Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

bug of some sorts [RESOLVED]

Started by oopdog , Mar 27 2008 10:33 PM

  • This topic is locked This topic is locked

#1
oopdog
Posted 27 March 2008 - 10:33 PM

oopdog

    Member

  • Member
  • PipPip
  • 11 posts
Hey guys, I'm experiencing some problems with programs and slow internet with a 6mb connection. Gotta be infected with something! Ran all the programs as suggested and did the fixes of all problems found, but still having problems. Posting my HJT log, would appreciate any help anyone can give. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:05 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\patch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\patch.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [patch] C:\WINDOWS\system32\patch.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [patch] C:\WINDOWS\system32\patch.exe
O4 - HKCU\..\RunServices: [patch] C:\WINDOWS\system32\patch.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...se/ghplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - http://www.beemovie....1600x1200_3.jpg

--
End of file - 13254 bytes
  • 0

Advertisements

#2
sage5
Posted 28 March 2008 - 05:01 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi oopdog,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
SDFix
Deckard's System Scanner
OTMoveIt2 by OldTimer.


Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Run SDFix:
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save it as C:\SDFix\Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of C:\SDFix\Report.txt, main.txt & extra.txt in your next reply.



The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5
  • 0

#3
oopdog
Posted 28 March 2008 - 03:43 PM

oopdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK Sage I've ran the SD Fix and Decker scan and I'm posting the text reports from them as you instructed. Thanks a million mate for all you've done so far, hopefully with your help we'll have this mess cleaned up.

SDFix: Version 1.163

Run by Alan on Fri 03/28/2008 at 05:18 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 17:22:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000

scanning hidden files ...

C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-03-28-689d.kc 148996 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 22 Mar 2008 24 ..SH. --- "C:\WINDOWS\S42023BC9.tmp"
Mon 13 Mar 2006 41 A..HR --- "C:\WINDOWS\system32\bn.dll"
Wed 5 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 23 Apr 2007 87,919 ...H. --- "C:\Program Files\Nero\PhotoShow 5\data\Nero PhotoShow Deluxe.exe"
Sat 1 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT4.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT4.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT5.tmp"
Fri 29 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\BITA.tmp"
Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT5.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT3.tmp"

Finished!
  • 0

#4
oopdog
Posted 28 March 2008 - 03:45 PM

oopdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry I meant Deckard scan :)
Deckard's System Scanner v20071014.68
Run by Alan on 2008-03-28 17:27:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-03-28 21:27:56 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2008-03-28 04:11:25 UTC - RP15 - RegCure Backup
14: 2008-03-28 04:11:21 UTC - RP14 - RegCure Backup
13: 2008-03-27 05:00:39 UTC - RP13 - RegCure Backup
12: 2008-03-27 02:13:15 UTC - RP12 - RegCure Backup


-- First Restore Point --
1: 2008-03-25 23:12:27 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Alan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:51 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Alan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...se/ghplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers...eminfo/MSC3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - http://www.beemovie....1600x1200_3.jpg

--
End of file - 13126 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080328-000826-717 F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\patch.exe

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - C:\WINDOWS\system32\notepad.exe "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 catchme - c:\docume~1\alan\locals~1\temp\catchme.sys (file missing)
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S2 Viewpoint Manager Service -
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-28 17:21:49 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-28 17:21:40 446 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-03-27 01:00:45 370 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-03-25 17:19:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-23 09:37:57 620 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Alan.job
2008-03-17 06:29:23 360 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-02-29 23:41:31 388 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1204342846.job


-- Files created between 2008-02-28 and 2008-03-28 -----------------------------

2008-03-28 17:17:24 0 d-------- C:\WINDOWS\ERUNT
2008-03-27 06:58:08 0 d-------- C:\WINDOWS\system32\Futuremark
2008-03-26 19:36:02 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-03-26 13:38:11 0 d-------- C:\Documents and Settings\Kim\Application Data\Grisoft
2008-03-26 06:28:44 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-25 21:44:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-25 21:44:49 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-25 21:44:48 0 d-------- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
2008-03-25 20:09:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-25 18:55:45 0 d-------- C:\Program Files\Trend Micro
2008-03-25 18:25:11 0 d-------- C:\Documents and Settings\Alan\Application Data\Grisoft
2008-03-25 18:25:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 19:35:10 0 d-------- C:\Documents and Settings\Alan\Application Data\Ashampoo
2008-03-24 19:32:55 0 d-------- C:\Program Files\Ashampoo
2008-03-23 18:43:12 0 d-------- C:\Program Files\MSXML 6.0
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-23 17:08:08 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-23 17:08:08 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-23 17:08:08 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-23 17:08:08 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-23 17:08:08 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-23 17:08:08 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-23 17:08:08 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-23 17:08:08 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-23 17:08:08 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-23 17:08:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-23 01:51:51 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-03-22 23:45:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-22 23:39:31 0 d-------- C:\Program Files\SlySoft
2008-03-22 13:29:18 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-22 13:29:18 0 d-------- C:\Program Files\AutoCAD 2009
2008-03-22 13:29:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-22 13:29:18 0 d-------- C:\Documents and Settings\Alan\Application Data\Autodesk
2008-03-22 13:26:30 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-22 13:26:07 0 d-------- C:\Program Files\Reference Assemblies
2008-03-22 13:06:31 0 d-------- C:\Program Files\PowerISO
2008-03-22 12:24:40 86588244 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-03-22 11:39:19 0 d-------- C:\Documents and Settings\Alan\Application Data\Sun
2008-03-20 20:16:42 0 d-------- C:\Documents and Settings\Alan\Application Data\NeroDCTemplates
2008-03-20 20:09:46 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-20 20:09:44 0 d-------- C:\Softpaq
2008-03-18 22:39:21 0 d-------- C:\Program Files\NeroInstall.bak
2008-03-17 15:56:14 0 d-------- C:\Documents and Settings\Alan\Application Data\NeroDigital™
2008-03-17 15:53:51 0 d-------- C:\Program Files\DVD Region+CSS Free
2008-03-17 15:37:51 0 d-------- C:\Program Files\PeerGuardian2
2008-03-15 18:32:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-03-15 18:32:20 0 d-------- C:\Documents and Settings\Alan\Application Data\GTek
2008-03-14 20:48:56 0 d-------- C:\Program Files\AVSMedia
2008-03-14 20:45:22 0 d-------- C:\Documents and Settings\Alan\Application Data\Pegasys Inc
2008-03-14 20:24:22 0 d-------- C:\Documents and Settings\Alan\Application Data\AVSMedia
2008-03-14 20:24:18 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-03-14 20:21:51 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-14 20:21:12 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-14 20:21:12 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-14 20:21:12 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-03-14 20:21:12 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-03-14 20:21:12 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-03-14 20:20:36 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-14 20:04:46 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2008-03-14 20:04:34 0 d-------- C:\Program Files\Pegasys Inc
2008-03-14 19:23:35 0 d-------- C:\Documents and Settings\Alan\Application Data\DVDFab
2008-03-14 17:21:30 0 d-------- C:\Documents and Settings\Alan\Application Data\BitTorrent
2008-03-14 17:21:18 0 d-------- C:\Program Files\DNA
2008-03-14 17:21:18 0 d-------- C:\Documents and Settings\Alan\Application Data\DNA
2008-03-14 17:21:17 0 d-------- C:\Program Files\BitTorrent
2008-03-13 10:03:03 0 d-------- C:\Program Files\iPod
2008-03-13 10:02:59 0 d-------- C:\Program Files\iTunes
2008-03-11 14:37:47 0 d-------- C:\Documents and Settings\Kim\Application Data\Microsoft Games
2008-03-11 13:30:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-03-11 13:20:30 0 d-------- C:\Program Files\Microsoft Games
2008-03-09 22:40:19 0 d-------- C:\Documents and Settings\Alan\Application Data\Apple Computer
2008-03-09 15:17:50 0 d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-03-09 11:09:41 0 d-------- C:\Program Files\LimeWire
2008-03-09 10:52:00 0 d-------- C:\Program Files\Common Files\eSellerate
2008-03-08 00:05:49 0 d-------- C:\Documents and Settings\Alan\Application Data\Ventrilo
2008-03-08 00:03:18 0 d-------- C:\Program Files\Ventrilo
2008-03-08 00:03:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 00:02:07 968 --a------ C:\WINDOWS\uninstallcopymoveto.vbs
2008-03-07 23:33:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-07 23:33:52 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-07 15:35:25 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-03-07 12:15:44 0 d-------- C:\Program Files\Incomplete
2008-03-07 08:05:53 0 d-------- C:\Documents and Settings\Kim\Application Data\Apple Computer
2008-03-07 08:05:33 0 d-------- C:\Program Files\Bonjour
2008-03-07 08:05:10 0 d-------- C:\Program Files\QuickTime
2008-03-07 08:05:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-07 08:04:58 0 d-------- C:\Program Files\Apple Software Update
2008-03-07 08:04:46 0 d-------- C:\Program Files\Common Files\Apple
2008-03-07 08:04:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-07 07:43:31 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-06 18:30:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-06 18:24:05 0 d-------- C:\Documents and Settings\Alan\Application Data\Xfire
2008-03-06 18:24:04 0 d-------- C:\Program Files\Xfire
2008-03-06 04:07:30 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-03-06 00:54:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-06 00:54:15 0 d-------- C:\Program Files\Yahoo!
2008-03-05 18:22:35 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-05 18:21:28 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-05 18:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-05 11:37:17 0 d-------- C:\Documents and Settings\Kim\Application Data\FunWebProducts
2008-03-05 08:02:56 0 d-------- C:\Documents and Settings\Kim\Shared
2008-03-05 08:02:53 0 d-------- C:\Documents and Settings\Kim\Incomplete
2008-03-05 08:02:46 0 d-------- C:\Documents and Settings\Kim\Application Data\LimeWire
2008-03-04 13:23:37 0 d-------- C:\Documents and Settings\Kim\Application Data\Simple Star
2008-03-04 13:04:25 313 --ah----- C:\Documents and Settings\Alan\hpothb07.dat
2008-03-04 13:04:17 0 --ah----- C:\Documents and Settings\Kim\hpothb07.dat
2008-03-04 13:03:28 0 d-------- C:\Documents and Settings\Kim\Application Data\Hewlett-Packard
2008-03-04 00:36:31 0 d-------- C:\Program Files\XoftSpySE
2008-03-03 23:24:35 0 d-------- C:\Program Files\RegCure
2008-03-02 18:14:28 0 d-------- C:\Program Files\PokerStars.NET
2008-03-02 17:39:00 0 d-------- C:\Documents and Settings\Kim\Application Data\Google
2008-03-02 13:27:51 0 d-------- C:\Documents and Settings\Alan\Application Data\Google
2008-03-02 13:27:26 0 d-------- C:\Documents and Settings\Alan\Application Data\AdobeUM
2008-03-02 13:12:02 32 --a------ C:\WINDOWS\go
2008-03-02 13:11:58 0 d-------- C:\WINDOWS\vf_hip
2008-03-02 13:11:57 0 d-------- C:\Program Files\Hide IP Platinum
2008-03-02 13:02:59 221184 --a------ C:\WINDOWS\system32\xtbaksm.dat
2008-03-02 13:02:58 0 d-------- C:\WINDOWS\system32\xtupdate
2008-03-02 13:02:49 0 d-------- C:\WINDOWS\system32\IOSUBSYS
2008-03-02 13:02:49 41 -rah----- C:\WINDOWS\system32\bn.dll
2008-03-02 12:05:46 0 d-------- C:\Documents and Settings\Kim\Contacts
2008-03-02 11:52:12 0 d-------- C:\WINDOWS\Sun
2008-03-02 11:52:12 0 d-------- C:\Documents and Settings\Kim\Application Data\Sun
2008-03-02 11:52:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-02 11:52:02 0 d-------- C:\Program Files\Google
2008-03-02 11:51:35 0 d-------- C:\Program Files\Java
2008-03-02 11:51:21 0 d-------- C:\Program Files\Common Files\Java
2008-03-02 11:48:34 0 d-------- C:\Documents and Settings\Kim\Application Data\Macromedia
2008-03-02 11:48:18 0 d-------- C:\Documents and Settings\Kim\Application Data\acccore
2008-03-02 11:46:41 0 d-------- C:\Documents and Settings\Kim\Application Data\Adobe
2008-03-01 22:46:05 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-01 13:33:45 0 d-------- C:\WINDOWS\system32\Defaults
2008-03-01 13:32:50 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-01 13:32:50 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-03-01 13:32:34 3072 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-03-01 13:32:34 10240 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-01 13:13:27 0 d-------- C:\Program Files\Ares
2008-03-01 12:26:25 0 d-------- C:\Documents and Settings\Alan\Application Data\UseNeXT
2008-03-01 12:18:47 0 d-------- C:\Documents and Settings\Alan\Application Data\acccore
2008-03-01 12:17:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-01 12:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-03-01 12:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-01 12:16:53 0 d-------- C:\Program Files\Common Files\AOL
2008-03-01 12:16:42 0 d-------- C:\Program Files\AIM6
2008-03-01 04:04:44 0 d-------- C:\Documents and Settings\Kim\Application Data\Windows Desktop Search
2008-03-01 04:04:44 0 d-------- C:\Documents and Settings\Kim\Application Data\Nero
2008-03-01 04:04:36 0 d-------- C:\Documents and Settings\Kim\Application Data\Identities
2008-03-01 04:04:30 0 dr-h----- C:\Documents and Settings\Kim\Recent
2008-03-01 04:04:30 0 d--h----- C:\Documents and Settings\Kim\PrintHood
2008-03-01 04:04:30 0 d--h----- C:\Documents and Settings\Kim\NetHood
2008-03-01 04:04:30 0 dr------- C:\Documents and Settings\Kim\My Documents
2008-03-01 04:04:30 0 d--h----- C:\Documents and Settings\Kim\Local Settings
2008-03-01 04:04:30 0 dr------- C:\Documents and Settings\Kim\Favorites
2008-03-01 04:04:30 0 d-------- C:\Documents and Settings\Kim\Desktop
2008-03-01 04:04:30 0 d--hs---- C:\Documents and Settings\Kim\Cookies
2008-03-01 04:04:30 0 d--h----- C:\Documents and Settings\Kim\Application Data
2008-03-01 04:04:30 0 d---s---- C:\Documents and Settings\Kim\Application Data\Microsoft
2008-03-01 04:04:29 0 d--h----- C:\Documents and Settings\Kim\Templates
2008-03-01 04:04:29 0 dr------- C:\Documents and Settings\Kim\Start Menu
2008-03-01 04:04:29 0 dr-h----- C:\Documents and Settings\Kim\SendTo
2008-03-01 04:04:29 2359296 --ah----- C:\Documents and Settings\Kim\NTUSER.DAT
2008-03-01 03:45:56 0 d-------- C:\Documents and Settings\Alan\Application Data\Windows Desktop Search
2008-03-01 03:45:29 0 d-------- C:\Program Files\Windows Desktop Search
2008-03-01 01:59:55 0 d-------- C:\Program Files\GameSpot
2008-03-01 01:09:32 0 d-------- C:\Program Files\Activision
2008-03-01 01:06:54 0 d--hs---- C:\WINDOWS\ftpcache
2008-03-01 01:00:01 0 d-------- C:\WINDOWS\system32\appmgmt
2008-03-01 00:26:10 0 d-------- C:\Program Files\Microsoft LifeCam
2008-03-01 00:21:09 0 d-------- C:\Documents and Settings\Alan\Contacts
2008-03-01 00:20:23 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-01 00:17:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 00:17:20 0 d-------- C:\Program Files\Windows Live
2008-03-01 00:17:14 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 00:11:17 0 d-------- C:\Program Files\MSXML 4.0
2008-03-01 00:02:29 0 d-------- C:\WINDOWS\network diagnostic
2008-02-29 23:47:56 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-29 23:41:26 0 d-------- C:\Documents and Settings\Alan\Application Data\Hewlett-Packard
2008-02-29 23:32:17 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-29 23:22:57 0 d-------- C:\Program Files\Hewlett-Packard
2008-02-29 23:20:59 0 d-------- C:\Documents and Settings\Alan\Application Data\Help
2008-02-29 23:16:33 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-29 23:16:33 47360 --a------ C:\Documents and Settings\Alan\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-29 23:16:32 0 d-------- C:\Documents and Settings\Alan\Application Data\Vso
2008-02-29 23:16:20 352410 --a------ C:\WINDOWS\opeC2.exe
2008-02-29 23:12:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Simple Star
2008-02-29 23:11:24 335872 --a------ C:\WINDOWS\Nero PhotoShow.scr <Not Verified; Nero AG / Nero Inc.; Nero PhotoShow Screen Saver>
2008-02-29 23:11:18 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-02-29 23:11:18 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-02-29 23:07:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2008-02-29 23:07:06 0 d-------- C:\Program Files\Common Files\Simple Star Shared
2008-02-29 23:06:07 0 d-------- C:\Documents and Settings\Alan\Application Data\Macromedia
2008-02-29 23:03:17 0 d-------- C:\Documents and Settings\Alan\Application Data\Simple Star
2008-02-29 23:02:04 0 d-------- C:\Documents and Settings\Alan\Application Data\Nero
2008-02-29 23:00:37 0 d-------- C:\Program Files\Nero
2008-02-29 23:00:37 0 d-------- C:\Program Files\Common Files\Nero
2008-02-29 23:00:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-29 22:55:35 0 d-------- C:\WINDOWS\RegisteredPackages
2008-02-29 22:45:44 0 d-------- C:\Program Files\Microsoft Works
2008-02-29 22:45:40 0 d-------- C:\Program Files\MSBuild
2008-02-29 22:32:15 0 d-------- C:\WINDOWS\SHELLNEW
2008-02-29 22:31:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 22:30:34 0 dr-h----- C:\MSOCache
2008-02-29 22:21:58 0 d-------- C:\Documents and Settings\Alan\Application Data\Adobe
2008-02-29 22:06:25 0 d-------- C:\NVIDIA
2008-02-29 22:04:16 286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-02-29 22:04:16 0 d-------- C:\Program Files\ResChanger XP
2008-02-29 21:53:51 0 d-------- C:\Documents and Settings\Alan\Application Data\Creative
2008-02-29 21:51:20 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-02-29 21:50:23 0 d-------- C:\WINDOWS\system32\Data
2008-02-29 21:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-02-29 21:31:30 41984 -----n--- C:\WINDOWS\CTRegRun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-02-29 21:31:25 0 d-------- C:\Program Files\Creative
2008-02-29 21:27:12 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-02-29 21:27:12 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-02-29 21:27:12 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-02-29 21:27:12 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-02-29 21:27:12 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-02-29 21:27:12 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-02-29 21:27:12 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-02-29 21:27:12 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-02-29 21:27:12 0 d-------- C:\WINDOWS\nview
2008-02-29 21:22:04 0 d-------- C:\WINDOWS\system32\EVGA
2008-02-29 20:54:36 0 d-------- C:\WINDOWS\system32\LogFiles
2008-02-29 20:54:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-29 20:54:00 0 d-------- C:\Program Files\NVIDIA Corporation
2008-02-29 20:52:09 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-29 20:52:05 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-02-29 20:51:00 0 d-------- C:\WINDOWS\NV23082312.TMP
2008-02-29 20:50:11 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-29 20:39:46 0 d--h----- C:\WINDOWS\PIF
2008-02-29 20:26:10 16618 -----n--- C:\WINDOWS\hpomdl01.dat
2008-02-29 20:26:10 20454 --a------ C:\WINDOWS\hpoins01.dat
2008-02-29 20:15:54 0 d-------- C:\Program Files\Norton Internet Security
2008-02-29 20:15:25 0 d-------- C:\Program Files\Symantec
2008-02-29 20:15:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-29 20:15:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-29 20:10:05 0 d-------- C:\Documents and Settings\Alan\Application Data\Identities
2008-02-29 20:10:00 0 dr------- C:\Documents and Settings\Alan\Favorites
2008-02-29 20:10:00 0 d-------- C:\Documents and Settings\Alan\Desktop
2008-02-29 20:10:00 0 d--hs---- C:\Documents and Settings\Alan\Cookies
2008-02-29 20:10:00 0 dr-h----- C:\Documents and Settings\Alan\Application Data
2008-02-29 20:09:59 0 d--h----- C:\Documents and Settings\Alan\Templates
2008-02-29 20:09:59 0 dr------- C:\Documents and Settings\Alan\Start Menu
2008-02-29 20:09:59 0 dr-h----- C:\Documents and Settings\Alan\SendTo
2008-02-29 20:09:59 0 dr-h----- C:\Documents and Settings\Alan\Recent
2008-02-29 20:09:59 0 d--h----- C:\Documents and Settings\Alan\PrintHood
2008-02-29 20:09:59 3145728 --ah----- C:\Documents and Settings\Alan\NTUSER.DAT
2008-02-29 20:09:59 0 d--h----- C:\Documents and Settings\Alan\NetHood
2008-02-29 20:09:59 0 dr------- C:\Documents and Settings\Alan\My Documents
2008-02-29 20:09:59 0 d--h----- C:\Documents and Settings\Alan\Local Settings
2008-02-29 20:08:35 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-02-29 20:08:34 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-02-29 20:08:34 0 d-------- C:\WINDOWS\Prefetch
2008-02-29 20:08:33 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-02-29 20:08:33 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-02-29 20:08:33 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-02-29 20:08:33 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-02-29 20:08:33 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-02-29 19:22:20 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-02-29 19:22:20 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-02-29 19:22:20 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-02-29 19:22:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-02-29 19:22:20 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-02-29 19:19:39 0 d-------- C:\WINDOWS\system32\xircom
2008-02-29 19:19:39 0 d-------- C:\Program Files\microsoft frontpage
2008-02-29 19:19:32 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-02-29 19:19:29 0 d--h----- C:\WINDOWS\$hf_mig$
2008-02-29 19:19:20 0 -rahs---- C:\MSDOS.SYS
2008-02-29 19:19:20 0 -rahs---- C:\IO.SYS
2008-02-29 19:19:20 0 --a------ C:\CONFIG.SYS
2008-02-29 19:19:20 0 --a------ C:\AUTOEXEC.BAT
2008-02-29 19:18:45 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-02-29 19:18:39 0 dr------- C:\WINDOWS\Offline Web Pages
2008-02-29 19:18:39 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-29 19:18:32 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-29 19:18:14 0 d-------- C:\WINDOWS\system32\DirectX
2008-02-29 19:17:20 0 d---s---- C:\WINDOWS\Tasks
2008-02-29 19:17:18 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-29 19:17:12 0 d-------- C:\WINDOWS\srchasst
2008-02-29 19:17:10 0 d-------- C:\WINDOWS\system32\Macromed
2008-02-29 19:16:58 0 d-------- C:\Program Files\Movie Maker
2008-02-29 19:16:44 0 d-------- C:\WINDOWS\system32\Restore
2008-02-29 19:16:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 19:15:58 0 d-------- C:\WINDOWS\Registration
2008-02-29 19:15:54 0 d-------- C:\Program Files\Online Services
2008-02-29 19:15:49 0 d-------- C:\Program Files\Messenger
2008-02-29 19:15:44 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-29 19:14:47 0 d-------- C:\Program Files\Windows NT
2008-02-29 19:14:41 0 d-------- C:\WINDOWS\system32\MsDtc
2008-02-29 19:14:39 0 d-------- C:\WINDOWS\system32\Com
2008-02-29 14:06:03 0 d--hs---- C:\WINDOWS\Installer
2008-02-29 14:06:02 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-29 14:05:58 0 dr------- C:\Program Files
2008-02-29 14:05:58 0 d-------- C:\Program Files\Common Files
2008-02-29 14:05:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-02-29 14:05:31 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-02-29 14:05:31 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-02-29 14:05:31 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-02-29 14:05:31 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-02-29 14:05:31 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-02-29 14:05:31 0 dr------- C:\Documents and Settings\All Users\Documents
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-02-29 14:05:16 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-02-29 14:05:16 0 d-------- C:\WINDOWS\system32\CatRoot
2008-02-29 14:05:10 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-02-29 14:05:10 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-02-29 14:05:10 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-02-29 14:05:10 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-02-29 14:04:44 0 d-------- C:\Documents and Settings
2008-02-29 14:04:43 0 d--hs---- C:\System Volume Information
2008-02-29 13:53:17 0 d-------- C:\WINDOWS
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\WinSxS
2008-02-29 13:53:17 0 dr------- C:\WINDOWS\Web
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\twain_32
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\wins
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\wbem
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\usmt
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\spool
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\ShellExt
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\Setup
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\ras
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\oobe
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\npp
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\mui
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\inetsrv
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\IME
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\icsxml
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\ias
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\export
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\drivers
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-02-29 13:53:17 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\dhcp
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\config
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\3076
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\2052
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1054
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1042
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1041
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1037
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1033
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1031
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1028
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1025
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\security
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Resources
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\repair
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Provisioning
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\PeerNet
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\pchealth
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\mui
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\msapps
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\msagent
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Media
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\java
2008-02-29 13:53:17 0 d--h----- C:\WINDOWS\inf
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\ime
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Help
2008-02-29 13:53:17 0 dr--s---- C:\WINDOWS\Fonts
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\ehome
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Driver Cache
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Debug
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Cursors
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Connection Wizard
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Config
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\AppPatch
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-03-23 01:51:55 34 --a------ C:\Documents and Settings\Alan\Application Data\pcouffin.log
2008-03-23 01:51:53 1144 --a------ C:\Documents and Settings\Alan\Application Data\pcouffin.inf
2008-03-23 01:51:53 7887 --a------ C:\Documents and Settings\Alan\Application Data\pcouffin.cat
2008-03-01 01:59:58 5584 --a------ C:\Program Files\install.log
2008-02-29 14:05:31 62 --ahs---- C:\Documents and Settings\Alan\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 03:11 AM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/13/2006 11:12 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"ResChangerXP"="C:\Program Files\ResChanger XP\ResChangerXP.exe" [02/14/2002 03:33 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 02:41 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"VX6000"="C:\WINDOWS\vVX6000.exe" [10/13/2006 06:04 PM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 06:01 PM]
"CTHelper"="CTHELPER.EXE" [08/11/2006 03:56 PM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [08/11/2006 03:56 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [03/17/2006 10:24 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe" [04/27/2007 02:16 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/
  • 0

#5
oopdog
Posted 28 March 2008 - 03:48 PM

oopdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6600 @ 2.40GHz
CPU 1: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2814.46 MiB / 2223.32 MiB
Pagefile Memory (total/avail): 4702.04 MiB / 4240.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.82 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 146.48 GiB total, 111.91 GiB free.
D: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
E: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
F: is CDROM (CDFS)
G: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 146.48 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 151.61 GiB - G:

\\.\PHYSICALDRIVE1 - ST3320620AS - 298.09 GiB - 2 partitions
\PARTITION0 - Installable File System - 146.48 GiB - D:
\PARTITION1 - Extended w/Extended Int 13 - 151.6 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALAN-65E11A29AF
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alan
LOGONSERVER=\\ALAN-65E11A29AF
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Alan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Alan\LOCALS~1\Temp
USERDOMAIN=ALAN-65E11A29AF
USERNAME=Alan
USERPROFILE=C:\Documents and Settings\Alan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Alan (admin)
Kim (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Ashampoo PowerUp 3.10 --> "C:\Program Files\Ashampoo\Ashampoo PowerUp 3\unins000.exe"
AutoCAD 2009 - English --> C:\Program Files\AutoCAD 2009\Setup\Setup.exe /P {5783F2D7-7001-0409-0002-0060B0CE6BBA} /M ACAD
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVS Video Converter 4.3.1.371 --> "C:\Program Files\AVSMedia\VideoConverter4\unins000.exe"
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.1 Patch --> C:\Program Files\InstallShield Installation Information\{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.2 Patch --> C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch --> C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Copy/Move To Extensions --> cscript.exe C:\WINDOWS\uninstallcopymoveto.vbs
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
DVD Region+CSS Free 5.9.8.3 --> "C:\Program Files\DVD Region+CSS Free\unins000.exe"
DVDFab Platinum 4.1.2.0 --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
EVGA Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x9 -removeonly
Futuremark Measurement Services Client --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hide IP Platinum 3.1 --> "C:\Program Files\Hide IP Platinum\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{8CFC7570-DD90-486E-A239-E31D455BDE93}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 --> MsiExec.exe /X{01ED1F71-DFB4-43CC-B787-02D07BC9F59B}
Nero PhotoShow Deluxe 5 --> "C:\Program Files\Nero\PhotoShow 5\data\Xtras\Uninstall.exe"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PokerStars.net --> "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
ResChanger XP --> C:\WINDOWS\iun506.exe C:\Program Files\ResChanger XP\irunin.ini
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TMPGEnc DVD Author 3 with DivX Authoring Trial Version --> MsiExec.exe /I{CF96BF8E-10A6-4912-942F-E83ABE7BE771}
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zoo Tycoon 2 - Marine Mania --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B406605B-45FE-4D8F-8250-1E77479583AE}


-- Application Event Log -------------------------------------------------------

Event Record #/Type5208 / Error
Event Submitted/Written: 03/28/2008 05:26:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpoevm08.exe, version 4.2.0.20, faulting module ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.
Processing media-specific event for [hpoevm08.exe!ws!]

Event Record #/Type5160 / Error
Event Submitted/Written: 03/28/2008 10:56:40 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msimn.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5137 / Error
Event Submitted/Written: 03/28/2008 06:34:51 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpoevm08.exe, version 4.2.0.20, faulting module ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.
Processing media-specific event for [hpoevm08.exe!ws!]

Event Record #/Type5106 / Error
Event Submitted/Written: 03/28/2008 00:15:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpoevm08.exe, version 4.2.0.20, faulting module ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.
Processing media-specific event for [hpoevm08.exe!ws!]

Event Record #/Type5076 / Error
Event Submitted/Written: 03/27/2008 11:59:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpoevm08.exe, version 4.2.0.20, faulting module ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.
Processing media-specific event for [hpoevm08.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8174 / Error
Event Submitted/Written: 03/27/2008 08:14:56 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type8173 / Error
Event Submitted/Written: 03/27/2008 08:04:01 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type8171 / Error
Event Submitted/Written: 03/27/2008 07:55:26 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type8170 / Error
Event Submitted/Written: 03/27/2008 07:55:26 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type8164 / Error
Event Submitted/Written: 03/27/2008 07:44:37 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.



-- End of Deckard's System Scanner: finished at 2008-03-28 17:29:45 ------------
  • 0

#6
sage5
Posted 29 March 2008 - 04:50 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
The Extra.txt log was fine, but the Main.txt got cut off at

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe" [04/27/2007 02:16 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/


Can you post me the rest of that log please.

Cheers,

sage5
  • 0

#7
oopdog
Posted 29 March 2008 - 11:39 AM

oopdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry about that! Here'e the Main text log again.

Deckard's System Scanner v20071014.68
Run by Alan on 2008-03-28 17:27:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-03-28 21:27:56 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2008-03-28 04:11:25 UTC - RP15 - RegCure Backup
14: 2008-03-28 04:11:21 UTC - RP14 - RegCure Backup
13: 2008-03-27 05:00:39 UTC - RP13 - RegCure Backup
12: 2008-03-27 02:13:15 UTC - RP12 - RegCure Backup


-- First Restore Point --
1: 2008-03-25 23:12:27 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Alan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:51 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Alan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...se/ghplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers...eminfo/MSC3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - http://www.beemovie....1600x1200_3.jpg

--
End of file - 13126 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080328-000826-717 F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\patch.exe

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - C:\WINDOWS\system32\notepad.exe "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 catchme - c:\docume~1\alan\locals~1\temp\catchme.sys (file missing)
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S2 Viewpoint Manager Service -
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-28 17:21:49 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-28 17:21:40 446 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-03-27 01:00:45 370 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-03-25 17:19:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-23 09:37:57 620 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Alan.job
2008-03-17 06:29:23 360 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-02-29 23:41:31 388 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1204342846.job


-- Files created between 2008-02-28 and 2008-03-28 -----------------------------

2008-03-28 17:17:24 0 d-------- C:\WINDOWS\ERUNT
2008-03-27 06:58:08 0 d-------- C:\WINDOWS\system32\Futuremark
2008-03-26 19:36:02 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-03-26 13:38:11 0 d-------- C:\Documents and Settings\Kim\Application Data\Grisoft
2008-03-26 06:28:44 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-25 21:44:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-25 21:44:49 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-25 21:44:48 0 d-------- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
2008-03-25 20:09:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-25 18:55:45 0 d-------- C:\Program Files\Trend Micro
2008-03-25 18:25:11 0 d-------- C:\Documents and Settings\Alan\Application Data\Grisoft
2008-03-25 18:25:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 19:35:10 0 d-------- C:\Documents and Settings\Alan\Application Data\Ashampoo
2008-03-24 19:32:55 0 d-------- C:\Program Files\Ashampoo
2008-03-23 18:43:12 0 d-------- C:\Program Files\MSXML 6.0
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-23 17:08:08 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-23 17:08:08 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-23 17:08:08 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-23 17:08:08 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-23 17:08:08 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-23 17:08:08 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-23 17:08:08 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-23 17:08:08 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-23 17:08:08 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-23 17:08:08 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-23 17:08:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-23 01:51:51 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-03-22 23:45:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-22 23:39:31 0 d-------- C:\Program Files\SlySoft
2008-03-22 13:29:18 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-22 13:29:18 0 d-------- C:\Program Files\AutoCAD 2009
2008-03-22 13:29:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-22 13:29:18 0 d-------- C:\Documents and Settings\Alan\Application Data\Autodesk
2008-03-22 13:26:30 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-22 13:26:07 0 d-------- C:\Program Files\Reference Assemblies
2008-03-22 13:06:31 0 d-------- C:\Program Files\PowerISO
2008-03-22 12:24:40 86588244 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-03-22 11:39:19 0 d-------- C:\Documents and Settings\Alan\Application Data\Sun
2008-03-20 20:16:42 0 d-------- C:\Documents and Settings\Alan\Application Data\NeroDCTemplates
2008-03-20 20:09:46 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-20 20:09:44 0 d-------- C:\Softpaq
2008-03-18 22:39:21 0 d-------- C:\Program Files\NeroInstall.bak
2008-03-17 15:56:14 0 d-------- C:\Documents and Settings\Alan\Application Data\NeroDigital™
2008-03-17 15:53:51 0 d-------- C:\Program Files\DVD Region+CSS Free
2008-03-17 15:37:51 0 d-------- C:\Program Files\PeerGuardian2
2008-03-15 18:32:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-03-15 18:32:20 0 d-------- C:\Documents and Settings\Alan\Application Data\GTek
2008-03-14 20:48:56 0 d-------- C:\Program Files\AVSMedia
2008-03-14 20:45:22 0 d-------- C:\Documents and Settings\Alan\Application Data\Pegasys Inc
2008-03-14 20:24:22 0 d-------- C:\Documents and Settings\Alan\Application Data\AVSMedia
2008-03-14 20:24:18 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-03-14 20:21:51 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-14 20:21:12 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-14 20:21:12 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-14 20:21:12 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-03-14 20:21:12 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-03-14 20:21:12 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-03-14 20:20:36 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-14 20:04:46 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2008-03-14 20:04:34 0 d-------- C:\Program Files\Pegasys Inc
2008-03-14 19:23:35 0 d-------- C:\Documents and Settings\Alan\Application Data\DVDFab
2008-03-14 17:21:30 0 d-------- C:\Documents and Settings\Alan\Application Data\BitTorrent
2008-03-14 17:21:18 0 d-------- C:\Program Files\DNA
2008-03-14 17:21:18 0 d-------- C:\Documents and Settings\Alan\Application Data\DNA
2008-03-14 17:21:17 0 d-------- C:\Program Files\BitTorrent
2008-03-13 10:03:03 0 d-------- C:\Program Files\iPod
2008-03-13 10:02:59 0 d-------- C:\Program Files\iTunes
2008-03-11 14:37:47 0 d-------- C:\Documents and Settings\Kim\Application Data\Microsoft Games
2008-03-11 13:30:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-03-11 13:20:30 0 d-------- C:\Program Files\Microsoft Games
2008-03-09 22:40:19 0 d-------- C:\Documents and Settings\Alan\Application Data\Apple Computer
2008-03-09 15:17:50 0 d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-03-09 11:09:41 0 d-------- C:\Program Files\LimeWire
2008-03-09 10:52:00 0 d-------- C:\Program Files\Common Files\eSellerate
2008-03-08 00:05:49 0 d-------- C:\Documents and Settings\Alan\Application Data\Ventrilo
2008-03-08 00:03:18 0 d-------- C:\Program Files\Ventrilo
2008-03-08 00:03:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 00:02:07 968 --a------ C:\WINDOWS\uninstallcopymoveto.vbs
2008-03-07 23:33:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-07 23:33:52 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-07 15:35:25 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-03-07 12:15:44 0 d-------- C:\Program Files\Incomplete
2008-03-07 08:05:53 0 d-------- C:\Documents and Settings\Kim\Application Data\Apple Computer
2008-03-07 08:05:33 0 d-------- C:\Program Files\Bonjour
2008-03-07 08:05:10 0 d-------- C:\Program Files\QuickTime
2008-03-07 08:05:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-07 08:04:58 0 d-------- C:\Program Files\Apple Software Update
2008-03-07 08:04:46 0 d-------- C:\Program Files\Common Files\Apple
2008-03-07 08:04:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-07 07:43:31 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-06 18:30:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-06 18:24:05 0 d-------- C:\Documents and Settings\Alan\Application Data\Xfire
2008-03-06 18:24:04 0 d-------- C:\Program Files\Xfire
2008-03-06 04:07:30 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-03-06 00:54:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-06 00:54:15 0 d-------- C:\Program Files\Yahoo!
2008-03-05 18:22:35 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-05 18:21:28 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-05 18:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-05 11:37:17 0 d-------- C:\Documents and Settings\Kim\Application Data\FunWebProducts
2008-03-05 08:02:56 0 d-------- C:\Documents and Settings\Kim\Shared
2008-03-05 08:02:53 0 d-------- C:\Documents and Settings\Kim\Incomplete
2008-03-05 08:02:46 0 d-------- C:\Documents and Settings\Kim\Application Data\LimeWire
2008-03-04 13:23:37 0 d-------- C:\Documents and Settings\Kim\Application Data\Simple Star
2008-03-04 13:04:25 313 --ah----- C:\Documents and Settings\Alan\hpothb07.dat
2008-03-04 13:04:17 0 --ah----- C:\Documents and Settings\Kim\hpothb07.dat
2008-03-04 13:03:28 0 d-------- C:\Documents and Settings\Kim\Application Data\Hewlett-Packard
2008-03-04 00:36:31 0 d-------- C:\Program Files\XoftSpySE
2008-03-03 23:24:35 0 d-------- C:\Program Files\RegCure
2008-03-02 18:14:28 0 d-------- C:\Program Files\PokerStars.NET
2008-03-02 17:39:00 0 d-------- C:\Documents and Settings\Kim\Application Data\Google
2008-03-02 13:27:51 0 d-------- C:\Documents and Settings\Alan\Application Data\Google
2008-03-02 13:27:26 0 d-------- C:\Documents and Settings\Alan\Application Data\AdobeUM
2008-03-02 13:12:02 32 --a------ C:\WINDOWS\go
2008-03-02 13:11:58 0 d-------- C:\WINDOWS\vf_hip
2008-03-02 13:11:57 0 d-------- C:\Program Files\Hide IP Platinum
2008-03-02 13:02:59 221184 --a------ C:\WINDOWS\system32\xtbaksm.dat
2008-03-02 13:02:58 0 d-------- C:\WINDOWS\system32\xtupdate
2008-03-02 13:02:49 0 d-------- C:\WINDOWS\system32\IOSUBSYS
2008-03-02 13:02:49 41 -rah----- C:\WINDOWS\system32\bn.dll
2008-03-02 12:05:46 0 d-------- C:\Documents and Settings\Kim\Contacts
2008-03-02 11:52:12 0 d-------- C:\WINDOWS\Sun
2008-03-02 11:52:12 0 d-------- C:\Documents and Settings\Kim\Application Data\Sun
2008-03-02 11:52:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-02 11:52:02 0 d-------- C:\Program Files\Google
2008-03-02 11:51:35 0 d-------- C:\Program Files\Java
2008-03-02 11:51:21 0 d-------- C:\Program Files\Common Files\Java
2008-03-02 11:48:34 0 d-------- C:\Documents and Settings\Kim\Application Data\Macromedia
2008-03-02 11:48:18 0 d-------- C:\Documents and Settings\Kim\Application Data\acccore
2008-03-02 11:46:41 0 d-------- C:\Documents and Settings\Kim\Application Data\Adobe
2008-03-01 22:46:05 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-01 13:33:45 0 d-------- C:\WINDOWS\system32\Defaults
2008-03-01 13:32:50 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-01 13:32:50 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-03-01 13:32:34 3072 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-03-01 13:32:34 10240 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-01 13:13:27 0 d-------- C:\Program Files\Ares
2008-03-01 12:26:25 0 d-------- C:\Documents and Settings\Alan\Application Data\UseNeXT
2008-03-01 12:18:47 0 d-------- C:\Documents and Settings\Alan\Application Data\acccore
2008-03-01 12:17:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-01 12:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-03-01 12:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-01 12:16:53 0 d-------- C:\Program Files\Common Files\AOL
2008-03-01 12:16:42 0 d-------- C:\Program Files\AIM6
2008-03-01 04:04:44 0 d-------- C:\Documents and Settings\Kim\Application Data\Windows Desktop Search
2008-03-01 04:04:44 0 d-------- C:\Documents and Settings\Kim\Application Data\Nero
2008-03-01 04:04:36 0 d-------- C:\Documents and Settings\Kim\Application Data\Identities
2008-03-01 04:04:30 0 dr-h----- C:\Documents and Settings\Kim\Recent
2008-03-01 04:04:30 0 d--h----- C:\Documents and Settings\Kim\PrintHood
2008-03-01 04:04:30 0 d--h----- C:\Documents and Settings\Kim\NetHood
2008-03-01 04:04:30 0 dr------- C:\Documents and Settings\Kim\My Documents
2008-03-01 04:04:30 0 d--h----- C:\Documents and Settings\Kim\Local Settings
2008-03-01 04:04:30 0 dr------- C:\Documents and Settings\Kim\Favorites
2008-03-01 04:04:30 0 d-------- C:\Documents and Settings\Kim\Desktop
2008-03-01 04:04:30 0 d--hs---- C:\Documents and Settings\Kim\Cookies
2008-03-01 04:04:30 0 d--h----- C:\Documents and Settings\Kim\Application Data
2008-03-01 04:04:30 0 d---s---- C:\Documents and Settings\Kim\Application Data\Microsoft
2008-03-01 04:04:29 0 d--h----- C:\Documents and Settings\Kim\Templates
2008-03-01 04:04:29 0 dr------- C:\Documents and Settings\Kim\Start Menu
2008-03-01 04:04:29 0 dr-h----- C:\Documents and Settings\Kim\SendTo
2008-03-01 04:04:29 2359296 --ah----- C:\Documents and Settings\Kim\NTUSER.DAT
2008-03-01 03:45:56 0 d-------- C:\Documents and Settings\Alan\Application Data\Windows Desktop Search
2008-03-01 03:45:29 0 d-------- C:\Program Files\Windows Desktop Search
2008-03-01 01:59:55 0 d-------- C:\Program Files\GameSpot
2008-03-01 01:09:32 0 d-------- C:\Program Files\Activision
2008-03-01 01:06:54 0 d--hs---- C:\WINDOWS\ftpcache
2008-03-01 01:00:01 0 d-------- C:\WINDOWS\system32\appmgmt
2008-03-01 00:26:10 0 d-------- C:\Program Files\Microsoft LifeCam
2008-03-01 00:21:09 0 d-------- C:\Documents and Settings\Alan\Contacts
2008-03-01 00:20:23 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-01 00:17:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 00:17:20 0 d-------- C:\Program Files\Windows Live
2008-03-01 00:17:14 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 00:11:17 0 d-------- C:\Program Files\MSXML 4.0
2008-03-01 00:02:29 0 d-------- C:\WINDOWS\network diagnostic
2008-02-29 23:47:56 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-29 23:41:26 0 d-------- C:\Documents and Settings\Alan\Application Data\Hewlett-Packard
2008-02-29 23:32:17 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-29 23:22:57 0 d-------- C:\Program Files\Hewlett-Packard
2008-02-29 23:20:59 0 d-------- C:\Documents and Settings\Alan\Application Data\Help
2008-02-29 23:16:33 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-29 23:16:33 47360 --a------ C:\Documents and Settings\Alan\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-29 23:16:32 0 d-------- C:\Documents and Settings\Alan\Application Data\Vso
2008-02-29 23:16:20 352410 --a------ C:\WINDOWS\opeC2.exe
2008-02-29 23:12:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Simple Star
2008-02-29 23:11:24 335872 --a------ C:\WINDOWS\Nero PhotoShow.scr <Not Verified; Nero AG / Nero Inc.; Nero PhotoShow Screen Saver>
2008-02-29 23:11:18 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-02-29 23:11:18 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-02-29 23:07:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2008-02-29 23:07:06 0 d-------- C:\Program Files\Common Files\Simple Star Shared
2008-02-29 23:06:07 0 d-------- C:\Documents and Settings\Alan\Application Data\Macromedia
2008-02-29 23:03:17 0 d-------- C:\Documents and Settings\Alan\Application Data\Simple Star
2008-02-29 23:02:04 0 d-------- C:\Documents and Settings\Alan\Application Data\Nero
2008-02-29 23:00:37 0 d-------- C:\Program Files\Nero
2008-02-29 23:00:37 0 d-------- C:\Program Files\Common Files\Nero
2008-02-29 23:00:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-29 22:55:35 0 d-------- C:\WINDOWS\RegisteredPackages
2008-02-29 22:45:44 0 d-------- C:\Program Files\Microsoft Works
2008-02-29 22:45:40 0 d-------- C:\Program Files\MSBuild
2008-02-29 22:32:15 0 d-------- C:\WINDOWS\SHELLNEW
2008-02-29 22:31:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 22:30:34 0 dr-h----- C:\MSOCache
2008-02-29 22:21:58 0 d-------- C:\Documents and Settings\Alan\Application Data\Adobe
2008-02-29 22:06:25 0 d-------- C:\NVIDIA
2008-02-29 22:04:16 286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-02-29 22:04:16 0 d-------- C:\Program Files\ResChanger XP
2008-02-29 21:53:51 0 d-------- C:\Documents and Settings\Alan\Application Data\Creative
2008-02-29 21:51:20 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-02-29 21:50:23 0 d-------- C:\WINDOWS\system32\Data
2008-02-29 21:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-02-29 21:31:30 41984 -----n--- C:\WINDOWS\CTRegRun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-02-29 21:31:25 0 d-------- C:\Program Files\Creative
2008-02-29 21:27:12 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-02-29 21:27:12 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-02-29 21:27:12 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-02-29 21:27:12 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-02-29 21:27:12 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-02-29 21:27:12 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-02-29 21:27:12 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-02-29 21:27:12 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-02-29 21:27:12 0 d-------- C:\WINDOWS\nview
2008-02-29 21:22:04 0 d-------- C:\WINDOWS\system32\EVGA
2008-02-29 20:54:36 0 d-------- C:\WINDOWS\system32\LogFiles
2008-02-29 20:54:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-29 20:54:00 0 d-------- C:\Program Files\NVIDIA Corporation
2008-02-29 20:52:09 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-29 20:52:05 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-02-29 20:51:00 0 d-------- C:\WINDOWS\NV23082312.TMP
2008-02-29 20:50:11 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-29 20:39:46 0 d--h----- C:\WINDOWS\PIF
2008-02-29 20:26:10 16618 -----n--- C:\WINDOWS\hpomdl01.dat
2008-02-29 20:26:10 20454 --a------ C:\WINDOWS\hpoins01.dat
2008-02-29 20:15:54 0 d-------- C:\Program Files\Norton Internet Security
2008-02-29 20:15:25 0 d-------- C:\Program Files\Symantec
2008-02-29 20:15:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-29 20:15:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-29 20:10:05 0 d-------- C:\Documents and Settings\Alan\Application Data\Identities
2008-02-29 20:10:00 0 dr------- C:\Documents and Settings\Alan\Favorites
2008-02-29 20:10:00 0 d-------- C:\Documents and Settings\Alan\Desktop
2008-02-29 20:10:00 0 d--hs---- C:\Documents and Settings\Alan\Cookies
2008-02-29 20:10:00 0 dr-h----- C:\Documents and Settings\Alan\Application Data
2008-02-29 20:09:59 0 d--h----- C:\Documents and Settings\Alan\Templates
2008-02-29 20:09:59 0 dr------- C:\Documents and Settings\Alan\Start Menu
2008-02-29 20:09:59 0 dr-h----- C:\Documents and Settings\Alan\SendTo
2008-02-29 20:09:59 0 dr-h----- C:\Documents and Settings\Alan\Recent
2008-02-29 20:09:59 0 d--h----- C:\Documents and Settings\Alan\PrintHood
2008-02-29 20:09:59 3145728 --ah----- C:\Documents and Settings\Alan\NTUSER.DAT
2008-02-29 20:09:59 0 d--h----- C:\Documents and Settings\Alan\NetHood
2008-02-29 20:09:59 0 dr------- C:\Documents and Settings\Alan\My Documents
2008-02-29 20:09:59 0 d--h----- C:\Documents and Settings\Alan\Local Settings
2008-02-29 20:08:35 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-02-29 20:08:34 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-02-29 20:08:34 0 d-------- C:\WINDOWS\Prefetch
2008-02-29 20:08:33 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-02-29 20:08:33 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-02-29 20:08:33 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-02-29 20:08:33 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-02-29 20:08:33 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-02-29 19:22:20 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-02-29 19:22:20 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-02-29 19:22:20 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-02-29 19:22:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-02-29 19:22:20 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-02-29 19:19:39 0 d-------- C:\WINDOWS\system32\xircom
2008-02-29 19:19:39 0 d-------- C:\Program Files\microsoft frontpage
2008-02-29 19:19:32 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-02-29 19:19:29 0 d--h----- C:\WINDOWS\$hf_mig$
2008-02-29 19:19:20 0 -rahs---- C:\MSDOS.SYS
2008-02-29 19:19:20 0 -rahs---- C:\IO.SYS
2008-02-29 19:19:20 0 --a------ C:\CONFIG.SYS
2008-02-29 19:19:20 0 --a------ C:\AUTOEXEC.BAT
2008-02-29 19:18:45 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-02-29 19:18:39 0 dr------- C:\WINDOWS\Offline Web Pages
2008-02-29 19:18:39 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-29 19:18:32 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-29 19:18:14 0 d-------- C:\WINDOWS\system32\DirectX
2008-02-29 19:17:20 0 d---s---- C:\WINDOWS\Tasks
2008-02-29 19:17:18 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-29 19:17:12 0 d-------- C:\WINDOWS\srchasst
2008-02-29 19:17:10 0 d-------- C:\WINDOWS\system32\Macromed
2008-02-29 19:16:58 0 d-------- C:\Program Files\Movie Maker
2008-02-29 19:16:44 0 d-------- C:\WINDOWS\system32\Restore
2008-02-29 19:16:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 19:15:58 0 d-------- C:\WINDOWS\Registration
2008-02-29 19:15:54 0 d-------- C:\Program Files\Online Services
2008-02-29 19:15:49 0 d-------- C:\Program Files\Messenger
2008-02-29 19:15:44 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-29 19:14:47 0 d-------- C:\Program Files\Windows NT
2008-02-29 19:14:41 0 d-------- C:\WINDOWS\system32\MsDtc
2008-02-29 19:14:39 0 d-------- C:\WINDOWS\system32\Com
2008-02-29 14:06:03 0 d--hs---- C:\WINDOWS\Installer
2008-02-29 14:06:02 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-29 14:05:58 0 dr------- C:\Program Files
2008-02-29 14:05:58 0 d-------- C:\Program Files\Common Files
2008-02-29 14:05:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-02-29 14:05:31 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-02-29 14:05:31 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-02-29 14:05:31 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-02-29 14:05:31 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2008-02-29 14:05:31 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-02-29 14:05:31 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-02-29 14:05:31 0 dr------- C:\Documents and Settings\All Users\Documents
2008-02-29 14:05:31 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-02-29 14:05:16 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-02-29 14:05:16 0 d-------- C:\WINDOWS\system32\CatRoot
2008-02-29 14:05:10 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-02-29 14:05:10 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-02-29 14:05:10 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-02-29 14:05:10 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-02-29 14:04:44 0 d-------- C:\Documents and Settings
2008-02-29 14:04:43 0 d--hs---- C:\System Volume Information
2008-02-29 13:53:17 0 d-------- C:\WINDOWS
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\WinSxS
2008-02-29 13:53:17 0 dr------- C:\WINDOWS\Web
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\twain_32
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\wins
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\wbem
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\usmt
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\spool
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\ShellExt
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\Setup
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\ras
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\oobe
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\npp
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\mui
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\inetsrv
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\IME
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\icsxml
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\ias
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\export
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\drivers
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-02-29 13:53:17 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\dhcp
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\config
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\3076
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\2052
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1054
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1042
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1041
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1037
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1033
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1031
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1028
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system32\1025
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\system
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\security
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Resources
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\repair
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Provisioning
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\PeerNet
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\pchealth
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\mui
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\msapps
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\msagent
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Media
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\java
2008-02-29 13:53:17 0 d--h----- C:\WINDOWS\inf
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\ime
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Help
2008-02-29 13:53:17 0 dr--s---- C:\WINDOWS\Fonts
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\ehome
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Driver Cache
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Debug
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Cursors
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Connection Wizard
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\Config
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\AppPatch
2008-02-29 13:53:17 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-03-23 01:51:55 34 --a------ C:\Documents and Settings\Alan\Application Data\pcouffin.log
2008-03-23 01:51:53 1144 --a------ C:\Documents and Settings\Alan\Application Data\pcouffin.inf
2008-03-23 01:51:53 7887 --a------ C:\Documents and Settings\Alan\Application Data\pcouffin.cat
2008-03-01 01:59:58 5584 --a------ C:\Program Files\install.log
2008-02-29 14:05:31 62 --ahs---- C:\Documents and Settings\Alan\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 03:11 AM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/13/2006 11:12 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"ResChangerXP"="C:\Program Files\ResChanger XP\ResChangerXP.exe" [02/14/2002 03:33 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 02:41 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"VX6000"="C:\WINDOWS\vVX6000.exe" [10/13/2006 06:04 PM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 06:01 PM]
"CTHelper"="CTHELPER.EXE" [08/11/2006 03:56 PM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [08/11/2006 03:56 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [03/17/2006 10:24 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe" [04/27/2007 02:16 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.ex
  • 0

#8
oopdog
Posted 29 March 2008 - 11:44 AM

oopdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/27/2008 06:48 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 2:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 2:06:58 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 4:40:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 04:39 PM 294400]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [10/09/2004 03:18 PM 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/27/2008 06:48 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\autorun.exe
setup\command- F:\setup.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-03-28 17:29:45 ------------
  • 0

#9
sage5
Posted 29 March 2008 - 05:33 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi oopdog,

I see you have Ares, BitTorrent & LimeWire installed on your system.
While these programs themselves are legal, most of the files downloaded with them, are not.
These programs can also be some of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling Ares, BitTorrent & LimeWire as outlined below.


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    Ares 2.0.9
    BitTorrent
    J2SE Runtime Environment 5.0 Update 1
    LimeWire 4.16.6
    Please take note of any other programs that you don't recognise in that list, and include them in your next response
  • Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these folders, (if present):
    C:\Documents and Settings\Alan\Application Data\BitTorrent
    C:\Program Files\DNA
    C:\Documents and Settings\Alan\Application Data\DNA
    C:\Program Files\BitTorrent
    C:\Program Files\LimeWire
    C:\Program Files\PokerStars.NET
    C:\WINDOWS\system32\xtupdate
  • Delete these files, (if present):
    C:\WINDOWS\system32\xtbaksm.dat
    C:\WINDOWS\S42023BC9.tmp
    C:\WINDOWS\system32\bn.dll
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp


Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location, like C:\panda.txt


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
Please include a note to tell me how your PC is running now.

Cheers,

sage5
  • 0

#10
oopdog
Posted 02 April 2008 - 04:02 PM

oopdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi sage5
Sorry it took a while to get back to you. I did everything you suggested and ran the panda active scan and i'm posting the results of that and my last hjt log. My computer seems to be running better but i've been experiencing some slow connection problems with my isp that seem to get better if I power cycle my modem and router, but that's an entirely different problem altogether. I didn't notice any other suspicious programs in my add/delete software. Hopefully, we got rid of all the files causing the problems. I want to thank you again for your help. Alot of people appreciate what you guys do with this forum, I'm sure. I know I certainly do!

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-02 06:20:00
PROTECTIONS: 2
MALWARE: 7
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.519 7.5.519 Yes Yes
Norton Internet Security 2007 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Kim\Cookies\kim@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Alan\Cookies\alan@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Kim\Cookies\kim@atdmt[2].txt
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Alan\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Kim\Cookies\kim@mediaplex[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Alan\Cookies\alan@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kim\Cookies\kim@advertising[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Kim\Cookies\kim@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Alan\Cookies\alan@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Kim\Cookies\kim@atwola[1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
==============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:12 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...se/ghplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.beemovie....1600x1200_3.jpg

--
End of file - 13278 bytes
  • 0

Advertisements

#11
sage5
Posted 03 April 2008 - 12:04 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi oopdog,

The PC's looking pretty good, but the security software is a mess

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation) Disabled


I see AVG anti-spyware, so that is a start.
What is with the Noton, is it trialware that has expired, or not kept up to date.
If you want to keep it, update it, otherwise let's get rid of it.

Let's get you a good Anti-virus & firewall:
I have listed a couple of free versions of both. While these are free, they are very capable, (at least as good as Nortons & easier on your system) Please download, one of each, to your Desktop, but do not install just yet.

Firewalls: Please download one only.
Comodo Firewall Pro or Sunbelt Personal Firewall

Anti-virus: Please download one only:
Avast! Free Edition or AntiVir PersonalEdition Classic

Anti-Virus Tutorials/Manuals:
Avast Tutorial
Avast Manual
Antivir Manual

Please also download the following & save to your Desktop:
Norton Removal Tool

Remove Nortons:
Double click the Norton_Removal_Tool.exe & follow the instructions.
The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Now install the new firewall you downloaded earlier.

Next install the new anti-virus software.

Please allow the new Anti-virus to run a full System scan, and at the end of the process you should be able to save a scan log.
If the scan report window does not have a Save as Report button (or similar), you may be able to highlight the text in the window & copy & paste it to a new Notepad file.
Save it as C:\avscan.txt if you can.

I need you to post me a fresh HijackThis log to confirm correct installation of the Anti-virus and Firewall programs.


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
Please include a note to tell me how your PC is running now.

Cheers,

sage5
  • 0

#12
oopdog
Posted 04 April 2008 - 05:04 AM

oopdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok Sage5 I downloaded and installed the Comodo Firewall and the Avast antivirus programs and got rid of the Norton's. Computer is running well. The antivirus scan found 2 infected files that appear to be related to the Panda online scan. I'm posting that log and my last HJT log. Thank You again for all your help.

4/3/2008 10:42:59 PM 1207276979 Alan 1300 Sign of "Win32:CTX" has been found in "C:\Program Files\Panda Security\TotalScan\pskavs.dll" file.
4/4/2008 6:07:01 AM 1207303621 Alan 1300 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:35 AM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...se/ghplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.beemovie....1600x1200_3.jpg

--
End of file - 11980 bytes
  • 0

#13
sage5
Posted 04 April 2008 - 05:40 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi oopdog,


Create an Uninstall list:
  • Open HijackThis, click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list.
This generates uninstall_list.txt in the same folder as HijackThis. I need you to paste the text from this file as your next Reply.


Cheers,

sage5

Edited by sage5, 04 April 2008 - 05:41 AM.

  • 0

#14
oopdog
Posted 04 April 2008 - 05:54 PM

oopdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi sage5

Here is the uninstall_list .txt

3DMark06
Adobe Reader 8.1.2
AIM 6
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
AVG 7.5
AVG Anti-Spyware 7.5
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.1 Patch
Call of Duty® 4 - Modern Warfare™ 1.2 Patch
Call of Duty® 4 - Modern Warfare™ 1.3 Patch
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
CCleaner (remove only)
COMODO Firewall Pro
ConvertXtoDVD 3.0.0.7
Copy/Move To Extensions
Creative Audio Console
DVDFab Platinum 4.1.2.0
EVGA Display Driver
GameSpot Download Manager
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
iTunes
Java™ 6 Update 3
Java™ 6 Update 5
LifeGlobe Sharks, Terrors of the Deep
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 8
Nero PhotoShow Deluxe 5
neroxml
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nTune
Panda ActiveScan
Panda TotalScan
PowerQuest PartitionMagic 8.0
QuickTime
RegCure 1.5.0.0
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
System Requirements Lab
TuneUp Utilities 2008
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VCRedistSetup
Ventrilo Client
Windows Communication Foundation
Windows Desktop Search 3.01
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xfire (remove only)
XoftSpySE
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
Zoo Tycoon 2 - Marine Mania
  • 0

#15
sage5
Posted 05 April 2008 - 12:02 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi oopdog,

I have inadvertently got you to load a new anti-virus (avast!) when there was one there already (AVG 7.5) :)
Strangely, AVG 7.5 did not show up in the Deckard's System scan in either the Security centre, or the Add/Remove Programs section.
This makes me think that it has been disabled somehow, because otherwise, it and avast! would now be conflicting & slowing your PC to a crawl.

Your choice is this:
If you were happy with AVG 7.5, uninstall the avast! and reload AVG & update it.
If you wish to keep avast!, remove AVG via the Add/Remove programs page of the Control Panel.

Then post me a new HijackThis log.

Cheers,

sage5
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP