Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this... Log File...

Started by AlphaMonk , Nov 18 2007 02:22 AM

  • Please log in to reply

#1
AlphaMonk
Posted 18 November 2007 - 02:22 AM

AlphaMonk

    Member

  • Member
  • PipPip
  • 23 posts
Audio ads running in the background and I have no idea what it is... any help is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:20:02 AM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\eHome\ehshell.exe
C:\WINDOWS\system32\ndt2.sys
C:\WINDOWS\system32\Indt2.sys
C:\Documents and Settings\owner\Desktop\VIRUS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\filelib\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...llInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093975848968
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Edited by AlphaMonk, 18 November 2007 - 02:23 AM.

  • 0

Advertisements

#2
anzenketh
Posted 19 November 2007 - 01:56 AM

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
Hi AlphaMonk,

My name is tuxmaster, and I'll be helping you with your malware issues. I am currently looking over your log right now. Please note that I'm still in training, and my replies to you have to be approved before posting, so please excuse any delays between replies.
  • 0

#3
anzenketh
Posted 19 November 2007 - 03:10 PM

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
Hello alphamonk,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.

The two on-access scanners that you have installed is Yahoo Antivirus and AVG Antivirus. I would pick one that you want to use and uninstall the other.

In addition Hijackthis is currently located on the desktop. Hijackthis creates backups so it is good to store it in a more periment directory for example c:\program files\HJT
  • 0

#4
AlphaMonk
Posted 19 November 2007 - 06:05 PM

AlphaMonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Well normally I only have Yahoo's antivirus but I installed AVG to see if it would fix my problem.. I will uninstall it now... thanks!

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 511.36 MiB / 226.55 MiB
Pagefile Memory (total/avail): 1246.12 MiB / 911.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.06 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 226.88 GiB total, 37.34 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (FAT32)
J: is CDROM (CDFS)
K: is CDROM (CDFS)
L: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500BB-98FTA0 - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 6.01 GiB
\PARTITION1 (bootable) - Installable File System - 226.88 GiB - C:

\\.\PHYSICALDRIVE2 - Sony UMH-U HS-CF USB Device

\\.\PHYSICALDRIVE1 - Sony UMH-U HS-MS USB Device

\\.\PHYSICALDRIVE4 - Sony UMH-U HS-SD/MMC USB Device - 478.5 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 483.88 MiB - I:

\\.\PHYSICALDRIVE3 - Sony UMH-U HS-XD USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirewallDisableNotify is set.

AV: Anti-Virus - SBC Yahoo! Online Protection v7.0.7.4 (Computer Associates)
AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\owner\\My Documents\\filelib\\aim.exe"="C:\\Documents and Settings\\owner\\My Documents\\filelib\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"="C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Documents and Settings\\owner\\My Documents\\DOCS\\zsnesw142\\zsnesw.exe"="C:\\Documents and Settings\\owner\\My Documents\\DOCS\\zsnesw142\\zsnesw.exe:*:Enabled:zsnesw"
"C:\\Documents and Settings\\owner\\Desktop\\UNDERGROUND\\Speed.exe"="C:\\Documents and Settings\\owner\\Desktop\\UNDERGROUND\\Speed.exe:*:Enabled:Speed"
"C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\owner\\My Documents\\filelib\\aim.exe"="C:\\Documents and Settings\\owner\\My Documents\\filelib\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Sony\\click to dvd 2\\AuthoringServerExe.exe"="C:\\Program Files\\Sony\\click to dvd 2\\AuthoringServerExe.exe:*:Enabled:AuthoringServerExe package for Click to DVD"
"C:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe"="C:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe:*:Enabled:Click to DVD"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares"
"C:\\Program Files\\Ares Lite Edition\\AresLite.exe"="C:\\Program Files\\Ares Lite Edition\\AresLite.exe:*:Disabled:AresLite"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Disabled:SoulSeek"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\filelib\\aim.exe"="C:\\Program Files\\filelib\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Common Files\\AOL\\1151392549\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1151392549\\ee\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\softnyx\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="C:\\Program Files\\softnyx\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\XBC\\XBC_NS.exe"="C:\\Program Files\\XBC\\XBC_NS.exe:*:Enabled:XBConnect"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\BitPim\\bitpim.exe"="C:\\Program Files\\BitPim\\bitpim.exe:*:Enabled:Open Source Mobile Phone Tool"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VALUED-E91AB895
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\owner
LOGONSERVER=\\VALUED-E91AB895
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Yahoo!\browser;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\owner\LOCALS~1\Temp
USERDOMAIN=VALUED-E91AB895
USERNAME=owner
USERPROFILE=C:\Documents and Settings\owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

owner (admin)
movies
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -f\"C:\Program Files\Final Fantasy VII\Uninst.isu"
--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABC Amber LIT Converter --> C:\PROGRA~1\ABCAMB~1\UNWISE.EXE C:\PROGRA~1\ABCAMB~1\INSTALL.LOG
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft 3 --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Premiere Pro --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Premiere Standard --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{7998F67D-655B-42E3-B651-18D96DD17268}\setup.exe"
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{47813E93-F2A0-484A-838E-47EC1B28D190}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Agere Systems AC'97 Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Animoids --> "C:\Program Files\Animoids\UninstallerData\Uninstall Animoids.exe"
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Auralia 3 Student Edition --> MsiExec.exe /X{458C07CB-75D4-4987-B46B-D9CD88583BF4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitPim 1.0.2 --> "C:\Program Files\BitPim\unins000.exe"
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Click to DVD 2.0 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
Click to DVD 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Dance Dance Revolution --> MsiExec.exe /X{D4B542C6-53C5-47DD-89C2-D6B8D84017FD}
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
File Rescue Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3CB52B2-E03A-4BB0-916B-4A7E292C20D3}\setup.exe" -l0x9 -removeonly
Final Fantasy VII - Ultima Edition --> "C:\Program Files\Final Fantasy VII\unins000.exe"
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
FLAC Installer 1.1.2a (remove only) --> C:\Program Files\FLAC\uninstall.exe
Google Video Viewer 1.0 (based on VLC 0.8.2 Player) --> C:\Program Files\GoogleVideoViewer\VLC\uninstall.exe
Guitar Pro 5.1 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Gunbound Revolution --> "C:\Program Files\softnyx\ENGLISH\Gunbound Revolution\unins000.exe"
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\owner\My Documents\DOCS\HijackThis.exe /uninstall
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KXploit Tool --> C:\Documents and Settings\owner\My Documents\DOCS\KXploit Tool\uninstall.exe
Lexmark 3300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE
Lexmark 5200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBTUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{764C0C8F-B1B1-49BF-AEDC-4E48E857A667} /l1033 /z/U
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\Uninst.exe
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Matroska Pack - Lazy Man's MKV 0.9.9 --> "C:\Program Files\LD-Anime\unins000.exe"
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Movielink eHome version 1.1 --> "C:\Program Files\Movielink\eHome\unins000.exe"
MPEG4 Direct Maker --> C:\PROGRA~1\MPEG4D~1\UNWISE.EXE C:\PROGRA~1\MPEG4D~1\INSTALL.LOG
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
N.I. Guitar Rig v2.0.2 --> C:\Program Files\Native Instruments\Guitar Rig 2\uninstall.exe
Native Instruments Absynth v3.0.2 --> C:\PROGRA~1\NATIVE~1\ABSYNT~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\ABSYNT~1\INSTALL.LOG
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsy.inf
OpenMG Limited Patch 4.1-05-14-24-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-14-24-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PaperlessPrinter version 3.0 --> "C:\Program Files\RareFind\PaperlessPrinter\unins000.exe"
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Pocket RAR documentation --> C:\Documents and Settings\owner\My Documents\DOCS\uninstall.exe
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PSP Video 9 1.53 --> C:\Program Files\pspvideo9\uninst.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Samsung CamCorder Driver --> C:\WINDOWS\Uninstall.exe
Samsung Video Codec 1.0 Uninstall --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SMP4 132 C:\WINDOWS\INF\install.inf
SBC Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SonicStage 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF3B304B-8A18-452D-A19F-6012CA8418D7}\Setup.exe" -l0x9
SonicStage Mastering Studio Plugins 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}\Setup.exe" -l0x9
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony TV Tuner Library 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}\setup.exe" -l0x9 UNINSTALL
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.4 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Switch Off --> "C:\Program Files\Switch Off\uninstall.exe"
Ulead VideoStudio 7 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\Setup.exe" -l0x9
V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
VAIO Edit Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{761C9026-14F0-4352-8658-934558272404}\setup.exe"
VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\Setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO SLIT-C Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AF4645-78E6-46C4-B528-54863679CC40}\setup.exe" -l0x9
VAIO SLIT Pattern Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266AEE68-5718-4A31-BDD3-D356B1250C70}\setup.exe" -l0x9
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}\setup.exe"
VAIO Update 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656C}\setup.exe" -l0x9
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{C35BF80A-6284-485E-AE18-023AA8C43185}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual IP InSight(SBC) --> C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
Welcome to VAIO life --> "C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinPcap 3.1 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\uninstall.exe
XBC 5.1 --> C:\PROGRA~1\XBC\UNWISE.EXE C:\PROGRA~1\XBC\INSTALL.LOG
ZIP Reader 8.00.0018 --> MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD}


-- Application Event Log -------------------------------------------------------

Event Record #/Type39793 / Error
Event Submitted/Written: 11/19/2007 03:23:23 PM
Event ID/Source: 108 / VzFw
Event Description:
Some error occurred when starting folder watch. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples

Event Record #/Type39786 / Error
Event Submitted/Written: 11/19/2007 05:42:18 AM
Event ID/Source: 0 / Media Center Scheduler.
Event Description:
Flush: RecordingFile failed to write Invalid XML Operation.

Event Record #/Type39785 / Error
Event Submitted/Written: 11/19/2007 05:37:14 AM
Event ID/Source: 0 / Media Center Scheduler.
Event Description:
The recordings store has been determined to be corrupt, and was unrecoverable. It has been copied to a backup file.

Event Record #/Type39779 / Error
Event Submitted/Written: 11/18/2007 07:46:52 PM
Event ID/Source: 108 / VzFw
Event Description:
Some error occurred when starting folder watch. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples

Event Record #/Type39768 / Error
Event Submitted/Written: 11/18/2007 00:25:51 PM
Event ID/Source: 108 / VzFw
Event Description:
Some error occurred when starting folder watch. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type79487 / Error
Event Submitted/Written: 11/19/2007 03:26:23 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The HTTP SSL service failed to start due to the following error:
%%1053

Event Record #/Type79486 / Error
Event Submitted/Written: 11/19/2007 03:26:23 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Event Record #/Type79466 / Warning
Event Submitted/Written: 11/19/2007 03:22:14 PM / 11/19/2007 03:23:14 PM
Event ID/Source: 19 / i8042prt
Event Description:
Could not set the keyboard typematic rate and delay.

Event Record #/Type79465 / Warning
Event Submitted/Written: 11/19/2007 03:22:14 PM / 11/19/2007 03:23:14 PM
Event ID/Source: 17 / i8042prt
Event Description:
The device sent an incorrect response(s) following a keyboard reset.

Event Record #/Type79438 / Warning
Event Submitted/Written: 11/18/2007 07:45:46 PM / 11/18/2007 07:46:46 PM
Event ID/Source: 19 / i8042prt
Event Description:
Could not set the keyboard typematic rate and delay.



-- End of Deckard's System Scanner: finished at 2007-11-19 15:56:58 ------------

:)


Deckard's System Scanner v20071014.68
Run by owner on 2007-11-19 15:50:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
35: 2007-11-19 23:51:07 UTC - RP768 - Deckard's System Scanner Restore Point
34: 2007-11-18 03:34:47 UTC - RP767 - Restore Operation
33: 2007-11-17 21:44:32 UTC - RP766 - Installed SUPERAntiSpyware Free Edition
32: 2007-11-16 11:00:58 UTC - RP765 - Software Distribution Service 3.0
31: 2007-11-16 07:57:42 UTC - RP764 - Restore Operation


-- First Restore Point --
1: 2007-08-20 22:32:10 UTC - RP734 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as owner.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-19 15:54:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Yahoo!\Antivirus\iSafe.exe
C:\WINDOWS\eHome\ehsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ndt2.sys
C:\WINDOWS\eHome\ehtray.exe
C:\Program Files\Sony\sHotKey\SHOTKEY.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRid.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Documents and Settings\owner\Desktop\dss.exe
C:\WINDOWS\system32\Indt2.sys

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\filelib\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://freewebs (HKCU)
O16 - DPF: Yahoo! Chess () - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 () - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: Yahoo! Word Racer () - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.micros...cs/i386/fhg.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akama...llInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093975848968
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yaho...alls/yab_af.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\iSafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSSc

Edited by AlphaMonk, 19 November 2007 - 07:56 PM.

  • 0

#5
AlphaMonk
Posted 19 November 2007 - 07:59 PM

AlphaMonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 16545 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\owner\Desktop\VIRUS\backups\) ---------

backup-20050716-143216-740 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
backup-20050716-145723-743 O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
backup-20050716-151342-150 O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
backup-20050716-203213-164 R3 - Default URLSearchHook is missing
backup-20050716-203213-185 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
backup-20050716-203213-339 O4 - HKCU\..\Run: [fuqq] C:\PROGRA~1\COMMON~1\fuqq\fuqqm.exe
backup-20050716-203213-944 O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
backup-20050723-121721-196 O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
backup-20050723-121721-297 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20050723-121721-303 O4 - HKCU\..\Run: [Yahoo! Pager] 1
backup-20050723-121721-311 O4 - Global Startup: Adobe Gamma Loader.lnk = ?
backup-20050723-121721-634 O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Documents and Settings\owner\My Documents\filelib\\DeadAIM.ocm",ExportedCheckODLs
backup-20050723-121721-679 O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
backup-20050723-121721-700 O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
backup-20050723-121721-732 O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
backup-20050723-121721-751 O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
backup-20050723-121721-788 O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\owner\My Documents\filelib\aim.exe -cnetwait.odl
backup-20050723-121721-910 O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
backup-20050723-121721-921 O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
backup-20050723-121721-999 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20050723-123802-288 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20050723-123802-932 O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\owner\My Documents\filelib\aim.exe -cnetwait.odl
backup-20050910-143043-899 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20050910-143044-136 O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll
backup-20050910-143044-817 O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
backup-20050910-143044-978 O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
backup-20060105-122328-836 O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc...e/bridge-c8.cab
backup-20060122-110620-635 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20060122-110620-844 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
backup-20060122-110620-920 O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
backup-20060216-201956-432 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
backup-20060216-201956-723 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
backup-20071115-155344-500 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 CamAv (SAMSUNG Video Capture) - c:\windows\system32\drivers\camav.sys <Not Verified; Samsung electronics, Inc; Samsung electronics, Inc>
S3 CAMFLT (%CAMFLT.SvcDesc%) - c:\windows\system32\drivers\camflt.sys <Not Verified; Samsung electronics, Inc; Samsung electronics, Inc>
S3 dump_wmimmc - c:\program files\softnyx\english\gunbound revolution\gameguard\dump_wmimmc.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 NTLOAD - c:\windows\system32\dllcache\win32\winlogon.exe
S2 NTSVCMGR - c:\windows\system32\dllcache\win32\winlogon.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-19 03:19:24 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2004-08-30 17:59:01 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job
2004-08-30 17:59:01 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job


-- Files created between 2007-10-19 and 2007-11-19 -----------------------------

2007-11-17 19:42:13 0 d-------- C:\Documents and Settings\owner\Application Data\Grisoft
2007-11-17 13:44:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 13:44:35 0 d-------- C:\Documents and Settings\owner\Application Data\SUPERAntiSpyware.com
2007-11-17 13:44:19 19050496 --a------ C:\Documents and Settings\owner\ntuser.dat
2007-11-17 13:44:19 421888 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-17 13:43:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 13:40:04 0 d-------- C:\Documents and Settings\owner\Application Data\AVG7
2007-11-17 13:40:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-17 13:39:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 00:40:04 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-11-16 00:00:56 45056 --a------ C:\WINDOWS\system32\Indt2.sys <Not Verified; a; Microsoft Internet Explorer>
2007-11-16 00:00:53 257024 --a------ C:\WINDOWS\system32\ndt2.sys
2007-11-09 23:54:40 0 d-------- C:\Program Files\ASIO4ALL v2
2007-11-09 23:48:22 0 d-------- C:\Program Files\Image-Line
2007-11-03 13:09:44 122880 --a------ C:\WINDOWS\system32\fxtls532.dll <Not Verified; ImageFX; FXTools, FXPic, FractalFX, PlanetFXFX, VectorFX>
2007-11-03 13:09:43 29184 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-11-03 13:09:42 0 d-------- C:\Program Files\kap.LST
2007-11-03 13:09:41 24848 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-03 13:09:41 123664 --a------ C:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-03 13:09:41 1056768 --a------ C:\WINDOWS\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-03 13:09:40 252176 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-03 13:09:39 430080 --a------ C:\WINDOWS\system32\MSREPL35.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2007-10-27 22:09:13 0 d-------- C:\Program Files\BitPim
2007-10-27 21:45:54 0 d-------- C:\Program Files\LG Electronics
2007-10-27 21:44:58 528384 -----n--- C:\WINDOWS\system32\VZWDownManager.exe <Not Verified; Verizon; VZWDownManager Application>
2007-10-27 21:44:58 49152 -----n--- C:\WINDOWS\system32\VZWDLManager.dll <Not Verified; ; VZWDLManager Module>
2007-10-27 21:44:41 0 d-------- C:\Program Files\Verizon Wireless
2007-10-27 09:30:14 0 d-------- C:\Documents and Settings\owner\Application Data\Viewpoint
2007-10-25 21:42:23 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-25 21:39:49 0 d-------- C:\Program Files\AIM6


-- Find3M Report ---------------------------------------------------------------

2007-11-19 05:26:37 0 d-------- C:\Program Files\Lx_cats
2007-11-17 13:43:41 0 d-------- C:\Program Files\Common Files
2007-11-16 00:45:14 0 d-------- C:\Program Files\VST
2007-10-27 21:45:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-27 09:30:18 0 d-------- C:\Program Files\Viewpoint
2007-10-26 23:30:03 0 d-------- C:\Program Files\MPEG4 Direct Maker
2007-10-26 10:14:26 0 d-------- C:\Program Files\Common Files\AOL
2007-10-26 10:14:25 0 d-------- C:\Program Files\filelib
2007-10-06 13:58:21 0 d-------- C:\Program Files\Veoh Networks
2007-10-03 22:15:31 0 d-------- C:\Documents and Settings\owner\Application Data\Skype
2007-09-30 13:48:02 0 d-------- C:\Program Files\iTunes
2007-09-30 13:47:47 0 d-------- C:\Program Files\iPod
2007-09-30 13:44:03 0 d-------- C:\Program Files\QuickTime
2007-09-30 13:40:31 0 d-------- C:\Program Files\Apple Software Update
2007-09-30 13:39:43 0 d-------- C:\Program Files\Common Files\Apple
2007-09-23 12:47:42 0 d-------- C:\Documents and Settings\owner\Application Data\Aquarius Soft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/03/2004 11:56 PM]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [08/22/2003 09:22 AM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 10:29 AM]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [03/17/2004 08:30 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [01/19/2005 06:19 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 08:26 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [12/16/2006 10:57 AM]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [12/16/2006 10:57 AM]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [01/10/2005 01:21 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/03/2004 11:56 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [11/18/2007 12:28 PM]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [11/18/2007 12:28 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 09:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"@"="" []
"Aim6"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe
backup=C:\WINDOWS\pss\office.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\filelib\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"C:\Program Files\Lexmark 3300 Series\lxccmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aspnet_state"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3afe11a-0ba1-11db-9c4d-00112f27642f}]
AutoRun\command- M:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-11-19 15:56:58 ------------
  • 0

#6
anzenketh
Posted 21 November 2007 - 09:20 PM

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
Hello alphamonk,

Step 1: Run a Rootkit Scan

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.
  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now
Thanks

Step 2: Fix the Registry

First we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Now we need to create a file open up notepad and paste the information in the code box typed below in the notepad document. When you save it save it as all file types with a .reg extension.
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTLOAD]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTSVCMGR]

In your next post please post a new DSS log.

Edited by tuxmaster, 21 November 2007 - 09:20 PM.

  • 0

#7
AlphaMonk
Posted 21 November 2007 - 11:14 PM

AlphaMonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The program didn't say to extract to...C:\SOPHTEMP.. I clicked install anyway is that fine?
  • 0

#8
AlphaMonk
Posted 21 November 2007 - 11:55 PM

AlphaMonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Area: Local hard drives
Description: Unknown hidden file
Location: C:\WINDOWS\I386\AUTOFMT.EXE
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Edited by AlphaMonk, 21 November 2007 - 11:55 PM.

  • 0

#9
anzenketh
Posted 24 November 2007 - 04:07 PM

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
Hello alphamonk,

Step 1: Fix entries using HJT.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.(If Present)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Step 2: Make sure services are removed

1. Open up notepad.
Click on start.
Click on run
Type in notepad.
2. Copy the following text in the code box below. 
@echo
sc stop NTLOAD
sc delete NTLOAD
sc stop NTSVCMGR
sc delete NTSVCMGR
quit
3. Save the file
Click on file.
Click on save as.
On save in click on the dropdown and select desktop.
For file name type in services.bat
Click the dropdown for save as type and select all files.
Doubleclick on services.bat to your desktop.

Step 3: Delete Files.

Please download the OTMoveIt by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\ndt2.sys
c:\windows\system32\drivers\pfc.sys
c:\windows\system32\drivers\npf.sys
C:\WINDOWS\I386\AUTOFMT.EXE

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

After that, Reboot.

Please post A Decard System Scanner Log and the OTMoveit Log in your next post.
  • 0

#10
AlphaMonk
Posted 30 November 2007 - 03:25 AM

AlphaMonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTMoveIt

C:\WINDOWS\system32\Indt2.sys moved successfully.
C:\WINDOWS\system32\ndt2.sys moved successfully.
c:\windows\system32\drivers\pfc.sys moved successfully.
c:\windows\system32\drivers\npf.sys moved successfully.
C:\WINDOWS\I386\AUTOFMT.EXE moved successfully.

Created on 11/30/2007 00:34:46


:)

Deckard's System Scanner v20071014.68
Run by owner on 2007-11-30 01:20:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 76% (more than 75%).


-- HijackThis (run as owner.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-30 01:21:02
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\eHome\ehsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\eHome\ehtray.exe
C:\Program Files\Sony\sHotKey\SHOTKEY.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\owner\My Documents\DOCS\OTMoveIt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\EK6WZ66L\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 82.98.86.179 mydxo.com
O1 - Hosts: 82.98.86.179 nhacrock.com
O1 - Hosts: 82.98.86.179 bjfake.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\filelib\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://freewebs (HKCU)
O16 - DPF: Yahoo! Chess () - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 () - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: Yahoo! Word Racer () - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.micros...cs/i386/fhg.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akama...llInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093975848968
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yaho...alls/yab_af.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 15731 bytes

-- Files created between 2007-10-30 and 2007-11-30 -----------------------------

2007-11-27 00:11:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\Sun
2007-11-24 17:22:25 0 d-------- C:\Program Files\Alwil Software
2007-11-21 21:12:01 0 d-------- C:\Program Files\Sophos
2007-11-20 00:56:58 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-20 00:56:58 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-19 23:12:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\FaxCtr
2007-11-19 23:09:48 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2007-11-19 23:07:12 0 dr------- C:\Documents and Settings\LocalService\Favorites <FAVORI~1>
2007-11-19 23:07:11 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-11-19 23:07:11 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-11-17 19:42:13 0 d-------- C:\Documents and Settings\owner\Application Data\Grisoft
2007-11-17 13:44:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 13:44:35 0 d-------- C:\Documents and Settings\owner\Application Data\SUPERAntiSpyware.com
2007-11-17 13:44:19 19136512 --a------ C:\Documents and Settings\owner\ntuser.dat
2007-11-17 13:44:19 421888 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-17 13:43:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 13:40:04 0 d-------- C:\Documents and Settings\owner\Application Data\AVG7
2007-11-17 13:40:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-17 13:39:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 00:40:04 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-11-09 23:54:40 0 d-------- C:\Program Files\ASIO4ALL v2
2007-11-09 23:48:22 0 d-------- C:\Program Files\Image-Line
2007-11-03 13:09:44 122880 --a------ C:\WINDOWS\system32\fxtls532.dll <Not Verified; ImageFX; FXTools, FXPic, FractalFX, PlanetFXFX, VectorFX>
2007-11-03 13:09:43 29184 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-11-03 13:09:42 0 d-------- C:\Program Files\kap.LST
2007-11-03 13:09:41 24848 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-03 13:09:41 123664 --a------ C:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-03 13:09:41 1056768 --a------ C:\WINDOWS\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-03 13:09:40 252176 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-03 13:09:39 430080 --a------ C:\WINDOWS\system32\MSREPL35.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>


-- Find3M Report ---------------------------------------------------------------

2007-11-29 05:19:19 0 d-------- C:\Program Files\Lx_cats
2007-11-25 20:26:31 0 d-------- C:\Documents and Settings\owner\Application Data\Azureus
2007-11-24 16:03:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-22 23:14:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 01:51:03 0 d-------- C:\Program Files\Common Files
2007-11-19 23:59:27 0 d-------- C:\Program Files\Yahoo!
2007-11-19 23:29:23 0 d-------- C:\Program Files\Sony
2007-11-19 23:23:34 0 d-------- C:\Documents and Settings\owner\Application Data\Yahoo!
2007-11-19 22:48:41 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-19 17:36:47 0 d-------- C:\Program Files\Acoustica Mixcraft 3
2007-11-19 17:36:44 0 d-------- C:\Program Files\VST
2007-11-19 17:07:25 0 d-------- C:\Program Files\Rising Software
2007-11-19 17:07:01 0 d-------- C:\Program Files\Animoids
2007-11-19 17:05:13 0 d--h----- C:\Program Files\Zero G Registry
2007-11-19 17:03:27 0 d-------- C:\Program Files\Google
2007-10-27 22:09:20 0 d-------- C:\Program Files\BitPim
2007-10-27 21:45:54 0 d-------- C:\Program Files\LG Electronics
2007-10-27 21:44:41 0 d-------- C:\Program Files\Verizon Wireless
2007-10-27 10:05:54 0 d-------- C:\Program Files\AIM6
2007-10-27 09:30:18 0 d-------- C:\Program Files\Viewpoint
2007-10-27 09:30:14 0 d-------- C:\Documents and Settings\owner\Application Data\Viewpoint
2007-10-26 23:30:03 0 d-------- C:\Program Files\MPEG4 Direct Maker
2007-10-26 10:14:26 0 d-------- C:\Program Files\Common Files\AOL
2007-10-26 10:14:25 0 d-------- C:\Program Files\filelib
2007-10-06 13:58:21 0 d-------- C:\Program Files\Veoh Networks
2007-10-03 22:15:31 0 d-------- C:\Documents and Settings\owner\Application Data\Skype
2007-09-30 13:48:02 0 d-------- C:\Program Files\iTunes
2007-09-30 13:47:47 0 d-------- C:\Program Files\iPod
2007-09-30 13:44:03 0 d-------- C:\Program Files\QuickTime
2007-09-30 13:40:31 0 d-------- C:\Program Files\Apple Software Update
2007-09-30 13:39:43 0 d-------- C:\Program Files\Common Files\Apple


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/03/2004 11:56 PM]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [08/22/2003 09:22 AM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 10:29 AM]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [03/17/2004 08:30 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [01/19/2005 06:19 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 08:26 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [01/10/2005 01:21 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/03/2004 11:56 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 01:22 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 03:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 09:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Aim6"="" []
"@"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe
backup=C:\WINDOWS\pss\office.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\filelib\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"C:\Program Files\Lexmark 3300 Series\lxccmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aspnet_state"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3afe11a-0ba1-11db-9c4d-00112f27642f}]
AutoRun\command- M:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-11-30 01:22:11 ------------
  • 0

#11
anzenketh
Posted 02 December 2007 - 09:26 PM

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
Alphamonk,

Are you still getting audio ads running in the background? Have you tried closing yahoo instant messenger to see if the ads stop?

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report
Have you made any changes to you host file?

Entries like these are usually not there unless added by the you or malware.
O1 - Hosts: 82.98.86.179 mydxo.com
O1 - Hosts: 82.98.86.179 nhacrock.com
O1 - Hosts: 82.98.86.179 bjfake.com
  • 0

#12
AlphaMonk
Posted 06 December 2007 - 05:41 PM

AlphaMonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Nope I haven't made changed to the hosts files... Well, it stopped for the time it was deleted until I restarted. I can end the processes and it keeps restarting... So last night I was running Panda's Total Scan and then my computer started lagging rather badly... so this afternoon when I turned it on I got a black background with the message at the bottom,

Pri Master Hard Disk: SMART Status BAD, Backup and Replace
Press F2 to Resume

I pressed F2, and it went to BIOS SETUP UTILITY. I exited and then it allows me to go to Safe Mode Safe Mode with networking Safe Mode with Command prompt Normal... none of them work because it restarts and goes back that black screen with the message... :)

I did some research and it said something about it being a warning that the hard drive has problems and that I should save my important files but I can't get to my desktop at all...

Edited by AlphaMonk, 06 December 2007 - 07:08 PM.

  • 0

#13
anzenketh
Posted 08 December 2007 - 12:16 AM

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
AlphaMonk,

You are correct that error says that your hard drive is going bad. If you press F2 to resume and you keep getting that error message and will not go to windows then your files have a possibility of being completely lost. Do you hear any odd noises coming from your computer. What is the make and model of your hard drive? If this is a non custom built computer what is the make and model of your computer?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP