hi thanks for the reply here are the logs you requested along with a fresh hijack this .made some changes before i posted original hijack this . i know i shouldn't of done so undone changes. hope i haven't caused problems by doing this thanks in advance
Deckard's System Scanner v20071014.68
Run by pc000000000000000000 on 2008-03-28 23:36:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
7: 2008-03-28 23:36:57 UTC - RP21 - Deckard's System Scanner Restore Point
6: 2008-03-28 13:21:16 UTC - RP20 - System Checkpoint
5: 2008-03-27 11:48:54 UTC - RP19 - System Checkpoint
4: 2008-03-25 22:57:25 UTC - RP18 - Removed SUPERAntiSpyware Free Edition
3: 2008-03-25 15:55:21 UTC - RP17 - System Checkpoint
-- First Restore Point --
1: 2008-03-24 14:37:32 UTC - RP15 - prepare for malware removal
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as pc000000000000000000.exe) --------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37:20, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Documents and Settings\pc000000000000000000\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\pc000000000000000000.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://uk.msn.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.co.uk/0...S01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://uk.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.msn.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0...S01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [MSI Live] C:\Program Files\MSI\MSI Live\SetWallpaper.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\system32\cmd.exe /c """""C:\WINDOWS\inf\unregmp2.exe"" /ShowWMP"""
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Reboot.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase4009.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1195054897109O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.on...e/en/crlocx.ocxO23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7871 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-28 23:00:00 516 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-02-28 and 2008-03-28 -----------------------------
2008-03-27 02:02:49 2855 --a------ C:\WINDOWS\system32\mem.PIF
2008-03-26 01:32:55 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-03-24 19:48:31 1538 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-24 19:47:59 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-24 19:47:59 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-24 19:47:59 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-24 19:47:59 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-24 19:47:59 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-24 19:47:59 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-23 12:52:51 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-21 20:49:46 0 d-------- C:\Program Files\Common Files\Authentium
2008-03-21 20:49:39 0 d-------- C:\Program Files\Raxco
2008-03-21 20:49:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-03-21 20:49:35 0 d-------- C:\Program Files\CA
2008-03-21 20:49:33 0 d-------- C:\Program Files\Common Files\Scanner
2008-03-21 20:47:41 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\InstallShield
2008-03-21 20:13:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 19:41:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-21 14:41:56 0 d-------- C:\Program Files\Trend Micro
2008-03-19 18:55:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-03-19 18:48:53 524288 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-03-19 18:48:52 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-19 18:48:52 0 d-------- C:\Documents and Settings\Administrator\Start Menu
2008-03-19 18:48:52 0 d--h----- C:\Documents and Settings\Administrator\SendTo
2008-03-19 18:48:52 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-19 18:48:52 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-19 18:48:52 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-19 18:48:52 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-19 18:48:52 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-19 18:48:52 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-19 18:48:52 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-19 18:48:52 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-19 18:48:52 0 d--h----- C:\Documents and Settings\Administrator\Application Data
2008-03-19 18:48:52 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-19 13:23:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-19 13:23:21 0 d-------- C:\Program Files\Security Task Manager
2008-03-16 20:10:59 0 d-------- C:\Program Files\Spyware Doctor
2008-03-16 20:10:59 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\PC Tools
2008-03-14 17:40:53 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-03-10 02:13:02 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\Nero
2008-03-08 22:18:38 4718592 --a------ C:\Documents and Settings\pc000000000000000000\ntuser.dat
2008-03-07 20:51:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-05 20:25:11 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-03-05 19:44:57 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-05 19:34:50 0 d-------- C:\Program Files\Common Files\BitDefender
2008-03-03 21:00:22 0 --a------ C:\WINDOWS\popcreg.dat
2008-03-03 21:00:22 20 --a------ C:\WINDOWS\popcinfot.dat
2008-03-02 22:05:19 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-02 22:04:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
-- Find3M Report ---------------------------------------------------------------
2008-03-25 22:57:31 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\SUPERAntiSpyware.com
2008-03-25 16:21:10 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-24 00:13:39 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-23 20:46:03 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\OpenOffice.org2
2008-03-21 20:49:46 0 d-------- C:\Program Files\Common Files
2008-03-21 20:49:21 0 d-------- C:\Program Files\Virgin Broadband
2008-03-21 20:48:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-21 19:37:45 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\Virgin Broadband
2008-03-19 16:15:07 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\dvdcss
2008-03-19 12:06:44 0 d-------- C:\Program Files\Java
2008-03-14 18:19:30 0 d-------- C:\Program Files\DivX
2008-03-10 02:13:02 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\Ahead
2008-03-05 20:09:39 0 d-------- C:\Program Files\Xfire
2008-03-04 20:39:06 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\Xfire
2008-03-04 11:36:23 0 d-------- C:\Program Files\Call of Duty
2008-03-03 22:25:17 30 --a------ C:\WINDOWS\popcinfo.dat
2008-02-21 21:35:21 0 d-------- C:\Program Files\SopCast
2008-02-21 12:14:08 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\DeepBurner
2008-02-18 23:58:06 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-11 22:16:04 0 d-------- C:\Program Files\Windows Live
2008-02-11 22:15:47 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-11 21:08:37 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-10 23:25:16 0 d-------- C:\Program Files\Windows Live Safety Center
2008-02-07 17:29:20 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\Adobe
2008-02-07 16:10:27 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\Macromedia
2008-02-07 13:24:34 1410 --a------ C:\WINDOWS\mozver.dat
2008-02-03 21:34:06 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\Real
2008-02-03 21:31:36 0 d-------- C:\Program Files\Common Files\Real
2008-02-02 14:01:52 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\ppstream
2008-02-01 20:20:23 0 d-------- C:\Program Files\Common Files\Java
2008-01-30 11:41:29 0 d-------- C:\Documents and Settings\pc000000000000000000\Application Data\Gearbox Software
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSI Live"="C:\Program Files\MSI\MSI Live\SetWallpaper.exe" [10/11/2005 15:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 18:49]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 14:10]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10/12/2007 14:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
"WMC_0"=C:\WINDOWS\system32\cmd.exe /c """""C:\WINDOWS\inf\unregmp2.exe"" /ShowWMP"""
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Reboot.exe [19/12/2007 19:02:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SkyTel"=SkyTel.EXE
"LiveMonitor"=C:\Program Files\MSI\Live Update 3\LMonitor.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02c7214e-936e-11dc-8bfb-001bb9b64b18}]
AutoRun\command- E:\psjxiulr.exe
explore\Command- E:\psjxiulr.exe
open\Command- E:\psjxiulr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62a07309-d82f-11dc-8ca7-001bb9b64b18}]
AutoRun\command- E:\psjxiulr.exe
explore\Command- E:\psjxiulr.exe
open\Command- E:\psjxiulr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93ac0e96-dfb4-11dc-8cb4-001bb9b64b18}]
AutoRun\command- E:\psjxiulr.exe
explore\Command- E:\psjxiulr.exe
open\Command- E:\psjxiulr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-- End of Deckard's System Scanner: finished at 2008-03-28 23:38:35 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Sempron Processor 3000+
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1022.42 MiB / 521.16 MiB
Pagefile Memory (total/avail): 2461.14 MiB / 1906.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.45 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 46.06 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800JD-60LSA5 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: PCguard Firewall v6.0.1 (Telewest)
AV: PCguard Anti-Virus v6.0.1 (Telewest)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\pc000000000000000000\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\pc000000000000000000
LOGONSERVER=\\PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\CA\PPRT\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PC0000~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PC0000~1\LOCALS~1\Temp
USERDOMAIN=PC
USERNAME=pc000000000000000000
USERPROFILE=C:\Documents and Settings\pc000000000000000000
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
pc000000000000000000
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Deep --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\3Deep\TDPunins.isu" -c"C:\PROGRA~1\E-Color\3Deep\tdpunins.dll" ProdName3Deep
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
Broadband Help --> MsiExec.exe /I{01B6480D-3937-4E82-AB2C-8E4C591BEFE5}
E-Color Indicator --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\E-Color Indicator\Uninst.isu" -c"C:\Program Files\E-Color\E-Color Indicator\TICUninstall.dll"
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\MSI Live\Uninst.isu"
MSI Live Update 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.3 --> MsiExec.exe /I{54C93A8C-A15A-4439-BE64-2342202D4FF0}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PPSDKRedistributables --> MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Radialpoint Security Services --> MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Red Faction --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47E6B460-04BA-4215-9F5D-3858BF920D07}\setup.exe" anything
RPS Ad Blocker --> MsiExec.exe /I{6EA0ABC4-172B-48D4-AF26-93322D7FDE72}
RPS AntiFraud --> MsiExec.exe /I{C831972C-3834-4D9D-A095-8350B324AC3C}
RPS AntiSpyware --> MsiExec.exe /I{EE1D5780-AF29-4DC4-A107-3FD5F79AC63A}
RPS AntiVirus --> MsiExec.exe /I{05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4}
RPS App Detector --> MsiExec.exe /I{3C441434-737C-4D54-8EAB-B409BE54E734}
RPS AsRealtime --> MsiExec.exe /I{D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D}
RPS Backup --> MsiExec.exe /I{B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0}
RPS Burn --> MsiExec.exe /I{A542D695-16D3-4F89-A6F1-091F009B8ABA}
RPS Diagnostic Utility --> MsiExec.exe /I{3A836186-46F8-4388-9830-820E35C02992}
RPS Firewall --> MsiExec.exe /I{ECBDDBD7-43CC-417C-B87A-943AFED8EB57}
RPS ParentalControl --> MsiExec.exe /I{53C32728-D434-4143-9C9D-D73D68D00893}
RPS Performance Tool --> MsiExec.exe /I{DD1C392B-226D-42C9-B8E6-2A9BEF7583B4}
RPS PopupBlocker --> MsiExec.exe /I{324D4909-7A7B-45CD-B199-E975DC108249}
RPS Privacy Manager --> MsiExec.exe /I{FD2EC356-DB5E-40AE-907A-9A1D38F9396D}
RPS RpsCore --> MsiExec.exe /I{AFE0D559-DAC2-4DF0-B432-4CBA15769AA9}
RPS Security Cleanup --> MsiExec.exe /I{5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166}
RPS Zip --> MsiExec.exe /I{3AFF4279-A590-4010-8C8A-3B096A220CFC}
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virgin Broadband advisor 1.5.14 --> "C:\Program Files\Virgin Broadband\advisor\unins000.exe"
Virgin Broadband PCguard --> C:\Program Files\InstallShield Installation Information\{153BC7CA-9F2F-45AC-B4A1-AFAFBD5D904B}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type8760 / Success
Event Submitted/Written: 03/28/2008 00:22:37 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type8724 / Success
Event Submitted/Written: 03/27/2008 07:08:45 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type8697 / Success
Event Submitted/Written: 03/27/2008 01:30:12 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type8676 / Success
Event Submitted/Written: 03/27/2008 10:43:35 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type8650 / Error
Event Submitted/Written: 03/26/2008 09:56:12 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 688344515.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type35302 / Warning
Event Submitted/Written: 03/28/2008 11:03:23 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type35283 / Error
Event Submitted/Written: 03/28/2008 03:16:00 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.
Event Record #/Type35245 / Error
Event Submitted/Written: 03/27/2008 09:16:44 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.
Event Record #/Type35203 / Error
Event Submitted/Written: 03/27/2008 02:23:52 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.
Event Record #/Type35161 / Error
Event Submitted/Written: 03/27/2008 09:31:56 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.
-- End of Deckard's System Scanner: finished at 2008-03-28 23:38:35 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:33, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://uk.msn.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.co.uk/0...S01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://uk.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.msn.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0...S01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [MSI Live] C:\Program Files\MSI\MSI Live\SetWallpaper.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\system32\cmd.exe /c """""C:\WINDOWS\inf\unregmp2.exe"" /ShowWMP"""
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Reboot.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase4009.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1195054897109O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.on...e/en/crlocx.ocxO23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7901 bytes