorites Scanning
Cookies Scanning
Affiliate tracking cookie : C:\Documents and Settings\Mike\cookies\mike@2o7[2].txt
Affiliate tracking cookie : C:\Documents and Settings\Mike\cookies\mike@amazon[1].txt
Affiliate tracking cookie : C:\Documents and Settings\Mike\cookies\mike@ebay[1].txt
Affiliate tracking cookie : C:\Documents and Settings\Mike\cookies\[email protected][2].txt
Affiliate tracking cookie : C:\Documents and Settings\Mike\cookies\mike@revsci[2].txt
Registry Scanning
AcroIEHelper : HKCR\\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHelper : C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
YahooToolbar : HKCR\\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
YahooToolbar : HKCR\\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
CNisExt : HKCR\\CLSID\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExt : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ADBLOCKING\NISSHEXT.DLL
MSDXM : HKCR\\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}
MSDXM : C:\WINDOWS\SYSTEM32\MSDXM.OCX
Spybot S&D : HKCR\\CLSID\{53707962-6F74-2D53-2644-206D7942484F}
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Flashget : HKCU\Software\JetCar
SSJava : HKCR\\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSJava : C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
SSJava : explorer.exe PID: 2932
Files Scanning
ICQ : C:\Program Files\ICQLite\ICQLite.exe
MessengerService : C:\Program Files\Messenger\msmsgs.exe
NvMixerTray : C:\WINDOWS\system32\NvMcTray.dll
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
QuickTimeTask : C:\Program Files\QuickTime\qttask.exe
NeroFilterCheck : C:\WINDOWS\system32\NeroCheck.exe
Nwiz : C:\WINDOWS\system32\nwiz.exe
NortonAntivirus : C:\Program Files\NORTON SYSTEMWORKS\CfgWiz.exe
MSConfig : C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
UpdReg : C:\WINDOWS\UpdReg.EXE
SynchronizationManager : C:\WINDOWS\system32\mobsync.exe
RealTray : C:\Program Files\Real\RealPlayer\RealPlay.exe
NBJ : C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
MSDXM : C:\WINDOWS\system32\msdxm.ocx
RealSched : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
StillImageMonitor : C:\WINDOWS\system32\STIMON.EXE
NvCplDaemon : C:\WINDOWS\system32\NvCpl.dll
GrpConv : C:\WINDOWS\system32\grpconv.exe
DiscDetector : C:\Program Files\Creative\ShareDLL\CtNotify.exe
MsgCenter : C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Wextract : C:\WINDOWS\system32\advpack.dll
KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe
Explorer : C:\WINDOWS\explorer.exe
BgMonitor : C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
PowerProfile : C:\WINDOWS\system32\powrprof.dll
BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl
Shdocvw : C:\WINDOWS\system32\shdocvw.dll
ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
NVIEW : C:\WINDOWS\system32\nview.dll
CtHelper : C:\WINDOWS\CTHELPER.EXE
ezShieldProtector : C:\WINDOWS\system32\ezSP_Px.exe
SsAAD.exe : C:\Program Files\Sony\SonicStage\SSAAD.exe
Verclsid : C:\WINDOWS\system32\verclsid.exe
Systray : C:\WINDOWS\system32\systray.exe
Preparing DeepFile Scan
DeepFiles Scanning
Exploit.WMF.A : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03585669
VB-105 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035B0066
Nebuler-1 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035E2A62
VB-105 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0372264C
Downloader.Zlob-483 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\037F4E3E
Advertmen-1 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F5B3D7B.tmp
VB-105 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11382F6E.tmp
Nebuler-1 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163C68C0
Nebuler-1 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\185A226B
Exploit.WMF.A : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F1C21EF.wmf
VB-105 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ACC65AD
Nebuler-1 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A874DA9
VB-105 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41DA13A1
Nebuler-1 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488B0419.EXE
Downloader.Zlob-483 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53D737E6
Klone-17 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\554D4359.tcf
Advertmen-1 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5597289E.tmp
Nebuler-1 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\591738F8
VB-105 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70202BFE.tmp
Downloader.Zlob-483 : C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78874876.tmp
AcroIEHelper : C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
NBJ : C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
BgMonitor : C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
MsgCenter : C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
RealSched : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
CNisExt : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Aavirus : C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060905.019\VIRSCAN9.DAT
Aavirus : C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060906.017\VIRSCAN9.DAT
Aavirus : C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
DiscDetector : C:\Program Files\Creative\ShareDLL\CTNotify.exe
ICQ : C:\Program Files\ICQLite\ICQLite.exe
SunJavaUpdateSched : C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
SSJava : C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
AWMON : C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
MessengerService : C:\Program Files\Messenger\msmsgs.exe
NortonAntivirus : C:\Program Files\Norton SystemWorks\CfgWiz.exe
QuickTimeTask : C:\Program Files\QuickTime\qttask.exe
RealTray : C:\Program Files\Real\RealPlayer\realplay.exe
SsAAD.exe : C:\Program Files\Sony\SonicStage\SSAAD.exe
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Aavirus : C:\RECYCLER\NPROTECT\00101109.DAT
Aavirus : C:\RECYCLER\NPROTECT\00101234.DAT
Aavirus : C:\RECYCLER\NPROTECT\00101690.DAT
CtHelper : C:\WINDOWS\CTHELPER.EXE
Explorer : C:\WINDOWS\explorer.exe
UpdReg : C:\WINDOWS\Updreg.EXE
MSConfig : C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
Wextract : C:\WINDOWS\system32\advpack.dll
BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe
ezShieldProtector : C:\WINDOWS\system32\ezSP_Px.exe
GrpConv : C:\WINDOWS\system32\grpconv.exe
SynchronizationManager : C:\WINDOWS\system32\mobsync.exe
MSDXM : C:\WINDOWS\system32\msdxm.ocx
NeroFilterCheck : C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon : C:\WINDOWS\system32\nvcpl.dll
NVIEW : C:\WINDOWS\system32\nview.dll
NvMixerTray : C:\WINDOWS\system32\nvmctray.dll
Nwiz : C:\WINDOWS\system32\nwiz.exe
PowerProfile : C:\WINDOWS\system32\powrprof.dll
Shdocvw : C:\WINDOWS\system32\shdocvw.dll
StillImageMonitor : C:\WINDOWS\system32\stimon.exe
Systray : C:\WINDOWS\system32\systray.exe
Verclsid : C:\WINDOWS\system32\verclsid.exe
Done

Scan Summary:

Total Scanning Time : 117571.20 s
Objects Scanned : 159,533
Objects Identified : 144
Objects Ignored : 0

Critical Objects : 32

Remove Process:

Preparing structures
Creating System Restore Point
Remove Aavirus
File selected for deletion does not exist: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060905.019\VIRSCAN9.DAT
Deleted File: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060906.017\VIRSCAN9.DAT
Deleted File: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060906.017\VIRSCAN9.DAT
File Deletion Failed: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060906.017\VIRSCAN9.DAT
Deleted File: C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
Deleted File: C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
File Deletion Failed: C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
Deleted File: C:\RECYCLER\NPROTECT\00101109.DAT
Deleted File: C:\RECYCLER\NPROTECT\00101234.DAT
Deleted File: C:\RECYCLER\NPROTECT\00101690.DAT
Remove Downloader.Zlob-483
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\037F4E3E
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\037F4E3E
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\037F4E3E
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53D737E6
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53D737E6
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53D737E6
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78874876.tmp
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78874876.tmp
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78874876.tmp
Remove Klone-17
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\554D4359.tcf
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\554D4359.tcf
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\554D4359.tcf
Remove Nebuler-1
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035E2A62
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035E2A62
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035E2A62
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163C68C0
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163C68C0
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163C68C0
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\185A226B
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\185A226B
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\185A226B
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A874DA9
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A874DA9
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A874DA9
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488B0419.EXE
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488B0419.EXE
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488B0419.EXE
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\591738F8
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\591738F8
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\591738F8
Remove VB-105
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035B0066
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035B0066
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035B0066
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0372264C
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0372264C
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0372264C
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11382F6E.tmp
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11382F6E.tmp
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11382F6E.tmp
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ACC65AD
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ACC65AD
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ACC65AD
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41DA13A1
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41DA13A1
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41DA13A1
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70202BFE.tmp
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70202BFE.tmp
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70202BFE.tmp
Remove Advertmen-1
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F5B3D7B.tmp
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F5B3D7B.tmp
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F5B3D7B.tmp
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5597289E.tmp
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5597289E.tmp
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5597289E.tmp
Remove Exploit.WMF.A
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03585669
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03585669
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03585669
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F1C21EF.wmf
Deleted File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F1C21EF.wmf
File Deletion Failed: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F1C21EF.wmf
Remove Affiliate tracking cookie
Deleted File: C:\Documents and Settings\Mike\cookies\mike@2o7[2].txt
Deleted File: C:\Documents and Settings\Mike\cookies\mike@amazon[1].txt
Deleted File: C:\Documents and Settings\Mike\cookies\mike@ebay[1].txt
Deleted File: C:\Documents and Settings\Mike\cookies\[email protected][2].txt
Deleted File: C:\Documents and Settings\Mike\cookies\mike@revsci[2].txt
Remove Invalid Startup Items
Deleted Registry : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tcmonitor=D:\Program Files\The Cleaner\tcm.exe
Closing System Restore Point

ad-aware log is attached.

ad_aware_log.txt 33.14KB 269 downloads
ok i tried to attach this log too but i guess it wouldn't let me so sorry for it being so long :whistling:

<?xml version = "1.0"?>
<Session START = "06 Sep 06 23:17:11" END = "07 Sep 06 02:18:04">
<Information Version = "4.22" DatabaseVersion = "199" DataBaseDate = "2006/09/06"/>
<Information OS = "Win XP"/>
<Information ServicePack = "Service Pack 2"/>
<Information WorkingDirectory = "C:\Program Files\XoftSpy\"/>
<Information Option = "AdvSpyware Scan" State = "ON"/>
<Information Option = "Scan IE Favorites" State = "ON"/>
<Information Option = "Scan Host Files" State = "ON"/>
<Information Option = "Scan Drives" State = "ON"/>
<Information Option = "Do Not Scan Executables" State = "OFF"/>
<Information Option = "Scan Registry" State = "ON"/>
<Information Option = "Scan Active Processes" State = "ON"/>
<Information Option = "Automatic Database Update" State = "OFF"/>
<Information Option = "Automatic Program Update" State = "OFF"/>
<Information Option = "Automatic Removal" State = "OFF"/>
<Information Option = "Exit When Finished" State = "OFF"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "WindowFX" Data = "C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe" MD5 = "c9950f35f14dcc7b7d807df7b8617023" Path = ""/>
<Information Value = "SsAAD.exe" Data = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" MD5 = "2bab8b0d01916094fbe32e1c2e24fe33" Path = ""/>
<Information Value = "NBJ" Data = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" MD5 = "a459e38e7c878a57b03280a000038764" Path = ""/>
<Information Value = "CursorXP" Data = "C:\Program Files\Stardock\Cursor XP\CursorXP.exe" MD5 = "732d43f38dfdb3b0ba33ea2bbaae3c10" Path = ""/>
<Information Value = "Creative Detector" Data = "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" MD5 = "c744293dfbe1a3347fec5dbfe3fd123e" Path = ""/>
<Information Value = "AWMON" Data = "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" MD5 = "107af2de3af10d6d09c1b36fe9ef9156" Path = ""/>
<Information Value = "Hide IP Platinum" Data = "D:\Program Files\Hide IP Platinum\hideippla.exe" MD5 = "32c1847949f2853feead080be4525379" Path = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "ezShieldProtector for Px" Data = "C:\WINDOWS\system32\ezSP_Px.exe" MD5 = "2849ed071a0d83406bda342aa767f24e" Path = ""/>
<Information Value = "NvCplDaemon" Data = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"/>
<Information Value = "WD Button Manager" Data = "WDBtnMgr.exe" MD5 = "926cf712448fea216deb1d30e708275c" Path = "C:\WINDOWS\system32\WDBtnMgr.exe"/>
<Information Value = "UpdReg" Data = "C:\WINDOWS\UpdReg.EXE" MD5 = "c419df63e0121d72411285780c2fc6cc" Path = ""/>
<Information Value = "TkBellExe" Data = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot" MD5 = "1ac2c58b587c70de64582ad41ee79fba" Path = ""/>
<Information Value = "SBDrvDet" Data = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r" MD5 = "90720864fc1c6fff46a9390564d9fead" Path = ""/>
<Information Value = "NvMediaCenter" Data = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"/>
<Information Value = "NeroFilterCheck" Data = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" MD5 = "c93ab037a8c792d5f8a1a9fc88a7c7c5" Path = ""/>
<Information Value = "LogonStudio" Data = "C:\Program Files\Stardock\LogonStudio\logonstudio.exe /RANDOM" MD5 = "e7937fc9392a6040336833d5282259fe" Path = ""/>
<Information Value = "CTSysVol" Data = "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r" MD5 = "e7d1d8179fe03e2bc569a92b56509414" Path = ""/>
<Information Value = "CTHelper" Data = "CTHELPER.EXE"/>
<Information Value = "CTDVDDET" Data = "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" MD5 = "db20fce248d269e1c396e70a91e587c8" Path = ""/>
<Information Value = "ccApp" Data = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" MD5 = "8500d5c1affd58e1c0a076689f8aa573" Path = ""/>
<Information Value = "ZTgServerSwitch" Data = "c:\program files\support.com\client\lserver\server.vbs" MD5 = "e58caf74a02c96135c8be235f7c861b5" Path = ""/>
<Information Value = "SpywareTerminator" Data = "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" MD5 = "ac8f395d009f3eaa68aed8f0916ebbc8" Path = ""/>
<Information Value = "BootSkin Startup Jobs" Data = "C:\Program Files\Stardock\BootSkin\bootskin.exe /StartupJobs" MD5 = "998492d3c53eef257308c016ac9dd825" Path = ""/>
<Information Value = "SunJavaUpdateSched" Data = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" MD5 = "61a3a9d5d98bf0331df5b716144a8100" Path = ""/>
<Information Value = "tcmonitor" Data = "D:\Program Files\The Cleaner\tcm.exe"/>
<Information Value = "MSConfig" Data = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" MD5 = "4fd22142f54692463a7b98b7de175573" Path = ""/>
<Information Value = "tcactive" Data = ""/>
<Information Value = "QuickTime Task" Data = "C:\Program Files\QuickTime\qttask.exe -atboottime" MD5 = "383145864f6543c97a7e1b78505d2f1c" Path = ""/>
<Information Value = "nwiz" Data = "nwiz.exe /install"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\RunOnce"/>
<Information Value = "ypagerps" Data = "cmd.exe /C del C:\Program Files\Yahoo!\Messenger\ypagerps.dll"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"/>
<Information Value = "Userinit" Data = "C:\WINDOWS\system32\userinit.exe,"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"/>
<Information Value = "Shell" Data = "Explorer.exe"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "load" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "AppInit_DLLs" Data = "wbsys.dll" MD5 = "18221b858dcbac906f7c30911b7630bc" Path = "C:\WINDOWS\system32\wbsys.dll"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"/>
<Information Value = "0aMCPClient" Data = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"/>
<Information Value = "PostBootReminder" Data = "{7849596a-48ea-486e-8937-a2a3009f31a9}"/>
<Information Value = "CDBurn" Data = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"/>
<Information Value = "WebCheck" Data = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"/>
<Information Value = "SysTray" Data = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"/>
<Information Value = "IconPackager Repair" Data = "{1799460C-0BC8-4865-B9DF-4A36CD703FF0}"/>
<Information Value = "UPnPMonitor" Data = "{e57ce738-33e8-4c51-8354-bb4de9d215d1}"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler"/>
<Information Value = "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" Data = "Browseui preloader"/>
<Information Value = "{8C7461EF-2B13-11d2-BE35-3078302C2030}" Data = "Component Categories cache daemon"/>
<Information Value = "{259BA022-2005-45E9-A965-10EDB9C00605}" Data = "Windows Updater"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\OLE"/>
<Information Value = "DefaultLaunchPermission" Data = ""/>
<Information Value = "EnableDCOM" Data = "Y"/>
<Information Value = "MachineLaunchRestriction" Data = ""/>
<Information Value = "MachineAccessRestriction" Data = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "NoUpdateCheck" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "NoJITSetup" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "Start Page" Data = "http://www.hotmail.com/"/>
<Information Value = "Cache_Update_Frequency" Data = "Once_Per_Session"/>
<Information Value = "Do404Search" Data = ""/>
<Information Value = "Local Page" Data = "C:\WINDOWS\system32\blank.htm"/>
<Information Value = "Search Bar" Data = "http://www.msn.com/a...allinone.htm"/>
<Information Value = "NscSingleExpand" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "NoWebJITSetup" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "Page_Transitions" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "UseThemes" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Force Offscreen Composition" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "AllowWindowReuse" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "SmoothScroll" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Show image placeholders" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "AutoSearch" Data = "(DWORD) 0x5 0 0 0"/>
<Information Value = "Window_Placement" Data = ""/>
<Information Value = "LastCheckedHi" Data = "(DWORD) 0xa7 cc c6 1"/>
<Information Value = "AddToFavoritesExpanded" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Window Title" Data = "Microsoft Internet Explorer"/>
<Information Value = "Use Search Asst" Data = ""/>
<Information Value = "Use Custom Search URL" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "StatusBarOther" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Search Page" Data = "http://www.google.com"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "Default_Page_URL" Data = "http://www.sony.com/...m/vaiopeople"/>
<Information Value = "Default_Search_URL" Data = "http://www.microsoft...&ar=iesearch"/>
<Information Value = "Search Page" Data = "http://www.google.com"/>
<Information Value = "Cache_Percent_of_Disk" Data = ""/>
<Information Value = "Local Page" Data = "%SystemRoot%\system32\blank.htm"/>
<Information Value = "Anchor_Visitation_Horizon" Data = ""/>
<Information Value = "Placeholder_Width" Data = ""/>
<Information Value = "Placeholder_Height" Data = ""/>
<Information Value = "Start Page" Data = "http://www.hotmail.com/"/>
<Information Value = "CompanyName" Data = "Microsoft Corporation"/>
<Information Value = "Custom_Key" Data = "MICROSO"/>
<Information Value = "Wizard_Version" Data = "6.0.2524.0000"/>
<Information Value = "Search Bar" Data = "http://www.msn.com/a...allinone.htm"/>
<Information Value = "" Data = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data = ""/>
<Information Value = "CustomizeSearch" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data = "http://ie.search.msn...srchasst.htm"/>
<Information Value = "CustomizeSearch" Data = "http://ie.search.msn...srchasst.htm"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\SearchURL"/>

Edited by baby_blue_6_4, 08 September 2006 - 12:21 PM.

#2
baby_blue_6_4

Posted 08 September 2006 - 09:27 PM

Member

Topic Starter
Member
13 posts

hijack this log after running all those programs in normal windows mode, but i still have the same msconfig warning pop up telling me something has changed.
Logfile of HijackThis v1.99.1
Scan saved at 11:26:34 PM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Stardock\Object Desktop\WindowFX\wfxload.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Stardock\Cursor XP\CursorXP.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
J:\2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\Cursor XP\CursorXP.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Hide IP Platinum] D:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ppctlcab - http://www.my-etrust...er/ppctlcab.CAB
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferi...715f3dd1_35.exe
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://soft.trustinc...stall/tload.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123918295406
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2405.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.co...aploader_v5.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.cust...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...795/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe

#3
Metallica

Posted 11 September 2006 - 04:45 AM

Spyware Veteran

GeekU Moderator
33,101 posts

[*]Surf to: Sophos free tools: Anti-Rootkit
[*]Click the "Download" button
[*]Read the conditions and fill out your Details.
[*]Click the Download Sophos Anti-Rootkit link.
[*]Save the sarsfx.exe to location on your harddrive where you can find it later on.
[/list]Installing

Close as many applications as possible and execute sarsfx.exe by doubleclicking it.
Accept the EULA and install the software to the loaction of your choice.(Default is C:\SOPHTEMP)

Running for analysis

In that folder find and double-click sargui.exe
Select the areas that you want to scan for hidden objects (Running processes, Windows registry, Local hard drives)
Click Start > Run and copy this command into the window %TEMP%\sarscan.log and click OK to execute.
A textfile will open. Post the content of that file.

#4
baby_blue_6_4

Posted 12 September 2006 - 02:06 AM

Member

Topic Starter
Member
13 posts

ok here is the updated log:
Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 9/12/2006 at 3:37:14 AM
Hidden: registry item \HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Quicken
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Preferences\ProxySettings
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Preferences\VideoSettings
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012004080220040803
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\Suffixes\video/x-ivf
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\User Trusted External Applications\"C:\PROGRA~1\WINDOW~3\wmplayer.exe"
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\User Trusted External Applications\C:\PROGRA~1\WINDOW~3\wmplayer.exe
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\User Trusted External Applications\"C:\Program Files\Windows Media Player\wmplayer.exe"
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\User Trusted External Applications\C:\Program Files\Windows Media Player\wmplayer.exe
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\Viewers\video/x-ivf
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Sony Corporation\SonicStage
Hidden: file C:\sccfg.sys
Stopped logging on 9/12/2006 at 3:59:34 AM

#5
Metallica

Posted 12 September 2006 - 02:52 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Do you, or did you have Folderlock installed?

Either way, run HijackThis and put a checkmark before the following items:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferi...715f3dd1_35.exe

O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\

O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)

Before you click Fix checked, make sure that AdWatch is set to Prompt you about any changes (instead of Automatic)
Allow the changes that will be made afetr you click Fix Checked, because those are the one that we want gone.

I would advise against using SpywareTerminator after reading this:
http://spywarewarrio...tm#spyterm_note
If you agree, you can uninstall it using Add/Remove Software

Reboot when you are done and post a new HijackThis log

Regards,

#6
baby_blue_6_4

Posted 12 September 2006 - 04:13 PM

Member

Topic Starter
Member
13 posts

ok i ran it and i couldn't find O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\ but got the rest. i still do have folder lock installed. should i get rid of it? i don't really use it anyway. also would this whole deal cause my sound to go? i have a 5.1 system and i was only getting sound out of a 2 speakers (i made sure it was set to 5.1 and not desktop speakers) so i uninstalled my audio card and reinstalled it because when i clicked in the control pannel the eax console it said error loading drivers,but not i don't have sound out of the center speaker and the icon for creative's eax console doesn't pop up anymore. my girlfriend is having the same problem with her speakers and also a usb problem where one of the 2 ports work but if she tries to switch the mouse to the other one and plug something else in the one that works she gets nothing, and if the mouse is plugged back in then there is nothing until it's restarted. i'm thinking that it may be my fault as i had taken a portable drive to her house and used it on her computer. anyways here is the new log and thanks for helping out. :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 6:04:03 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Stardock\Object Desktop\WindowFX\wfxload.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Stardock\Cursor XP\CursorXP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
J:\2\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\Cursor XP\CursorXP.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Hide IP Platinum] D:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ppctlcab - http://www.my-etrust...er/ppctlcab.CAB
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://soft.trustinc...stall/tload.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123918295406
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2405.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.co...aploader_v5.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.cust...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...795/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe

#7
Metallica

Posted 13 September 2006 - 02:08 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Hi baby_blue_6_4,

Folderlock should not be a problem. I just noticed it in the Anti-Rootkit log.
I thought it better to ask then to jump to conclusions. :whistling:

Your log looks good now.
I think you'd be better off asking one of our hardware gurus about your sound problem.

The best way would be to start a thread here:
http://www.geekstogo...pherals-f9.html

Put a link in your post there to this thread, so they will know the background.
For example: http://www.geekstogo...howtopic=129165

Regards,

#8
baby_blue_6_4

Posted 13 September 2006 - 04:26 PM

Member

Topic Starter
Member
13 posts

that's good that the log looks good... but i still have the problem of the msconfig popping up when i start up my computer. no idea why though... :whistling:

should i run some other programs and post updated logs?

(edit: ok here is what i got now when i started up my computer from ad watch: (why is it trying to delete my yahoo messenger? i did notice too that the internet explorer extension for yahoo messenger is gone. it's happened before but came back when i intalled the newest version. it was located in where the standard buttons are just after the full screen button is.
Ad-Watch Logfile, exported on 9/13/2006
Total number of events:4
===============================================
9/13/2006 7:06:03 PM - Definitions file SE1R123 12.09.2006 loaded successfully.
Build:SE1R123 12.09.2006
Total Signatures :66260
Target Families :971
Target Categories :6
CSI data Size :256632
File Size :2529028
===============================================
9/13/2006 7:06:03 PM - User preferences file loaded.
Ad-Watch preference file loaded.
Applying user settings
C:\Documents and Settings\Mike\Application Data\Lavasoft\Ad-Aware\awsettings.awc
Initialization complete.
===============================================
9/13/2006 7:06:07 PM - Sites file loaded.
Sites file loaded successfully.
C:\PROGRA~1\Lavasoft\AD-AWA~2\sites.txt
Total entries : 3223
===============================================
9/13/2006 7:07:08 PM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:ypagerps
Data:cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
New Data:
===============================================
Logfile of HijackThis v1.99.1
Scan saved at 7:16:39 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Stardock\Object Desktop\WindowFX\wfxload.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Stardock\Cursor XP\CursorXP.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVW32.EXE
J:\2\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\Cursor XP\CursorXP.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Hide IP Platinum] D:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ppctlcab - http://www.my-etrust...er/ppctlcab.CAB
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://soft.trustinc...stall/tload.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123918295406
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2405.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.co...aploader_v5.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.cust...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...795/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay11...ex/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe

also when i try to go to www.creative.com for the support software autoupdate site it says that i haven't restarted my computer to complete the previous software update. if you continue without restarting your computer, there may be problems/ would you like to continue to check for updates? yes/no
now i have restarted my computer since then and i have also completely shut it off, so there is a problem some where. i'm sorry that i'm being such a pain here... i just know nothing about this sort of stuff. :blink:

also any idea on why when i go to post a message on a message board that ends in .php i get the this page cannot be displayed for IE when the message goes through?

Edited by baby_blue_6_4, 13 September 2006 - 05:36 PM.

#9
Metallica

Posted 14 September 2006 - 12:23 AM

Spyware Veteran

GeekU Moderator
33,101 posts

AdWatch soesn't try to delete anything.

It just alerts you about changes and will follow your decision.

To get rid of the MSConfig box, fix this entry:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

You can ask the question about the Creative drivers better in the forum I pointed you to.