Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help getting rid of [email protected] and w32.mydoom.b [RESOLVED]


  • This topic is locked This topic is locked

#1
bcrab

bcrab

    Member

  • Member
  • PipPip
  • 10 posts
I cant get rid of these things they keep popping back up. :) I've tried Spybot and Noadware which will pick them up and delete them once but they come back. I have Norton Internet security 2008 which doesn't even detect them.
How do I get rid of them? Any help would be greatly appreciated. Thanks

This is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:47 PM, on 2/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A2994A-F9A0-4A61-94C9-521044784BF5}: NameServer = 205.171.2.65,205.171.3.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0A2994A-F9A0-4A61-94C9-521044784BF5}: NameServer = 205.171.2.65,205.171.3.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0A2994A-F9A0-4A61-94C9-521044784BF5}: NameServer = 205.171.2.65,205.171.3.65
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Unknown owner - C:\Windows\System32\StkCSrv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11133 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply.
  • 0

#3
bcrab

bcrab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OK here it is. Thanks for the help.

[code=auto:0]WinPFind35 logfile created on: 2/22/2008 8:53:15 AM

Edited by bcrab, 22 February 2008 - 10:38 AM.

  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you attach it please
  • 0

#5
bcrab

bcrab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry the log is to big for attachment.

Edited by bcrab, 22 February 2008 - 10:18 AM.

  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
It shouldn't be

Zip the text file then upload it here

Easier this way
  • 0

#7
bcrab

bcrab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Attached File  WinPFind35.zip   55.92KB   139 downloads

:) Doh... Your right.
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> stkcsrv.exe -> %SystemRoot%\System32\StkCSrv.exe
[Win32 Services - Non-Microsoft Only]
YY -> (ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\alg.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Sidebar -> Sidebar.exe
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Sidebar -> Sidebar.exe
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {320AF880-6646-11D3-ABEE-C5DBF3571F46}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Fill Forms]
YN -> {320AF880-6646-11D3-ABEE-C5DBF3571F49}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Save]
YN -> {724d43aa-0d85-11d4-9908-00400523e39a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [RoboForm]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Customize Menu ->
YN -> Fill Forms ->
YN -> RoboForm Toolbar ->
YN -> Save Forms ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-71232430-3091931539-4128880556-1000\] > -> HKEY_USERS\S-1-5-21-71232430-3091931539-4128880556-1000\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Customize Menu ->
YN -> Fill Forms ->
YN -> RoboForm Toolbar ->
YN -> Save Forms ->
[Files/Folders - Created Within 90 days]
YY -> 2 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files/Folders - Modified Within 90 days]
YY -> 2 C:\Windows\*.tmp files -> C:\Windows\*.tmp
YY -> 82 C:\Users\Brian\AppData\Local\Temp\*.tmp files -> C:\Users\Brian\AppData\Local\Temp\*.tmp
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#9
bcrab

bcrab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OK this is the fix log. I'll get DSS next.

Unable to kill explorer.exe
[Processes - Non-Microsoft Only]
Unable to kill process stkcsrv.exe .
File C:\Windows\System32\StkCSrv.exe not found.
[Win32 Services - Non-Microsoft Only]
Service ALG stopped successfully.
Service ALG deleted successfully.
File C:\Windows\System32\alg.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43aa-0d85-11d4-9908-00400523e39a}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Customize Menu\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Fill Forms\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\RoboForm Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save Forms\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-71232430-3091931539-4128880556-1000\Software\Microsoft\Internet Explorer\MenuExt\Customize Menu\ not found.
Registry key HKEY_USERS\S-1-5-21-71232430-3091931539-4128880556-1000\Software\Microsoft\Internet Explorer\MenuExt\Fill Forms\ not found.
Registry key HKEY_USERS\S-1-5-21-71232430-3091931539-4128880556-1000\Software\Microsoft\Internet Explorer\MenuExt\RoboForm Toolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-71232430-3091931539-4128880556-1000\Software\Microsoft\Internet Explorer\MenuExt\Save Forms\ not found.
[Files/Folders - Created Within 90 days]
File delete failed. C:\Windows\S461CC311.tmp scheduled to be deleted on reboot.
[Files/Folders - Modified Within 90 days]
File delete failed. C:\Windows\S461CC311.tmp scheduled to be deleted on reboot.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\util\common folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\util\ccc folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\util folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\x86 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\x64 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\wis\win2k_xp folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\wis folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\webreg folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\videotoolkit01 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\unloadsupport folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\trayapp folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\toolbox64 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\toolbox folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\status folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\solutioncenter folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\software folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\scan folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\redisco folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\readme\1033 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\readme folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\qfolder folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\producthelp folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\productcontext folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\product folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\networktutorial\enu folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\networktutorial folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\netdevicemanager64 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\netdevicemanager folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\marketresearch folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\imagezoneexpress folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\hpupdate folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\hpproductassistant folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\fax folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\esupport folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\dtss folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\dpinst_x64_vista folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\dpinst_x64 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\dpinst_x32_vista folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\dpinst_x32 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\docproc folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\devicemanagement folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\destinations folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\copy folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\bufferchm folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup\aio_scan folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\setup folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\images folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\drivers\scanner\x64 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\drivers\scanner\x32 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\drivers\scanner folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\drivers\dot4\wrapper folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\drivers\dot4 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp\drivers folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\7zS48B3.tmp folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\nero.tmp\Nero\NPS folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\nero.tmp\Nero folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\nero.tmp\7.10.1.2_7.03.0637_13842 folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\nero.tmp folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\nps.tmp folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\nro.tmp\Nero\NPS folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\nro.tmp\Nero folder deleted successfully.
C:\Users\Brian\AppData\Local\Temp\nro.tmp folder deleted successfully.
[Extra Files]
< Purity >
[Empty Temp Folders]
File delete failed. C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.0.1 fix logfile created on 02222008_104642
  • 0

#10
bcrab

bcrab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
This is the Main.txt

Deckard's System Scanner v20071014.68
Run by Brian on 2008-02-22 10:55:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:26 AM, on 2/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Users\Brian\Downloads\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A2994A-F9A0-4A61-94C9-521044784BF5}: NameServer = 205.171.2.65,205.171.3.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0A2994A-F9A0-4A61-94C9-521044784BF5}: NameServer = 205.171.2.65,205.171.3.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0A2994A-F9A0-4A61-94C9-521044784BF5}: NameServer = 205.171.2.65,205.171.3.65
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Unknown owner - C:\Windows\System32\StkCSrv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9429 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 iaStor (Intel AHCI Controller) - c:\windows\system32\drivers\iastor.sys (file missing)
R0 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (Dfs Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 SRTSPX - c:\windows\system32\drivers\srtspx64.sys (file missing)
R1 SYMTDI - c:\windows\system32\drivers\symtdi.sys (file missing)
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 ASMMAP64 - \??\c:\program files\atkgfnex\asmmap64.sys
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rimmptsk - c:\windows\system32\drivers\rimmpx64.sys (file missing)
R2 rimsptsk - c:\windows\system32\drivers\rimspx64.sys (file missing)
R2 rismxdp (Ricoh xD-Picture Card Driver) - c:\windows\system32\drivers\rixdpx64.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
R3 ATSWPDRV (AuthenTec TruePrint USB Driver (SwipeSensor)) - c:\windows\system32\drivers\atswpdrv.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 CmBatt (Microsoft ACPI Control Method Battery Driver) - c:\windows\system32\drivers\cmbatt.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkvhd64.sys (file missing)
R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 kbfiltr (Keyboard Filter) - c:\windows\system32\drivers\kbfiltr.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys (file missing)
R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 MTsensor (ATK0100 ACPI UTILITY) - c:\windows\system32\drivers\atk64amd.sys (file missing)
R3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 NETw4v64 (Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit) - c:\windows\system32\drivers\netw4v64.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing)
R3 ohci1394 (RICOH OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 sdbus - c:\windows\system32\drivers\sdbus.sys (file missing)
R3 smserial - c:\windows\system32\drivers\smserial.sys (file missing)
R3 SRTSP - c:\windows\system32\drivers\srtsp64.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 StillCam (Still Serial Digital Camera Driver) - c:\windows\system32\drivers\serscan.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 SYMDNS - c:\windows\system32\drivers\symdns.sys (file missing)
R3 SymEvent - c:\windows\system32\drivers\symevent64x86.sys (file missing)
R3 SYMFW - c:\windows\system32\drivers\symfw.sys (file missing)
R3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)
R3 SYMNDISV - c:\windows\system32\drivers\symndisv.sys (file missing)
R3 SYMREDRV - c:\windows\system32\drivers\symredrv.sys (file missing)
R3 SynTP (Synaptics TouchPad Driver) - c:\windows\system32\drivers\syntp.sys (file missing)
R3 TPM - c:\windows\system32\drivers\tpm.sys (file missing)
R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 AtcL001 (NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller) - c:\windows\system32\drivers\atl01v64.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 COH_Mon - c:\windows\system32\drivers\coh_mon.sys (file missing)
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel® PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\hdaudio.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
S3 Serial (Serial Port Driver) - c:\windows\system32\drivers\serial.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 SRTSPL - c:\windows\system32\drivers\srtspl64.sys (file missing)
S3 StkCMini (Syntek AVStream USB2.0 1.3M WebCam) - c:\windows\system32\drivers\stkcmini.sys (file missing)
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
S4 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
S4 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
S4 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ASLDRService (ASLDR Service) - c:\program files (x86)\atk hotkey\asldrsrv.exe
R2 ATKGFNEXSrv (ATKGFNEX Service) - c:\program files\atkgfnex\gfnexsrv.exe <Not Verified; ; GFNEXSrv>
R2 QBCFMonitorService - "c:\program files (x86)\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
R2 StkSSrv (Syntek AVStream USB2.0 WebCam Service) - c:\windows\system32\stkcsrv.exe (file missing)
R3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing)
R3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)

S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing)
S3 Fax - c:\windows\system32\fxssvc.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 NBService - c:\program files (x86)\nero\nero 7\nero backitup\nbservice.exe
S3 Netlogon - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files (x86)\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 stllssvr - c:\program files (x86)\common files\surething shared\stllssvr.exe
S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing)
S3 wbengine (Block Level Backup Engine Service) - "c:\windows\system32\wbengine.exe" (file missing)
S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB2.0 1.3M WebCam
Device ID: USB\VID_174F&PID_6A31\5&D625BC5&0&2
Manufacturer: D-MAX, (STK-1135)
Name: USB2.0 1.3M WebCam
PNP Device ID: USB\VID_174F&PID_6A31\5&D625BC5&0&2
Service: StkCMini

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_14E51043&REV_B0\4&AB9B49E&0&00E0
Manufacturer: Attansic
Name: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
PNP Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_14E51043&REV_B0\4&AB9B49E&0&00E0
Service: AtcL001

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description: Officejet 6300 series
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet 6300 series
PNP Device ID: ROOT\PRINTER\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-02-18 09:24:26 558 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Brian.job


-- Files created between 2008-01-22 and 2008-02-22 -----------------------------

2008-02-21 16:57:50 0 d-------- C:\Program Files (x86)\Trend Micro
2008-02-21 14:18:42 0 d-------- C:\Windows\SoftwareDistribution
2008-02-18 19:37:58 0 d-------- C:\Windows\nvtmpinst
2008-02-18 09:08:12 0 d-------- C:\Program Files (x86)\Norton Internet Security
2008-02-18 08:51:50 0 d-------- C:\Program Files (x86)\Symantec
2008-02-18 08:51:05 0 d-------- C:\Users\All Users\Symantec
2008-02-18 08:50:55 0 d-------- C:\Program Files (x86)\Common Files\Symantec Shared
2008-02-17 17:25:33 0 d-------- C:\Program Files (x86)\Microsoft ActiveSync
2008-02-17 17:25:07 0 d-------- C:\Windows\PCHEALTH
2008-02-17 17:25:07 0 d-------- C:\Program Files (x86)\Microsoft.NET
2008-02-17 17:23:02 0 dr-h----- C:\MSOCache
2008-02-17 17:00:03 0 d-------- C:\Program Files (x86)\Hewlett-Packard
2008-02-17 16:59:57 0 d-------- C:\Windows\system32\spool
2008-02-17 16:59:48 0 d-------- C:\Program Files (x86)\Common Files\HP
2008-02-17 16:54:35 148956 --a------ C:\Windows\hpoins19.dat
2008-02-17 16:54:21 26952 --a------ C:\Windows\hpomdl19.dat
2008-02-17 15:07:38 0 d-------- C:\NVIDIA
2008-02-17 15:07:03 0 d-------- C:\Windows\Options
2008-02-17 15:06:32 0 d-------- C:\Users\All Users\Atheros
2008-02-17 14:55:55 0 d-------- C:\Program Files (x86)\SINOSUN
2008-02-17 14:44:09 0 d-------- C:\Program Files (x86)\ASUS Security Center
2008-02-17 14:36:02 520192 -ra------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-02-17 00:47:20 0 d-------- C:\Windows\Sun
2008-02-16 20:04:37 0 d-------- C:\Program Files (x86)\Windows Live Safety Center
2008-02-15 20:08:14 0 d-------- C:\Program Files (x86)\Common Files\supportsoft
2008-02-15 20:05:03 1843200 --a------ C:\Windows\system32\acXMLParser.dll <Not Verified; Apache Software Foundation; Xerces-C Version 2.7.0>
2008-02-15 20:05:01 3518464 --a------ C:\Windows\system32\cdintf300.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-02-15 20:01:31 0 d-------- C:\Users\All Users\Intuit
2008-02-15 20:01:31 0 d-------- C:\Program Files (x86)\Intuit
2008-02-15 20:01:31 0 d-------- C:\Program Files (x86)\Common Files\Intuit
2008-02-15 19:59:58 0 d-------- C:\Users\All Users\COMMON FILES
2008-02-15 19:59:48 0 d-------- C:\Program Files (x86)\MSXML 4.0
2008-02-15 19:27:11 0 d-------- C:\Program Files (x86)\Akamai
2008-02-15 18:41:35 0 d-------- C:\Program Files (x86)\Java
2008-02-15 18:40:11 0 d-------- C:\Program Files (x86)\Common Files\Java
2008-02-15 18:38:47 0 d-------- C:\Users\All Users\Apple Computer
2008-02-15 18:38:47 0 d-------- C:\Program Files (x86)\QuickTime
2008-02-15 18:37:24 0 d-------- C:\Windows\system32\Macromed
2008-02-15 18:35:54 0 d-------- C:\Users\All Users\Adobe
2008-02-15 18:35:46 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-02-15 18:04:38 0 d-------- C:\Users\All Users\RoboForm
2008-02-15 18:04:14 0 d-------- C:\Program Files (x86)\Siber Systems
2008-02-15 17:44:05 0 d-------- C:\Program Files (x86)\MozBackup
2008-02-15 17:43:28 0 d-------- C:\Users\All Users\U3
2008-02-15 17:38:25 0 d-------- C:\Users\All Users\Elaborate Bytes
2008-02-15 17:11:56 0 d-------- C:\Users\All Users\SlySoft
2008-02-15 17:08:16 0 d-------- C:\Program Files (x86)\Elaborate Bytes
2008-02-15 17:07:32 0 d-------- C:\Program Files (x86)\SlySoft
2008-02-15 17:06:19 0 --a------ C:\Windows\nsreg.dat
2008-02-15 17:03:40 0 d-------- C:\Program Files (x86)\Mozilla Thunderbird
2008-02-15 16:25:47 0 d-------- C:\Users\All Users\Ahead
2008-02-15 16:25:01 0 d-------- C:\Users\All Users\Nero
2008-02-15 16:25:01 0 d-------- C:\Program Files (x86)\Nero
2008-02-15 16:25:01 0 d-------- C:\Program Files (x86)\Common Files\Ahead
2008-02-15 16:02:46 0 d-------- C:\Program Files (x86)\NoAdware5.0
2008-02-15 16:01:54 0 d-------- C:\Users\Brian\browser - logitech
2008-02-15 16:00:41 0 d-------- C:\Users\Brian\logitech
2008-02-15 15:59:35 0 d-------- C:\Program Files (x86)\Common Files\Remote Control Software Common
2008-02-15 15:59:27 0 d-------- C:\Program Files (x86)\Logitech
2008-02-15 15:58:06 0 d-------- C:\Program Files (x86)\Common Files\Remote Control USB Driver
2008-02-15 15:57:00 0 d-------- C:\Program Files (x86)\CCleaner
2008-02-15 15:48:51 0 d-------- C:\Windows\system32\Silabs
2008-02-15 15:48:50 0 d-------- C:\Program Files (x86)\Edge Products
2008-02-15 15:48:31 0 d-------- C:\EdgeProducts
2008-02-15 15:44:14 0 d-------- C:\Users\All Users\Stardock
2008-02-15 15:20:56 0 d-------- C:\Program Files (x86)\Stardock
2008-02-15 15:20:56 0 d-------- C:\Program Files (x86)\Common Files\Stardock
2008-02-15 15:16:04 0 d-------- C:\Program Files (x86)\Common Files\SureThing Shared
2008-02-15 15:15:54 0 d-------- C:\Program Files (x86)\SureThing CD Labeler 5
2008-02-15 15:13:13 0 d-------- C:\Windows\pss
2008-02-15 15:11:12 0 d-------- C:\Users\All Users\WEBREG
2008-02-15 15:09:09 0 d-------- C:\Program Files (x86)\Common Files\Hewlett-Packard
2008-02-15 15:01:00 0 d-------- C:\Program Files (x86)\HP
2008-02-15 14:55:59 0 d-------- C:\Users\All Users\HP
2008-02-15 14:38:12 0 d-------- C:\Users\All Users\LightScribe
2008-02-15 14:17:01 0 d-------- C:\Program Files (x86)\Common Files\LightScribe
2008-02-15 12:49:28 0 d-------- C:\Users\All Users\NVIDIA
2008-02-15 12:16:58 0 d-------- C:\Users\Default\Roaming
2008-02-15 12:16:58 0 d-------- C:\Users\Brian\Roaming
2008-02-15 12:16:58 0 d-------- C:\Users\All Users\Roaming
2008-02-15 12:16:37 0 d-------- C:\Users\All Users\Intel
2008-02-15 12:16:35 319488 --a------ C:\Windows\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-02-15 11:54:24 0 d-------- C:\Users\All Users\P4G
2008-02-15 11:40:15 0 d-------- C:\Windows\system32\Attansic
2008-02-15 11:39:58 0 d-------- C:\Program Files (x86)\Attansic
2008-02-15 11:31:34 0 d-------- C:\Intel
2008-02-15 11:30:39 0 d-------- C:\Program Files (x86)\Intel
2008-02-15 11:22:35 0 d---s---- C:\Windows\system32\Microsoft
2008-02-15 11:21:14 0 d-------- C:\Program Files (x86)\Fingerprint Sensor
2008-02-15 11:06:43 0 d-------- C:\Program Files (x86)\CSR
2008-02-15 11:05:45 0 d--hs---- C:\Windows\Installer
2008-02-15 11:03:22 0 d-------- C:\Windows\system32\RTCOM
2008-02-15 11:02:50 0 d-------- C:\Program Files (x86)\Realtek
2008-02-15 11:02:45 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-15 10:57:03 0 d-------- C:\Windows\SDTemp
2008-02-15 10:55:58 0 d-------- C:\Windows\Debug
2008-02-15 10:55:57 0 d-------- C:\Windows\CSC
2008-02-15 10:55:42 0 d-------- C:\Program Files (x86)\ATK Hotkey
2008-02-15 10:54:20 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-02-15 10:54:20 0 d-------- C:\Program Files (x86)\ASUS
2008-02-15 10:54:13 0 d-------- C:\Windows\Prefetch
2008-02-15 10:53:59 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2008-02-15 10:53:58 0 d--hs---- C:\System Volume Information
2008-02-15 10:53:23 0 d-------- C:\Windows\Panther
2008-02-15 10:53:08 0 d--hs---- C:\Boot
2008-02-15 10:03:42 0 dr------- C:\Users\Brian\Searches
2008-02-15 10:03:29 0 dr------- C:\Users\Brian\Contacts
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Templates
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Start Menu
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\SendTo
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Recent
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\PrintHood
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\NetHood
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\My Documents
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Local Settings
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Cookies
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Application Data
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Videos
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Saved Games
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Pictures
2008-02-15 10:03:16 1310720 --ahs---- C:\Users\Brian\ntuser.dat
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Music
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Links
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Favorites
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Downloads
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Documents
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Desktop
2008-02-15 10:03:16 0 d--h----- C:\Users\Brian\AppData


-- Find3M Report ---------------------------------------------------------------

2008-02-21 23:42:48 0 d-------- C:\Users\Brian\AppData\Roaming\U3
2008-02-19 13:26:22 13831 --a------ C:\Users\Brian\AppData\Roaming\nvModes.001
2008-02-19 12:10:47 0 d-------- C:\Users\Brian\AppData\Roaming\Ahead
2008-02-18 09:31:04 0 d-------- C:\Program Files (x86)\Common Files
2008-02-18 09:12:19 0 d-------- C:\Users\Brian\AppData\Roaming\Symantec
2008-02-17 17:08:28 174 --ahs---- C:\Program Files (x86)\desktop.ini
2008-02-17 15:26:10 0 d-------- C:\Users\Brian\AppData\Roaming\Thunderbird
2008-02-17 14:14:46 0 d-------- C:\Users\Brian\AppData\Roaming\SystemRequirementsLab
2008-02-16 01:14:46 13025 --a------ C:\Users\Brian\AppData\Roaming\nvModes.dat
2008-02-15 19:58:41 0 d-------- C:\Users\Brian\AppData\Roaming\Download Manager
2008-02-15 18:56:52 0 d-------- C:\Users\Brian\AppData\Roaming\Macromedia
2008-02-15 18:56:52 0 d-------- C:\Users\Brian\AppData\Roaming\Adobe
2008-02-15 17:46:04 0 d-------- C:\Users\Brian\AppData\Roaming\Mozilla
2008-02-15 17:06:26 0 d-------- C:\Users\Brian\AppData\Roaming\Talkback
2008-02-15 15:11:03 0 d-------- C:\Users\Brian\AppData\Roaming\HP
2008-02-15 13:39:48 0 d-------- C:\Program Files (x86)\Windows Mail
2008-02-15 13:39:40 0 d-------- C:\Program Files (x86)\Windows Calendar
2008-02-15 13:39:37 0 d-------- C:\Program Files (x86)\Windows Sidebar
2008-02-15 12:16:58 0 d-------- C:\Users\Brian\AppData\Roaming\Intel
2008-02-15 10:55:28 0 d-------- C:\Users\Brian\AppData\Roaming\InstallShield
2008-02-15 10:03:32 0 d-------- C:\Users\Brian\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-02-22 10:58:09 ------------
  • 0

Advertisements


#11
bcrab

bcrab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
This is the Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X64; Language: English

CPU 0: Intel® Core™2 Duo CPU T7300 @ 2.00GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 4094.44 MiB / 2836.93 MiB
Pagefile Memory (total/avail): 8342.69 MiB / 7104.4 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3947.73 MiB

C: is Fixed (NTFS) - 99.61 GiB total, 76.99 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9160821AS - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 99.61 GiB - C:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files (x86)\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files (x86)\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files (x86)\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files (x86)\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Brian\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=ASUS
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Brian
LOCALAPPDATA=C:\Users\Brian\AppData\Local
LOGONSERVER=\\ASUS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=EM64T Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Brian\AppData\Local\Temp
TMP=C:\Users\Brian\AppData\Local\Temp
USERDOMAIN=ASUS
USERNAME=Brian
USERPROFILE=C:\Users\Brian
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Brian (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
Adobe Flash Player Plugin --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AI RoboForm (All Users) --> "C:\Program Files (x86)\Siber Systems\AI RoboForm\rfwipeout.exe"
AnyDVD --> "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ATK Generic Function Service --> C:\Program Files (x86)\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
ATK Hotkey --> C:\Program Files (x86)\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
ATK Media --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATKOSD2 --> C:\Program Files (x86)\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Attansic Ethernet Utility --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\Windows\SysWOW64\Attansic\L1\atcInst.dll,VisUninst C:\Windows\SysWOW64\Attansic\L1 x64 pci\ven_1969&dev_1048
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{9BAF043B-82FC-43E2-96EA-5F68015F4FA2}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only) --> "C:\Program Files (x86)\CCleaner\uninst.exe"
CloneDVD2 --> "C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files (x86)\Elaborate Bytes\CloneDVD2"
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Fusion --> MsiExec.exe /I{1A6B3FC7-EB2E-4BC2-952B-8BF3D34B592B}
HijackThis 2.0.2 --> "C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LightScribe System Software 1.10.16.1 --> MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logitech Harmony Remote Software 7 --> C:\Program Files (x86)\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
LogonStudio Vista --> C:\PROGRA~2\Stardock\OBJECT~2\LOGONS~1\UNWISE.EXE C:\PROGRA~2\Stardock\OBJECT~2\LOGONS~1\INSTALL.LOG
Macromedia Flash Player 8 --> MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MozBackup 1.4.7 --> "C:\Program Files (x86)\MozBackup\unins000.exe"
Mozilla Firefox (2.0.0.12) --> C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7 --> MsiExec.exe /X{29CBFC23-05A7-4286-93B8-BABE29BC1033}
Nero 7 Ultra Edition --> MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NoAdware v5.0 --> "C:\Program Files (x86)\NoAdware5.0\unins000.exe"
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
ObjectDock --> C:\PROGRA~2\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~2\Stardock\OBJECT~1\INSTALL.LOG
QuickBooks Simple Start 2008 --> msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start 2008" ADDREMOVE=1
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Remote Control USB Driver --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) --> C:\Windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\EDGECOMM&10C4&EA60
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
SureThing CD Labeler Deluxe 5 --> "C:\Program Files (x86)\SureThing CD Labeler 5\unins000.exe"
U3Launcher --> MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
USB2.0 1.3M WebCam --> C:\Windows\StkUnist.exe
VistaFeaturePack --> C:\Program Files (x86)\InstallShield Installation Information\{973E2969-B314-4744-9812-AA095091598E}\setup.exe -runfromtemp -l0x0409
Windows Live OneCare safety scanner --> "C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\SETUP.EXE" -l0x9
WinRAR archiver --> C:\Program Files (x86)\WinRAR\uninstall.exe
WinZip --> "C:\Program Files (x86)\WinZip\WINZIP32.EXE" /uninstall
Wireless Console 2 --> C:\Program Files (x86)\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.EXE -runfromtemp -l0x0009 -removeonly


-- Application Event Log -------------------------------------------------------

Event Record #/Type6186 / Success
Event Submitted/Written: 02/22/2008 10:49:23 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type6185 / Success
Event Submitted/Written: 02/22/2008 10:49:22 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type6171 / Success
Event Submitted/Written: 02/22/2008 10:48:31 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type6155 / Success
Event Submitted/Written: 02/22/2008 10:47:41 AM
Event ID/Source: 903 / Software Licensing Service
Event Description:
The Software Licensing service has stopped.

Event Record #/Type6132 / Success
Event Submitted/Written: 02/22/2008 10:40:57 AM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35830 / Warning
Event Submitted/Written: 02/22/2008 10:47:42 AM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:


Event Record #/Type35829 / Warning
Event Submitted/Written: 02/22/2008 10:47:42 AM
Event ID/Source: 10002 / Microsoft-Windows-WLAN-AutoConfig
Event Description:
C:\Windows\System32\IWMSSvc.dll

Event Record #/Type35779 / Warning
Event Submitted/Written: 02/22/2008 10:44:13 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type35778 / Warning
Event Submitted/Written: 02/22/2008 10:44:13 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type35668 / Warning
Event Submitted/Written: 02/22/2008 09:54:15 AM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:




-- End of Deckard's System Scanner: finished at 2008-02-22 10:58:09 ------------
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot and post a new DSS log and tell me how your PC is running
  • 0

#13
bcrab

bcrab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Malwarebytes' Anti-Malware 1.05
Database version: 392

Scan type: Full Scan (C:\|)
Objects scanned: 109117
Time elapsed: 17 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DSS..

Deckard's System Scanner v20071014.68
Run by Brian on 2008-02-22 13:10:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:18 PM, on 2/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Brian\Downloads\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A2994A-F9A0-4A61-94C9-521044784BF5}: NameServer = 205.171.2.65,205.171.3.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0A2994A-F9A0-4A61-94C9-521044784BF5}: NameServer = 205.171.2.65,205.171.3.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0A2994A-F9A0-4A61-94C9-521044784BF5}: NameServer = 205.171.2.65,205.171.3.65
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Unknown owner - C:\Windows\System32\StkCSrv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9388 bytes

-- Files created between 2008-01-22 and 2008-02-22 -----------------------------

2008-02-22 11:29:03 0 d-------- C:\Users\All Users\Malwarebytes
2008-02-22 11:29:03 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-02-21 16:57:50 0 d-------- C:\Program Files (x86)\Trend Micro
2008-02-21 14:18:42 0 d-------- C:\Windows\SoftwareDistribution
2008-02-18 19:37:58 0 d-------- C:\Windows\nvtmpinst
2008-02-18 09:08:12 0 d-------- C:\Program Files (x86)\Norton Internet Security
2008-02-18 08:51:50 0 d-------- C:\Program Files (x86)\Symantec
2008-02-18 08:51:05 0 d-------- C:\Users\All Users\Symantec
2008-02-18 08:50:55 0 d-------- C:\Program Files (x86)\Common Files\Symantec Shared
2008-02-17 17:25:33 0 d-------- C:\Program Files (x86)\Microsoft ActiveSync
2008-02-17 17:25:07 0 d-------- C:\Windows\PCHEALTH
2008-02-17 17:25:07 0 d-------- C:\Program Files (x86)\Microsoft.NET
2008-02-17 17:23:02 0 dr-h----- C:\MSOCache
2008-02-17 17:00:03 0 d-------- C:\Program Files (x86)\Hewlett-Packard
2008-02-17 16:59:57 0 d-------- C:\Windows\system32\spool
2008-02-17 16:59:48 0 d-------- C:\Program Files (x86)\Common Files\HP
2008-02-17 16:54:35 148956 --a------ C:\Windows\hpoins19.dat
2008-02-17 16:54:21 26952 --a------ C:\Windows\hpomdl19.dat
2008-02-17 15:07:38 0 d-------- C:\NVIDIA
2008-02-17 15:07:03 0 d-------- C:\Windows\Options
2008-02-17 15:06:32 0 d-------- C:\Users\All Users\Atheros
2008-02-17 14:55:55 0 d-------- C:\Program Files (x86)\SINOSUN
2008-02-17 14:44:09 0 d-------- C:\Program Files (x86)\ASUS Security Center
2008-02-17 14:36:02 520192 -ra------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-02-17 00:47:20 0 d-------- C:\Windows\Sun
2008-02-16 20:04:37 0 d-------- C:\Program Files (x86)\Windows Live Safety Center
2008-02-15 20:08:14 0 d-------- C:\Program Files (x86)\Common Files\supportsoft
2008-02-15 20:05:03 1843200 --a------ C:\Windows\system32\acXMLParser.dll <Not Verified; Apache Software Foundation; Xerces-C Version 2.7.0>
2008-02-15 20:05:01 3518464 --a------ C:\Windows\system32\cdintf300.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-02-15 20:01:31 0 d-------- C:\Users\All Users\Intuit
2008-02-15 20:01:31 0 d-------- C:\Program Files (x86)\Intuit
2008-02-15 20:01:31 0 d-------- C:\Program Files (x86)\Common Files\Intuit
2008-02-15 19:59:58 0 d-------- C:\Users\All Users\COMMON FILES
2008-02-15 19:59:48 0 d-------- C:\Program Files (x86)\MSXML 4.0
2008-02-15 19:27:11 0 d-------- C:\Program Files (x86)\Akamai
2008-02-15 18:41:35 0 d-------- C:\Program Files (x86)\Java
2008-02-15 18:40:11 0 d-------- C:\Program Files (x86)\Common Files\Java
2008-02-15 18:38:47 0 d-------- C:\Users\All Users\Apple Computer
2008-02-15 18:38:47 0 d-------- C:\Program Files (x86)\QuickTime
2008-02-15 18:37:24 0 d-------- C:\Windows\system32\Macromed
2008-02-15 18:35:54 0 d-------- C:\Users\All Users\Adobe
2008-02-15 18:35:46 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-02-15 18:04:38 0 d-------- C:\Users\All Users\RoboForm
2008-02-15 18:04:14 0 d-------- C:\Program Files (x86)\Siber Systems
2008-02-15 17:44:05 0 d-------- C:\Program Files (x86)\MozBackup
2008-02-15 17:43:28 0 d-------- C:\Users\All Users\U3
2008-02-15 17:38:25 0 d-------- C:\Users\All Users\Elaborate Bytes
2008-02-15 17:11:56 0 d-------- C:\Users\All Users\SlySoft
2008-02-15 17:08:16 0 d-------- C:\Program Files (x86)\Elaborate Bytes
2008-02-15 17:07:32 0 d-------- C:\Program Files (x86)\SlySoft
2008-02-15 17:06:19 0 --a------ C:\Windows\nsreg.dat
2008-02-15 17:03:40 0 d-------- C:\Program Files (x86)\Mozilla Thunderbird
2008-02-15 16:25:47 0 d-------- C:\Users\All Users\Ahead
2008-02-15 16:25:01 0 d-------- C:\Users\All Users\Nero
2008-02-15 16:25:01 0 d-------- C:\Program Files (x86)\Nero
2008-02-15 16:25:01 0 d-------- C:\Program Files (x86)\Common Files\Ahead
2008-02-15 16:02:46 0 d-------- C:\Program Files (x86)\NoAdware5.0
2008-02-15 16:01:54 0 d-------- C:\Users\Brian\browser - logitech
2008-02-15 16:00:41 0 d-------- C:\Users\Brian\logitech
2008-02-15 15:59:35 0 d-------- C:\Program Files (x86)\Common Files\Remote Control Software Common
2008-02-15 15:59:27 0 d-------- C:\Program Files (x86)\Logitech
2008-02-15 15:58:06 0 d-------- C:\Program Files (x86)\Common Files\Remote Control USB Driver
2008-02-15 15:57:00 0 d-------- C:\Program Files (x86)\CCleaner
2008-02-15 15:48:51 0 d-------- C:\Windows\system32\Silabs
2008-02-15 15:48:50 0 d-------- C:\Program Files (x86)\Edge Products
2008-02-15 15:48:31 0 d-------- C:\EdgeProducts
2008-02-15 15:44:14 0 d-------- C:\Users\All Users\Stardock
2008-02-15 15:20:56 0 d-------- C:\Program Files (x86)\Stardock
2008-02-15 15:20:56 0 d-------- C:\Program Files (x86)\Common Files\Stardock
2008-02-15 15:16:04 0 d-------- C:\Program Files (x86)\Common Files\SureThing Shared
2008-02-15 15:15:54 0 d-------- C:\Program Files (x86)\SureThing CD Labeler 5
2008-02-15 15:13:13 0 d-------- C:\Windows\pss
2008-02-15 15:11:12 0 d-------- C:\Users\All Users\WEBREG
2008-02-15 15:09:09 0 d-------- C:\Program Files (x86)\Common Files\Hewlett-Packard
2008-02-15 15:01:00 0 d-------- C:\Program Files (x86)\HP
2008-02-15 14:55:59 0 d-------- C:\Users\All Users\HP
2008-02-15 14:38:12 0 d-------- C:\Users\All Users\LightScribe
2008-02-15 14:17:01 0 d-------- C:\Program Files (x86)\Common Files\LightScribe
2008-02-15 12:49:28 0 d-------- C:\Users\All Users\NVIDIA
2008-02-15 12:16:58 0 d-------- C:\Users\Default\Roaming
2008-02-15 12:16:58 0 d-------- C:\Users\Brian\Roaming
2008-02-15 12:16:58 0 d-------- C:\Users\All Users\Roaming
2008-02-15 12:16:37 0 d-------- C:\Users\All Users\Intel
2008-02-15 12:16:35 319488 --a------ C:\Windows\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-02-15 11:54:24 0 d-------- C:\Users\All Users\P4G
2008-02-15 11:40:15 0 d-------- C:\Windows\system32\Attansic
2008-02-15 11:39:58 0 d-------- C:\Program Files (x86)\Attansic
2008-02-15 11:31:34 0 d-------- C:\Intel
2008-02-15 11:30:39 0 d-------- C:\Program Files (x86)\Intel
2008-02-15 11:22:35 0 d---s---- C:\Windows\system32\Microsoft
2008-02-15 11:21:14 0 d-------- C:\Program Files (x86)\Fingerprint Sensor
2008-02-15 11:06:43 0 d-------- C:\Program Files (x86)\CSR
2008-02-15 11:05:45 0 d--hs---- C:\Windows\Installer
2008-02-15 11:03:22 0 d-------- C:\Windows\system32\RTCOM
2008-02-15 11:02:50 0 d-------- C:\Program Files (x86)\Realtek
2008-02-15 11:02:45 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-15 10:57:03 0 d-------- C:\Windows\SDTemp
2008-02-15 10:55:58 0 d-------- C:\Windows\Debug
2008-02-15 10:55:57 0 d-------- C:\Windows\CSC
2008-02-15 10:55:42 0 d-------- C:\Program Files (x86)\ATK Hotkey
2008-02-15 10:54:20 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-02-15 10:54:20 0 d-------- C:\Program Files (x86)\ASUS
2008-02-15 10:54:13 0 d-------- C:\Windows\Prefetch
2008-02-15 10:53:59 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2008-02-15 10:53:58 0 d--hs---- C:\System Volume Information
2008-02-15 10:53:23 0 d-------- C:\Windows\Panther
2008-02-15 10:53:08 0 d--hs---- C:\Boot
2008-02-15 10:03:42 0 dr------- C:\Users\Brian\Searches
2008-02-15 10:03:29 0 dr------- C:\Users\Brian\Contacts
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Templates
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Start Menu
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\SendTo
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Recent
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\PrintHood
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\NetHood
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\My Documents
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Local Settings
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Cookies
2008-02-15 10:03:18 0 d--hs---- C:\Users\Brian\Application Data
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Videos
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Saved Games
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Pictures
2008-02-15 10:03:16 1310720 --ahs---- C:\Users\Brian\ntuser.dat
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Music
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Links
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Favorites
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Downloads
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Documents
2008-02-15 10:03:16 0 dr------- C:\Users\Brian\Desktop
2008-02-15 10:03:16 0 d--h----- C:\Users\Brian\AppData


-- Find3M Report ---------------------------------------------------------------

2008-02-22 12:55:32 0 d-------- C:\Program Files (x86)\Common Files
2008-02-22 11:29:08 0 d-------- C:\Users\Brian\AppData\Roaming\Malwarebytes
2008-02-21 23:42:48 0 d-------- C:\Users\Brian\AppData\Roaming\U3
2008-02-19 13:26:22 13831 --a------ C:\Users\Brian\AppData\Roaming\nvModes.001
2008-02-19 12:10:47 0 d-------- C:\Users\Brian\AppData\Roaming\Ahead
2008-02-18 09:12:19 0 d-------- C:\Users\Brian\AppData\Roaming\Symantec
2008-02-17 17:08:28 174 --ahs---- C:\Program Files (x86)\desktop.ini
2008-02-17 15:26:10 0 d-------- C:\Users\Brian\AppData\Roaming\Thunderbird
2008-02-17 14:14:46 0 d-------- C:\Users\Brian\AppData\Roaming\SystemRequirementsLab
2008-02-16 01:14:46 13025 --a------ C:\Users\Brian\AppData\Roaming\nvModes.dat
2008-02-15 19:58:41 0 d-------- C:\Users\Brian\AppData\Roaming\Download Manager
2008-02-15 18:56:52 0 d-------- C:\Users\Brian\AppData\Roaming\Macromedia
2008-02-15 18:56:52 0 d-------- C:\Users\Brian\AppData\Roaming\Adobe
2008-02-15 17:46:04 0 d-------- C:\Users\Brian\AppData\Roaming\Mozilla
2008-02-15 17:06:26 0 d-------- C:\Users\Brian\AppData\Roaming\Talkback
2008-02-15 15:11:03 0 d-------- C:\Users\Brian\AppData\Roaming\HP
2008-02-15 13:39:48 0 d-------- C:\Program Files (x86)\Windows Mail
2008-02-15 13:39:40 0 d-------- C:\Program Files (x86)\Windows Calendar
2008-02-15 13:39:37 0 d-------- C:\Program Files (x86)\Windows Sidebar
2008-02-15 12:16:58 0 d-------- C:\Users\Brian\AppData\Roaming\Intel
2008-02-15 10:55:28 0 d-------- C:\Users\Brian\AppData\Roaming\InstallShield
2008-02-15 10:03:32 0 d-------- C:\Users\Brian\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-02-22 13:10:32 ------------

It seems to be running fine. The only thing I've noticed is this added a "Programs" file the in the start button in "All Programs". Which is a list of the same programs in both. But I can live with it as long as the other stuff is gone. THANKS for your help.
  • 0

#14
bcrab

bcrab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Any suggestions on a better internet security programs?
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

You can delete the tools that we used


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP