Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Metajuan and probably more [RESOLVED]


  • This topic is locked This topic is locked

#1
scarp8

scarp8

    Member

  • Member
  • PipPip
  • 11 posts
Hello Geekstogo,
The other day I let my Norton expire... then visited a website that really screwed up my computer. I'm getting popups and the computer is running really slow. I did everything on the "You Must" list and still have problems. I hope one of you guys can help me out. :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:43 AM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Web Buying\v1.8.8\webbuying.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {ee0d5d21-c96e-e989-c4e4-be05a62f7431} - {1347f26a-50eb-4e4c-989e-e69c12d5d0ee} - C:\WINDOWS\system32\mgaxhudd.dll (file missing)
O2 - BHO: (no name) - {1DC893B6-66DF-4D6A-8E32-12BBD30F2275} - C:\Program Files\ComPlus Applications\meroxef83122.dll (file missing)
O2 - BHO: (no name) - {381ED3A7-6B66-41FD-9454-7B0EBE9A8707} - C:\Program Files\ComPlus Applications\meroxef4444.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {626FAA65-93DA-42AD-A126-436ACF588879} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {6C649CB3-5306-2ED9-5166-5F00B7CD81BA} - C:\WINDOWS\system32\nvgnezgj.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8943715f-ffb1-493c-a034-45dc427db685} - C:\WINDOWS\system32\gsqsmlw.dll
O2 - BHO: 0 - {9A6BCADB-B633-41C0-C490-4F73ED345E01} - C:\Program Files\Windows NT\qudarugoz181.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hfvaulyi.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\SYSTEM32\TwcToolbarBho.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\awtqpmj.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\SYSTEM32\TwcToolbarIe7.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\Dave\APPLIC~1\MBOLS~1\spool32.exe" -vt ndrv
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.8\webbuying.exe
O4 - HKCU\..\Run: [Nzh] "C:\Program Files\Common Files\??mantec\r?ndll.exe"
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera.buffal...activex/AMC.cab
O16 - DPF: {EBD11638-B18C-4700-B11C-6CDF6F770B20} (FrameFree Web Player-0) - http://download.fram...x_v3-3-18-2.cab
O19 - User stylesheet: G:\FILMBURN\userContent.css (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtqpmj - awtqpmj.dll (file missing)
O20 - Winlogon Notify: hfvaulyi - C:\WINDOWS\SYSTEM32\hfvaulyi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rtemegozax.html

--
End of file - 20107 bytes

Thanks for your time,
Dave
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply.
  • 0

#3
scarp8

scarp8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the quick response Rorschach. Here's my report:

[code=auto:0]WinPFind35 logfile created on: 2/22/2008 10:47:10 AM
WinPFind35U Version 1.0.0.1 Folder = C:\Documents and Settings\Dave\Desktop\WinPFind35U\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 444.94 Mb Available Physical Memory | 43.49% Memory free
2.41 Gb Paging File | 1.81 Gb Available in Paging File | 75.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 6.63 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 114.49 Gb Total Space | 4.74 Gb Free Space | 4.14% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SILVERNELL
Current User Name: Dave
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.0.8.2 | Size = 235168 bytes | Modified Date = 6/14/2006 1:48:42 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 181608 bytes | Modified Date = 1/17/2008 11:42:04 AM | Attr = ]
issvc.exe -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.0.5.14 | Size = 83584 bytes | Modified Date = 4/18/2005 7:49:24 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 11:24:03 AM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 197992 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ]
adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [Ver = 2.51.000 | Size = 68608 bytes | Modified Date = 3/31/2005 10:36:23 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
cdantsrv.exe -> %SystemRoot%\SYSTEM32\DRIVERS\CDANTSRV.EXE -> C-Dilla Ltd [Ver = 3.27.000 | Size = 46080 bytes | Modified Date = 1/7/2003 5:28:44 PM | Attr = ]
ctsvccda.exe -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 PM | Attr = ]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (D) | Size = 1433616 bytes | Modified Date = 6/16/2004 12:07:54 PM | Attr = ]
dcpflics.exe -> %ProgramFiles%\DCPFLICS\DCPFLICS.exe -> [Ver = | Size = 139266 bytes | Modified Date = 9/29/2003 12:21:26 PM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/22/2006 2:53:00 PM | Attr = ]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 1:48:34 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 10/24/2004 5:08:48 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr = ]
wusb54gc.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe -> Linksys [Ver = 1.1.0.2 | Size = 5527040 bytes | Modified Date = 8/28/2006 11:23:44 AM | Attr = ]
asfagent.exe -> %ProgramFiles%\intel\ASF Agent\ASFAgent.exe -> Intel Corporation [Ver = 3.1 | Size = 221184 bytes | Modified Date = 8/7/2002 6:34:26 AM | Attr = ]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 6:22:50 PM | Attr = ]
mxoaldr.exe -> %SystemRoot%\MXOALDR.EXE -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 10/10/2003 10:23:48 AM | Attr = ]
lvcomsx.exe -> %SystemRoot%\SYSTEM32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 4:32:18 PM | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 2:14:44 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 58728 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ]
trayicon.exe -> %ProgramFiles%\AGEIA Technologies\TrayIcon.exe -> [Ver = | Size = 331776 bytes | Modified Date = 3/20/2006 2:43:16 PM | Attr = ]
directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 1:28:00 PM | Attr = ]
onetouch.exe -> %ProgramFiles%\Maxtor\OneTouch\Utils\OneTouch.exe -> Maxtor Corporation [Ver = 3, 0, 0, 0 | Size = 823296 bytes | Modified Date = 8/31/2004 8:23:42 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ]
bagent.exe -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 10/30/2006 6:39:16 AM | Attr = ]
ctsyncu.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> [Ver = 6.1.5.0 | Size = 700416 bytes | Modified Date = 6/12/2006 2:32:26 PM | Attr = ]
robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\robotaskbaricon.exe -> Siber Systems [Ver = 6-9-87 | Size = 160592 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ]
webbuying.exe -> %ProgramFiles%\Web Buying\v1.8.8\webbuying.exe -> [Ver = | Size = 245760 bytes | Modified Date = 2/5/2008 12:58:42 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 0, 720, 3640 | Size = 155896 bytes | Modified Date = 9/21/2006 2:38:56 PM | Attr = ]
steam.exe -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 2/6/2008 8:38:57 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Modified Date = 6/8/2005 1:44:56 PM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35U\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr = ]
aupdate.exe -> %ProgramFiles%\Symantec\LiveUpdate\AUPDATE.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 149184 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 104128 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 104128 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 104128 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 8/11/2006 9:32:16 AM | Attr = ]
(ASFAgent) ASF Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\intel\ASF Agent\ASFAgent.exe -> Intel Corporation [Ver = 3.1 | Size = 221184 bytes | Modified Date = 8/7/2002 6:34:26 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 6/10/2004 8:10:00 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [Ver = 2.51.000 | Size = 68608 bytes | Modified Date = 3/31/2005 10:36:23 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(C-DillaSrv) C-DillaSrv [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CDANTSRV.EXE -> C-Dilla Ltd [Ver = 3.27.000 | Size = 46080 bytes | Modified Date = 1/7/2003 5:28:44 PM | Attr = ]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 6:22:50 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 197992 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.0.8.2 | Size = 235168 bytes | Modified Date = 6/14/2006 1:48:42 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 79208 bytes | Modified Date = 1/17/2008 11:42:04 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 181608 bytes | Modified Date = 1/17/2008 11:42:04 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 PM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (D) | Size = 1433616 bytes | Modified Date = 6/16/2004 12:07:54 PM | Attr = ]
(DCPFLICS) DCPFLICS [Win32_Own | Auto | Running] -> %ProgramFiles%\DCPFLICS\DCPFLICS.exe -> [Ver = | Size = 139266 bytes | Modified Date = 9/29/2003 12:21:26 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
(ISSVC) ISSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.0.5.14 | Size = 83584 bytes | Modified Date = 4/18/2005 7:49:24 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ]
(NMSSvc) Intel(R) NMS [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\NMSSvc.Exe -> Intel Corporation [Ver = 2.2.11.798 | Size = 1118208 bytes | Modified Date = 7/30/2002 5:15:24 PM | Attr = ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 3/7/2005 2:59:36 PM | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 67184 bytes | Modified Date = 10/19/2005 12:55:00 PM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 11:24:03 AM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 10/24/2004 5:08:48 PM | Attr = ]
(WUSB54GCSVC) WUSB54GCSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 2:15:00 PM | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 11/13/2007 6:41:32 PM | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6476 | Size = 787456 bytes | Modified Date = 8/25/2004 10:28:46 AM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
(C-Dilla) C-Dilla [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CDANT.SYS -> Macrovision [Ver = 3.27.000 | Size = 58160 bytes | Modified Date = 1/7/2003 5:28:44 PM | Attr = ]
(CamDrL) Logitech QuickCam Pro 3000(CamDrl) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\Camdrl.sys -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 326656 bytes | Modified Date = 10/8/2004 10:59:12 AM | Attr = ]
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Modified Date = 10/3/2006 12:21:46 PM | Attr = ]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Modified Date = 10/3/2006 12:21:46 PM | Attr = ]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdudf_xp.sys -> Roxio [Ver = 5.3.4.21 built by: WinDDK | Size = 241152 bytes | Modified Date = 12/17/2002 1:27:32 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr = ]
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CVirtA.sys -> Cisco Systems, Inc. [Ver = 4.0.0.106 | Size = 5220 bytes | Modified Date = 5/1/2003 12:26:34 PM | Attr = ]
(CVPNDRVA) Cisco Systems IPsec Driver [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CVPNDRVA.sys -> Cisco Systems, Inc. [Ver = 4.0.4 (D) | Size = 268872 bytes | Modified Date = 6/16/2004 12:07:00 PM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\dne2000.sys -> Deterministic Networks, Inc. [Ver = 2.21.7.233 | Size = 139604 bytes | Modified Date = 7/24/2003 5:55:50 PM | Attr = ]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\Dvd_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 25898 bytes | Modified Date = 1/16/2004 3:48:15 PM | Attr = ]
(E1000) Intel(R) PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\e1000325.sys -> Intel Corporation [Ver = 6.2.21.19 built by: WinDDK | Size = 99840 bytes | Modified Date = 11/12/2002 11:02:20 AM | Attr = ]
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 1:11:06 PM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr = ]
(hidparsee) hidparsee [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\hidparsee.sys -> [Ver = | Size = 86016 bytes | Modified Date = 2/5/2008 12:58:45 PM | Attr = ]
(i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Modified Date = 8/4/2004 12:29:36 AM | Attr = ]
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Modified Date = 8/4/2004 12:29:37 AM | Attr = ]
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Modified Date = 8/4/2004 12:29:37 AM | Attr = ]
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Modified Date = 8/4/2004 12:29:37 AM | Attr = ]
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Modified Date = 8/4/2004 12:29:47 AM | Attr = ]
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Modified Date = 8/4/2004 12:29:49 AM | Attr = ]
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Modified Date = 8/4/2004 12:29:41 AM | Attr = ]
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Modified Date = 8/4/2004 12:29:42 AM | Attr = ]
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Modified Date = 8/4/2004 12:29:43 AM | Attr = ]
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Modified Date = 8/4/2004 12:29:45 AM | Attr = ]
(ikhlayer) Kernel Anti-Spyware Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 5, 0, 2 | Size = 50048 bytes | Modified Date = 12/13/2005 3:18:50 PM | Attr = ]
(Imagedrv) Imagedrv [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\imagedrv.sys -> ahead software gmbh and its licensors [Ver = 2.16.0.0 | Size = 74528 bytes | Modified Date = 4/6/2005 6:16:02 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\LVUSBSta.sys -> Logitech Inc. [Ver = 8.4.7.1032 | Size = 22016 bytes | Modified Date = 5/27/2005 8:31:28 AM | Attr = ]
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\Mmc_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 30630 bytes | Modified Date = 1/16/2004 3:48:15 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr = ]
(MXOFX) USB Storage Adapter FX (MXO) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MXOFX.SYS -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 32640 bytes | Modified Date = 10/10/2003 10:23:48 AM | Attr = ]
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\mxopswd.sys -> Maxtor Corp. [Ver = 1,0,3,0 | Size = 14592 bytes | Modified Date = 8/9/2004 4:49:40 PM | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080220.003\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 82256 bytes | Modified Date = 2/20/2008 4:00:00 AM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080220.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 895376 bytes | Modified Date = 2/20/2008 4:00:00 AM | Attr = ]
(NetAlrt) NetAlrt [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\Netalrt.sys -> Intel Corporation [Ver = 3.0 | Size = 39680 bytes | Modified Date = 5/7/2002 5:05:56 PM | Attr = ]
(NMSCFG) NIC Management Service Configuration Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NMSCFG.SYS -> Intel Corporation [Ver = 2.1.3.0 | Size = 9868 bytes | Modified Date = 7/30/2002 5:15:40 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:54 AM | Attr = ]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 2:45:06 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\CamDrL21.sys -> File not found
(PlatAlrt) PlatAlrt [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\platalrt.sys -> Intel Corporation [Ver = 3.0 | Size = 23744 bytes | Modified Date = 5/7/2002 5:06:36 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pwd_2K.sys -> Roxio [Ver = 5.3.4.59 | Size = 143834 bytes | Modified Date = 1/16/2004 3:48:15 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 10/3/2006 12:21:48 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr = ]
(RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.02.0000 | Size = 245248 bytes | Modified Date = 11/24/2005 7:51:38 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
(SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 338056 bytes | Modified Date = 3/7/2005 2:59:44 PM | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 50312 bytes | Modified Date = 3/7/2005 2:59:50 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sfdrv01.sys -> Protection Technology [Ver = 1.32 | Size = 48640 bytes | Modified Date = 3/3/2005 12:53:57 PM | Attr = ]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sfhlp02.sys -> Protection Technology [Ver = 2.2 | Size = 6656 bytes | Modified Date = 2/23/2005 10:59:54 AM | Attr = ]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 12/3/2004 5:20:41 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3538 | Size = 539008 bytes | Modified Date = 12/19/2002 6:48:48 PM | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 12:56:16 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,0,1,47 | Size = 341096 bytes | Modified Date = 7/21/2004 11:24:02 AM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr = ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symdns.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 11480 bytes | Modified Date = 3/28/2007 6:41:12 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Modified Date = 9/15/2006 10:52:12 PM | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symfw.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 171928 bytes | Modified Date = 3/28/2007 6:41:14 PM | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symids.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 37016 bytes | Modified Date = 3/28/2007 6:41:20 PM | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20080221.003\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 2/13/2008 11:18:19 AM | Attr = ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symlcbrd.sys -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 4608 bytes | Modified Date = 10/24/2004 5:08:49 PM | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symndis.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 47192 bytes | Modified Date = 3/28/2007 6:41:18 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symredrv.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 18904 bytes | Modified Date = 3/28/2007 6:41:24 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symtdi.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 266552 bytes | Modified Date = 3/28/2007 6:41:26 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr = ]
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\udfreadr_xp.sys -> Roxio [Ver = 5.3.4.60 built by: WinDDK | Size = 206464 bytes | Modified Date = 1/16/2004 3:48:15 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr = ]
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\vsdatant.sys -> Zone Labs Inc. [Ver = 4.0.146.033 | Size = 189792 bytes | Modified Date = 8/28/2003 8:40:26 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(ZSMC301b) VIMICRO USB PC Camera [Kernel | On_Demand | Stopped] -> System32\Drivers\usbVM31b.sys -> File not found
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 10:15:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 1:48:34 PM | Attr = ]
AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 1:28:00 PM | Attr = ]
AGEIA PhysX SysTray -> %ProgramFiles%\AGEIA Technologies\TrayIcon.exe -> [Ver = | Size = 331776 bytes | Modified Date = 3/20/2006 2:43:16 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5120 | Size = 339968 bytes | Modified Date = 8/25/2004 12:52:00 PM | Attr = ]
BigDogPath -> %SystemRoot%\VM_STI.EXE -> File not found
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 58728 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 6/8/2005 2:24:32 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 2:14:44 PM | Attr = ]
LVCOMSX -> %SystemRoot%\SYSTEM32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 4:32:18 PM | Attr = ]
MaxtorOneTouch -> %ProgramFiles%\Maxtor\OneTouch\Utils\OneTouch.exe -> Maxtor Corporation [Ver = 3, 0, 0, 0 | Size = 823296 bytes | Modified Date = 8/31/2004 8:23:42 AM | Attr = ]
MXOBG -> %SystemRoot%\MXOALDR.EXE -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 10/10/2003 10:23:48 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/22/2006 2:53:00 PM | Attr = ]
RetroExpress -> %SystemDrive%\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe -> File not found
SAClient -> %ProgramFiles%\Insight\BBClient\Programs\RegCon.exe -> AT&T [Ver = 5.6.1.0102 | Size = 299008 bytes | Modified Date = 6/1/2004 11:55:28 AM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 100056 bytes | Modified Date = 2/5/2008 1:44:44 PM | Attr = ]
ymetray -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> [Ver = 6.1.5.0 | Size = 700416 bytes | Modified Date = 6/12/2006 2:32:26 PM | Attr = ]
Drmupgds -> %ProgramFiles%\Drmupgds\Drmupgds.exe -> File not found
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe -> File not found
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 1:44:14 PM | Attr = ]
Ncao -> %SystemDrive%\DOCUME~1\Dave\APPLIC~1\MBOLS~1\spool32.exe -> File not found
Nzh -> %CommonProgramFiles%\Ѕуmantec\rυndll.exe -> File not found
QuickenScheduledUpdates -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 10/30/2006 6:39:16 AM | Attr = ]
RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\robotaskbaricon.exe -> Siber Systems [Ver = 6-9-87 | Size = 160592 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> File not found
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ]
Steam -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 2/6/2008 8:38:57 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 0, 720, 3640 | Size = 155896 bytes | Modified Date = 9/21/2006 2:38:56 PM | Attr = ]
WebBuying -> %ProgramFiles%\Web Buying\v1.8.8\webbuying.exe -> [Ver = | Size = 245760 bytes | Modified Date = 2/5/2008 12:58:42 PM | Attr = ]
Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -> File not found
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ]
< Run [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> [Ver = 6.1.5.0 | Size = 700416 bytes | Modified Date = 6/12/2006 2:32:26 PM | Attr = ]
Drmupgds -> %ProgramFiles%\Drmupgds\Drmupgds.exe -> File not found
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe -> File not found
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 1:44:14 PM | Attr = ]
Ncao -> %SystemDrive%\DOCUME~1\Dave\APPLIC~1\MBOLS~1\spool32.exe -> File not found
Nzh -> %CommonProgramFiles%\Ѕуmantec\rυndll.exe -> File not found
QuickenScheduledUpdates -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 10/30/2006 6:39:16 AM | Attr = ]
RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\robotaskbaricon.exe -> Siber Systems [Ver = 6-9-87 | Size = 160592 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> File not found
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ]
Steam -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 2/6/2008 8:38:57 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 0, 720, 3640 | Size = 155896 bytes | Modified Date = 9/21/2006 2:38:56 PM | Attr = ]
WebBuying -> %ProgramFiles%\Web Buying\v1.8.8\webbuying.exe -> [Ver = | Size = 245760 bytes | Modified Date = 2/5/2008 12:58:42 PM | Attr = ]
Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk -> %ProgramFiles%\Cisco Systems\VPN Client\vpngui.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (D) | Size = 1466384 bytes | Modified Date = 6/16/2004 12:08:02 PM | Attr = ]
< Ava Startup Folder > -> C:\Documents and Settings\Ava\Start Menu\Programs\Startup ->
< Dave Startup Folder > -> C:\Documents and Settings\Dave\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Jessica Startup Folder > -> C:\Documents and Settings\Jessica\Start Menu\Programs\Startu
  • 0

#4
scarp8

scarp8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hmm... doesn't look like all of it got posted. I'll attach the file.
-Dave

Attached Files


  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> RetroExpress -> %SystemDrive%\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Ncao -> %SystemDrive%\DOCUME~1\Dave\APPLIC~1\MBOLS~1\spool32.exe
YY -> Nzh -> %CommonProgramFiles%\Ѕуmantec\rυndll.exe
YY -> Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
< Run [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Ncao -> %SystemDrive%\DOCUME~1\Dave\APPLIC~1\MBOLS~1\spool32.exe
YY -> Nzh -> %CommonProgramFiles%\Ѕуmantec\rυndll.exe
YY -> Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> awtqpmj -> awtqpmj.dll
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> avsystemcare.com .[*] -> Trusted sites
YN -> gomyhit.com .[*] -> Trusted sites
YN -> imageservr.com .[*] -> Trusted sites
YN -> safetydownload.com .[*] -> Trusted sites
YN -> storageguardsoft.com .[*] -> Trusted sites
YN -> virusschlacht.com .[*] -> Trusted sites
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> avsystemcare.com .[*] -> Trusted sites
YN -> gomyhit.com .[*] -> Trusted sites
YN -> imageservr.com .[*] -> Trusted sites
YN -> onerateld.com .[*] -> Trusted sites
YN -> safetydownload.com .[*] -> Trusted sites
YN -> storageguardsoft.com .[*] -> Trusted sites
YN -> trustedantivirus.com .[*] -> Trusted sites
YN -> virusschlacht.com .[*] -> Trusted sites
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> avsystemcare.com .[*] -> Trusted sites
YN -> gomyhit.com .[*] -> Trusted sites
YN -> imageservr.com .[*] -> Trusted sites
YN -> onerateld.com .[*] -> Trusted sites
YN -> safetydownload.com .[*] -> Trusted sites
YN -> storageguardsoft.com .[*] -> Trusted sites
YN -> trustedantivirus.com .[*] -> Trusted sites
YN -> virusschlacht.com .[*] -> Trusted sites
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {626FAA65-93DA-42AD-A126-436ACF588879} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {2E5E800E-6AC0-411E-940A-369530A35E43}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [The Weather Channel]
YN -> {320AF880-6646-11D3-ABEE-C5DBF3571F46}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Fill Forms]
YN -> {320AF880-6646-11D3-ABEE-C5DBF3571F49}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Save]
YN -> {724d43aa-0d85-11d4-9908-00400523e39a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [RoboForm]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YY -> Customize Menu ->
YY -> Fill Forms ->
YY -> RoboForm Toolbar ->
YY -> Save Forms ->
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\Software\Microsoft\Internet Explorer\MenuExt\
YY -> Customize Menu ->
YY -> Fill Forms ->
YY -> RoboForm Toolbar ->
YY -> Save Forms ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {DC1C6C1D-269B-45A4-A1E3-E231AC18680A} -> ()
YN -> {E5B34049-807E-487D-9E14-42FA44D63801} -> (Intel® PRO/1000 MTW Network Connection)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class]
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.micr...heckControl.cab[Windows Genuine Advantage Validation Tool]
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.4.2]
YN -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.4.2]
YN -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.m...ash/swflash.cab[Shockwave Flash Object]
[Files/Folders - Created Within 90 days]
YY -> 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Created - Additional Folder Scans - Non-Microsoft Only]
YY -> 4000 C:\Documents and Settings\Dave\My Documents\*.tmp files -> C:\Documents and Settings\Dave\My Documents\*.tmp
[Files/Folders - Modified Within 30 days]
YY -> 5557 C:\*.tmp files -> C:\*.tmp
YY -> 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
YY -> snapsnet.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\snapsnet.exe
YY -> wavvsnet.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\wavvsnet.exe
YY -> _quicktour_deluxe.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\_quicktour_deluxe.exe
YY -> 1330 C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp
YY -> 3 C:\Documents and Settings\Dave\Local Settings\Temp\Adod\*.tmp files -> C:\Documents and Settings\Dave\Local Settings\Temp\Adod\*.tmp
YY -> 1330 C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YY -> ??mbols -> %AppData%\ѕуmbols
YY -> ??mantec -> %CommonProgramFiles%\Ѕуmantec
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
YY -> ??mbols -> C:\Documents and Settings\Dave\Application Data\ѕуmbols
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]
YY -> C:\Program Files\Common Files\??mantec\ -> C:\Program Files\Common Files\Ѕуmantec
YY -> C:\Documents and Settings\Dave\Application Data\??mbols\ -> C:\Documents and Settings\Dave\Application Data\ѕуmbols
YY -> ??mbols -> C:\Documents and Settings\Dave\Application Data\ѕуmbols\ѕуmbols
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#6
scarp8

scarp8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi again :),
After the Run Fix, it asked me to reboot... so I did, I didn't get any file to post... but I did run the dss. Here are the logs:

Deckard's System Scanner v20071014.68
Run by Dave on 2008-02-22 11:32:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
72: 2008-02-22 16:32:23 UTC - RP213 - Deckard's System Scanner Restore Point
71: 2008-02-22 14:41:00 UTC - RP212 - Software Distribution Service 3.0
70: 2008-02-18 11:54:29 UTC - RP211 - System Checkpoint
69: 2008-02-17 10:54:31 UTC - RP210 - System Checkpoint
68: 2008-02-16 09:54:30 UTC - RP209 - System Checkpoint


-- First Restore Point --
1: 2008-02-05 18:03:58 UTC - RP142 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dave.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:29 AM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Web Buying\v1.8.8\webbuying.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dave\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dave.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {ee0d5d21-c96e-e989-c4e4-be05a62f7431} - {1347f26a-50eb-4e4c-989e-e69c12d5d0ee} - C:\WINDOWS\system32\mgaxhudd.dll (file missing)
O2 - BHO: (no name) - {1DC893B6-66DF-4D6A-8E32-12BBD30F2275} - C:\Program Files\ComPlus Applications\meroxef83122.dll (file missing)
O2 - BHO: (no name) - {381ED3A7-6B66-41FD-9454-7B0EBE9A8707} - C:\Program Files\ComPlus Applications\meroxef4444.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {6C649CB3-5306-2ED9-5166-5F00B7CD81BA} - C:\WINDOWS\system32\nvgnezgj.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {8943715f-ffb1-493c-a034-45dc427db685} - C:\WINDOWS\system32\gsqsmlw.dll
O2 - BHO: 0 - {9A6BCADB-B633-41C0-C490-4F73ED345E01} - C:\Program Files\Windows NT\qudarugoz181.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hfvaulyi.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\SYSTEM32\TwcToolbarBho.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\awtqpmj.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.8\webbuying.exe
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera.buffal...activex/AMC.cab
O16 - DPF: {EBD11638-B18C-4700-B11C-6CDF6F770B20} (FrameFree Web Player-0) - http://download.fram...x_v3-3-18-2.cab
O19 - User stylesheet: G:\FILMBURN\userContent.css (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hfvaulyi - C:\WINDOWS\SYSTEM32\hfvaulyi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rtemegozax.html

--
End of file - 17035 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.js - JSFile - shell\open\command - unable to read value
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Imagedrv - c:\windows\system32\drivers\imagedrv.sys <Not Verified; ahead software gmbh and its licensors; NERO IMAGEDRIVE>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 hidparsee - c:\windows\system32\drivers\hidparsee.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 NetAlrt - c:\windows\system32\drivers\netalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
R2 PlatAlrt - c:\windows\system32\drivers\platalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 C-Dilla - c:\windows\system32\drivers\cdant.sys <Not Verified; Macrovision; Licence Management System>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>
S3 PhilCam8116 (Logitech QuickCam Pro 3000(PID_08B0)) - c:\windows\system32\drivers\camdrl21.sys (file missing)
S3 ZSMC301b (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 Compatible>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 C-DillaSrv - c:\windows\system32\drivers\cdantsrv.exe <Not Verified; C-Dilla Ltd; CD-Secure/CD-Compress Windows NT>
R2 DCPFLICS - c:\program files\dcpflics\dcpflics.exe

S3 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-02-22 11:19:58 450 --a------ C:\WINDOWS\Tasks\QIC Messenger Bkup.job
2008-02-22 10:55:04 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-02-22 10:04:22 414 --a------ C:\WINDOWS\Tasks\QIC Autoupdate.job
2008-02-22 09:30:19 450 --a------ C:\WINDOWS\Tasks\QIC Messenger Periodic.job
2008-02-18 02:00:00 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Dave.job
2008-02-15 20:00:00 552 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jessica.job


-- Files created between 2008-01-22 and 2008-02-22 -----------------------------

2008-02-07 11:49:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-07 11:48:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-07 11:48:16 0 d-------- C:\Documents and Settings\Dave\Application Data\SUPERAntiSpyware.com
2008-02-07 11:44:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 19:36:17 0 d-------- C:\Documents and Settings\Dave\Application Data\Grisoft
2008-02-06 19:34:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-06 17:11:37 0 d-------- C:\Program Files\Trend Micro
2008-02-05 13:05:04 163904 -----n--- C:\WINDOWS\system32\hfvaulyi.dll
2008-02-05 13:03:47 283644 --ahs---- C:\WINDOWS\system32\rqstv.ini2
2008-02-05 13:02:12 0 d-------- C:\Program Files\Temporary
2008-02-05 13:02:12 0 d-------- C:\Program Files\Drmupgds
2008-02-05 12:58:55 171520 --a------ C:\WINDOWS\system32\gsqsmlw.dll
2008-02-05 12:58:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-02-05 12:58:50 0 d--hs---- C:\WINDOWS\RGF2ZQ
2008-02-05 12:58:45 86016 --a------ C:\WINDOWS\system32\drivers\hidparsee.sys
2008-02-05 12:58:41 0 d-------- C:\Program Files\Web Buying
2008-02-05 12:58:40 0 d-------- C:\WINDOWS\system32\z6
2008-02-05 12:58:40 0 d-------- C:\WINDOWS\system32\s5
2008-02-05 12:58:40 0 d-------- C:\WINDOWS\system32\p4
2008-02-05 12:58:40 0 d-------- C:\WINDOWS\system32\m1
2008-02-05 12:58:31 0 d-------- C:\WINDOWS\system32\nGpxx01
2008-02-04 16:30:18 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-02-04 16:29:15 0 d-------- C:\Program Files\Siber Systems
2008-02-04 16:28:04 53248 -ra------ C:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-02-04 16:27:59 0 d-------- C:\WINDOWS\system32\IOSUBSYS
2008-02-04 16:27:58 0 d-------- C:\Program Files\Cydrix Solutions
2008-02-04 11:13:36 54272 --a------ C:\WINDOWS\b122.exe
2008-01-25 14:47:14 0 d-------- C:\Documents and Settings\Dave\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2008-02-22 11:34:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-22 11:25:24 0 d-------- C:\Program Files\Steam
2008-02-22 11:22:28 0 d-------- C:\Program Files\Common Files
2008-02-13 19:16:34 0 d-------- C:\Program Files\Norton Internet Security
2008-02-07 10:47:07 0 d-------- C:\Program Files\Windows NT
2008-02-05 13:45:30 0 d-------- C:\Program Files\Symantec
2008-02-04 16:27:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 16:27:26 0 d-------- C:\Documents and Settings\Dave\Application Data\Azureus
2008-02-03 17:47:17 0 d-------- C:\Program Files\Azureus
2008-01-21 17:32:07 0 d-------- C:\Documents and Settings\Dave\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1347f26a-50eb-4e4c-989e-e69c12d5d0ee}]
C:\WINDOWS\system32\mgaxhudd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DC893B6-66DF-4D6A-8E32-12BBD30F2275}]
C:\Program Files\ComPlus Applications\meroxef83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{381ED3A7-6B66-41FD-9454-7B0EBE9A8707}]
C:\Program Files\ComPlus Applications\meroxef4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C649CB3-5306-2ED9-5166-5F00B7CD81BA}]
C:\WINDOWS\system32\nvgnezgj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8943715f-ffb1-493c-a034-45dc427db685}]
02/05/2008 12:58 PM 171520 --a------ C:\WINDOWS\system32\gsqsmlw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A6BCADB-B633-41C0-C490-4F73ED345E01}]
C:\Program Files\Windows NT\qudarugoz181.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
02/05/2008 01:05 PM 163904 --------- C:\WINDOWS\system32\hfvaulyi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
C:\WINDOWS\system32\awtqpmj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/22/2006 02:53 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [07/15/2005 01:48 PM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 02:56 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [02/05/2008 01:44 PM]
"SAClient"="C:\Program Files\Insight\BBClient\Programs\RegCon.exe" [06/01/2004 11:55 AM]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [10/10/2003 10:23 AM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 04:32 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 02:14 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 02:24 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 11:42 AM]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 12:52 PM]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [03/20/2006 02:43 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" []
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [08/31/2004 08:23 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 03:45 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [02/06/2006 02:40 PM]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [10/30/2006 06:39 AM]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 01:44 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [06/12/2006 02:32 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [02/04/2008 04:29 PM]
"WebBuying"="C:\Program Files\Web Buying\v1.8.8\webbuying.exe" [02/05/2008 12:58 PM]
"Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [09/21/2006 02:38 PM]
"Steam"="C:\Program Files\Steam\Steam.exe" [02/06/2008 08:38 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\Documents and Settings\Dave\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/10/2004 2:44:54 PM]
DESKTOP.INI [9/3/2002 2:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/10/2004 2:44:54 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [7/15/2004 8:34:44 PM]
DESKTOP.INI [9/3/2002 2:36:04 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows NT\rtemegozax.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"= C:\WINDOWS\system32\awtqpmj.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hfvaulyi]
hfvaulyi.dll 02/05/2008 01:05 PM 163904 C:\WINDOWS\SYSTEM32\hfvaulyi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"





-- End of Deckard's System Scanner: finished at 2008-02-22 11:37:54 ------------

and...

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Xeon™ CPU 2.66GHz
CPU 1: Intel® Xeon™ CPU 2.66GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 1023 MiB / 465.86 MiB
Pagefile Memory (total/avail): 2464.27 MiB / 1864.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.81 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.25 GiB total, 10.09 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 114.49 GiB total, 4.74 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 38.25 GiB - C:

\\.\PHYSICALDRIVE1 - Maxtor 6Y120P0 - 114.49 GiB - 1 partition
\PARTITION0 - Installable File System - 114.49 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirewallDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Disabled:btdownloadgui"
"C:\\Program Files\\SmileCam\\ezWebCam21_Server\\ezWHostE.exe"="C:\\Program Files\\SmileCam\\ezWebCam21_Server\\ezWHostE.exe:*:Enabled:ezWebCam21 Server"
"C:\\3dsmax5\\3dsmax.exe"="C:\\3dsmax5\\3dsmax.exe:*:Enabled:3ds max application"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"G:\\3dsmax7\\3dsmax.exe"="G:\\3dsmax7\\3dsmax.exe:*:Enabled:3ds max 7"
"C:\\3dsmax5\\backburner2\\monitor.exe"="C:\\3dsmax5\\backburner2\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\3dsmax5\\backburner2\\manager.exe"="C:\\3dsmax5\\backburner2\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\3dsmax5\\backburner2\\server.exe"="C:\\3dsmax5\\backburner2\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dave\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SILVERNELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dave
LOGONSERVER=\\SILVERNELL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Autodesk Shared\;C:\3dsmax5\backburner2\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dave\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dave\LOCALS~1\Temp
USERDOMAIN=SILVERNELL
USERNAME=Dave
USERPROFILE=C:\Documents and Settings\Dave
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dave (admin)
Jessica (admin)
Ava (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE6C9A86-21D4-4DFD-9B89-521182886AEE}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E120C99-63A0-470C-B44A-02ED9969A49D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E120C99-63A0-470C-B44A-02ED9969A49D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
????Super5??? --> MsiExec.exe /I{126A9F8F-4C4C-4866-B737-E9727E336529}
3ds max 7 --> MsiExec.exe /I{F92AB933-9FE7-4335-92BD-D1C3BA27613C}
3ds max 7 Additional Maps and Materials --> MsiExec.exe /I{5EB4C5CA-962C-486B-81FF-A41B7B8FFBEC}
3ds max 7 Architectural Materials --> MsiExec.exe /I{54199443-342B-4162-B10D-CAA1C211E7A6}
3ds max 7 Reference Files --> MsiExec.exe /I{E5F6E1A6-44AA-4CF7-883E-4F7FA7C4BCA5}
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe After Effects 5.0 --> MsiExec.exe /I{5FAB6A66-2DAC-11D4-8524-00C04F602FD3}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{BC467935-A9A5-4D0F-BD89-94F36CDF0524}
AGEIA PhysX v2.3.3 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2005 - English --> MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AXIS Media Control Embedded --> rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
backburner 2.1 --> C:\WINDOWS\unvise32.exe C:\3dsmax5\backburner2\uninstal.log
C-Dilla Licence Management System --> C:\C_DILLA\setup\cdunin16.exe
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 2.1 --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
character studio 4.2 --> MsiExec.exe /I{3191ADFC-5BA3-474D-BCBA-1B5615ABFFC1}
Compact Wireless-G USB Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
  • 0

#7
scarp8

scarp8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I don't know if I'm doing something wrong, but it seems that the cut and paste are not getting the entire post... I'll upload them now.

Attached Files


  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\SYSTEM32\hfvaulyi.dll"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\SYSTEM32\hfvaulyi.dll

  • Click Open.
  • Click Post.
Thank you!



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: {ee0d5d21-c96e-e989-c4e4-be05a62f7431} - {1347f26a-50eb-4e4c-989e-e69c12d5d0ee} - C:\WINDOWS\system32\mgaxhudd.dll (file missing)
O2 - BHO: (no name) - {1DC893B6-66DF-4D6A-8E32-12BBD30F2275} - C:\Program Files\ComPlus Applications\meroxef83122.dll (file missing)
O2 - BHO: (no name) - {381ED3A7-6B66-41FD-9454-7B0EBE9A8707} - C:\Program Files\ComPlus Applications\meroxef4444.dll (file missing)
O2 - BHO: (no name) - {6C649CB3-5306-2ED9-5166-5F00B7CD81BA} - C:\WINDOWS\system32\nvgnezgj.dll (file missing)
O2 - BHO: (no name) - {8943715f-ffb1-493c-a034-45dc427db685} - C:\WINDOWS\system32\gsqsmlw.dll
O2 - BHO: 0 - {9A6BCADB-B633-41C0-C490-4F73ED345E01} - C:\Program Files\Windows NT\qudarugoz181.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hfvaulyi.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\awtqpmj.dll (file missing)
O3 - Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.8\webbuying.exe
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O19 - User stylesheet: G:\FILMBURN\userContent.css (file missing)
O20 - Winlogon Notify: hfvaulyi - C:\WINDOWS\SYSTEM32\hfvaulyi.dll
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rtemegozax.html


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\hfvaulyi.dll
    C:\WINDOWS\system32\rqstv.ini2
    C:\Program Files\Temporary
    C:\Program Files\Drmupgds
    C:\WINDOWS\system32\gsqsmlw.dll
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\WINDOWS\RGF2ZQ
    C:\WINDOWS\system32\drivers\hidparsee.sys
    C:\Program Files\Web Buying
    C:\WINDOWS\system32\z6
    C:\WINDOWS\system32\s5
    C:\WINDOWS\system32\p4
    C:\WINDOWS\system32\m1
    C:\WINDOWS\system32\nGpxx01
    C:\WINDOWS\b122.exe
    C:\Program Files\Windows NT\rtemegozax.html
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log
  • 0

#9
scarp8

scarp8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry I was away for a bit. Here is my OTMoveIt file:

LoadLibrary failed for C:\WINDOWS\system32\hfvaulyi.dll
C:\WINDOWS\system32\hfvaulyi.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hfvaulyi.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\rqstv.ini2 moved successfully.
C:\Program Files\Temporary moved successfully.
C:\Program Files\Drmupgds moved successfully.
File/Folder C:\WINDOWS\system32\gsqsmlw.dll not found.
C:\Documents and Settings\LocalService\Application Data\NetMon moved successfully.
C:\WINDOWS\RGF2ZQ moved successfully.
File move failed. C:\WINDOWS\system32\drivers\hidparsee.sys scheduled to be moved on reboot.
C:\Program Files\Web Buying\v1.8.8 moved successfully.
C:\Program Files\Web Buying moved successfully.
C:\WINDOWS\system32\z6 moved successfully.
C:\WINDOWS\system32\s5 moved successfully.
C:\WINDOWS\system32\p4 moved successfully.
C:\WINDOWS\system32\m1 moved successfully.
C:\WINDOWS\system32\nGpxx01 moved successfully.
C:\WINDOWS\b122.exe moved successfully.
File/Folder C:\Program Files\Windows NT\rtemegozax.html not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.20 log created on 02222008_155644

It asked me to reboot, so I'm going to do that now... then I will post a new dss log.
Thanks for all your help :)
-Dave
  • 0

#10
scarp8

scarp8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey again,
and here is my dss log: attached

Attached Files

  • Attached File  main.txt   23.23KB   132 downloads

  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#12
scarp8

scarp8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
You're too fast!

Ok, attached are the new files. I had to rename the hijackthis.log to a .txt file so it could be uploaded.

Best,
Dave

Attached Files


  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Don't attach the reports please

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\rqstv.ini

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hfvaulyi]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also post a new HijackThis log and tell me how your PC is running
  • 0

#14
scarp8

scarp8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks Rorschach,
I'm running Malwarebytes now, I think it will take a while to finish. I will post the files as soon as it's done. I really appreciate your help.
Best,
Dave
  • 0

#15
scarp8

scarp8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Good Morning. Here are my new logs:

Malwarebytes' Anti-Malware 1.05
Database version: 390

Scan type: Full Scan (A:\|C:\|G:\|)
Objects scanned: 476155
Time elapsed: 15 hour(s), 59 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP195\A0014568.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP196\A0014578.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP196\A0014709.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP196\A0014739.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP197\A0014825.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP197\A0014826.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP197\A0014827.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP197\A0014828.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP197\A0014829.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP197\A0014836.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP201\A0014964.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP204\A0014974.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP211\A0015145.exe (Trojan.Stars) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\02222008_155644\Program Files\Temporary\kernInst.exe (Trojan.Winpop) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\02222008_155644\WINDOWS\b122.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\02222008_155644\WINDOWS\system32\s5\advcomms3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dave\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.





and



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:14 AM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\SYSTEM32\TwcToolbarBho.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera.buffal...activex/AMC.cab
O16 - DPF: {EBD11638-B18C-4700-B11C-6CDF6F770B20} (FrameFree Web Player-0) - http://download.fram...x_v3-3-18-2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 14013 bytes



It seems that the popups have stopped and the computer is running faster. I want to reboot and test it a bit. I'll let you know how it goes.

Best,
Dave
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP