Cheers Mike,
well managed to get those two programs working, still havent managed to remove old Java or install new Java.
See text files belw;
SDFIX
[b]SDFix: Version 1.187 [/b]
Run by Kris on Sun 06/01/2008 at 01:08 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\TFTP1800 - Deleted
C:\WINDOWS\system32\TFTP2072 - Deleted
C:\WINDOWS\system32\TFTP3616 - Deleted
C:\WINDOWS\system32\TFTP3928 - Deleted
C:\Documents and Settings\Kris\Application Data\addon.dat - Deleted
C:\WINDOWS\system32\winupdate.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 13:30:48
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a0,46,39,f4,a8,52,28,90,38,74,1d,3a,31,cf,e6,0b,46,70,29,fb,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:32,88,5d,d8,ff,62,01,c4,7a,4c,48,21,7d,1c,21,b7,79,60,96,2f,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,cf,46,d4,95,b7,4d,64,3b,20,21,09,bc,f1,76,0c,3a,ee,be,b9,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,cf,46,d4,95,b7,4d,64,3b,20,21,09,bc,f1,76,0c,3a,ee,be,b9,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e8,14,92,d7,ee,44,0f,17,ff,35,16,fc,a8,54,8e,50,6a,a9,ec,3b,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:3e3685e9
"s2"=dword:73f66784
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e8,14,92,d7,ee,44,0f,17,ff,35,16,fc,a8,54,8e,50,6a,a9,ec,3b,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e8,14,92,d7,ee,44,0f,17,ff,35,16,fc,a8,54,8e,50,6a,a9,ec,3b,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 24 Apr 2008 211 A.SHR --- "C:\BOOT.BAK"
Wed 9 Jan 2002 1,097,728 A..H. --- "C:\Program Files\VoyagerModemDrivers\Dirapi.dll"
Wed 9 Jan 2002 561,152 A..H. --- "C:\Program Files\VoyagerModemDrivers\Iml32.dll"
Wed 1 Sep 2004 2,048 A..H. --- "C:\Program Files\VoyagerModemDrivers\ipchecking.exe"
Wed 9 Jan 2002 266,293 A..H. --- "C:\Program Files\VoyagerModemDrivers\msvcrt.dll"
Wed 9 Jan 2002 151,552 A..H. --- "C:\Program Files\VoyagerModemDrivers\Proj.dll"
Tue 1 Mar 2005 467,688 A..H. --- "C:\Program Files\VoyagerModemDrivers\WindowsXP-KB885295-x86-enu.exe"
Thu 25 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 12 Dec 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Thu 25 Jan 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Wed 16 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 22 Jan 2008 3,077 ...HR --- "C:\Documents and Settings\Kris\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 5 Dec 2006 28,672 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL0780.tmp"
Tue 5 Dec 2006 43,520 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL1274.tmp"
Thu 11 Jan 2007 59,392 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL1351.tmp"
Tue 5 Dec 2006 36,352 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL2972.tmp"
Tue 5 Dec 2006 33,280 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL3171.tmp"
Tue 5 Dec 2006 45,056 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL3954.tmp"
Fri 15 Jul 2005 4,348 A..H. --- "C:\Documents and Settings\Kris\My Documents\My Music\License Backup\drmv1key.bak"
Thu 27 Jul 2006 401 A..H. --- "C:\Documents and Settings\Kris\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 30 Oct 2005 400 A.SH. --- "C:\Documents and Settings\Kris\My Documents\My Music\License Backup\drmv2key.bak"
Wed 29 Mar 2006 41,472 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0001.tmp"
Thu 30 Mar 2006 49,664 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0019.tmp"
Thu 30 Mar 2006 52,736 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0046.tmp"
Thu 30 Mar 2006 43,520 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0206.tmp"
Thu 30 Mar 2006 48,128 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0587.tmp"
Thu 30 Mar 2006 47,616 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0757.tmp"
Thu 30 Mar 2006 52,736 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0792.tmp"
Thu 30 Mar 2006 45,056 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL1033.tmp"
Thu 30 Mar 2006 46,080 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL1070.tmp"
Thu 30 Mar 2006 52,224 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL1226.tmp"
Thu 30 Mar 2006 45,568 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL1862.tmp"
Thu 30 Mar 2006 43,520 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL2106.tmp"
Thu 30 Mar 2006 45,056 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL3059.tmp"
Thu 30 Mar 2006 52,224 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL3187.tmp"
Thu 30 Mar 2006 43,008 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL3874.tmp"
Thu 30 Mar 2006 45,056 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL3883.tmp"
Thu 5 Jan 2006 38,400 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL0003.tmp"
Thu 5 Jan 2006 29,184 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL0068.tmp"
Thu 5 Jan 2006 32,768 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL0709.tmp"
Thu 5 Jan 2006 32,256 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL0917.tmp"
Thu 5 Jan 2006 34,816 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL1259.tmp"
Thu 5 Jan 2006 36,864 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL1740.tmp"
Thu 5 Jan 2006 35,840 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL1752.tmp"
Thu 5 Jan 2006 36,352 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2242.tmp"
Thu 5 Jan 2006 37,888 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2513.tmp"
Thu 5 Jan 2006 36,864 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2689.tmp"
Thu 5 Jan 2006 37,376 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2853.tmp"
Thu 5 Jan 2006 24,064 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2856.tmp"
Thu 5 Jan 2006 36,864 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2950.tmp"
Thu 5 Jan 2006 31,744 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL3209.tmp"
Sun 8 Jan 2006 39,936 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL3414.tmp"
Thu 5 Jan 2006 25,600 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL3419.tmp"
Thu 5 Jan 2006 27,648 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL3682.tmp"
Mon 16 Apr 2007 24,064 ...H. --- "C:\Documents and Settings\Kris\My Documents\Uni\year 3 stuff\CMP 3626 Content Creation + Management\~WRL2809.tmp"
Sun 26 Nov 2006 32,768 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\year 3 stuff\Dissertation\~WRL0001.tmp"
[b]Finished![/b]
DSS
Deckard's System Scanner v20071014.68
Run by Kris on 2008-06-01 13:47:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Kris.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:40 PM, on 6/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Kris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kris.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1078081533-1292428093-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINNT\system32\msiexec.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5665 bytes
-- Files created between 2008-05-01 and 2008-06-01 -----------------------------
2008-06-01 13:01:05 0 d-------- C:\WINDOWS\ERUNT
2008-05-31 11:52:09 0 d-------- C:\Program Files\Avira
2008-05-31 11:52:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-31 11:37:55 0 d-------- C:\Documents and Settings\Kris\.SunDownloadManager
2008-05-29 20:14:00 0 d--h----- C:\WINDOWS\System32\explorer
2008-05-27 21:43:11 22016 --a------ C:\WINDOWS\System32\drivers\mouclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:43:10 12160 --a------ C:\WINDOWS\System32\drivers\mouhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:35:08 33792 --a------ C:\WINDOWS\System32\drivers\disk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:34:58 20480 --a------ C:\WINDOWS\System32\hidserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:25:51 34560 --a------ C:\WINDOWS\System32\drivers\hidclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:25:50 9600 --a------ C:\WINDOWS\System32\drivers\hidusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:25:50 23680 --a------ C:\WINDOWS\System32\drivers\hidparse.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Find3M Report ---------------------------------------------------------------
2008-05-26 14:26:57 0 d-------- C:\Program Files\GtkRadiant-1.4
2008-05-24 19:04:41 0 d-------- C:\Program Files\Defcon
2008-04-26 13:50:47 0 d-------- C:\Program Files\RogueRemover FREE
2008-04-25 21:25:02 0 d-------- C:\Program Files\LimeWire
2008-04-24 17:29:42 0 d-------- C:\Program Files\Enigma Software Group
2008-04-22 21:14:57 0 -ra------ C:\WINDOWS\TFTP768
2008-04-22 21:09:52 0 -ra------ C:\WINDOWS\TFTP396
2008-04-22 21:08:24 0 -ra------ C:\WINDOWS\TFTP308
2008-04-22 21:07:27 0 d-------- C:\Program Files\Trend Micro
2008-04-22 20:55:30 0 -ra------ C:\WINDOWS\TFTP1756
2008-04-22 20:54:18 0 -ra------ C:\WINDOWS\TFTP1824
2008-04-21 23:14:18 0 d-------- C:\Program Files\Alwil Software
2008-04-21 00:13:08 14336 --a------ C:\WINDOWS\WinUpdate.exe
2008-04-20 23:27:15 0 d-------- C:\Documents and Settings\Kris\Application Data\Macromedia
2008-04-20 23:13:18 0 d-------- C:\Program Files\lg_fwupdate
2008-04-16 22:26:09 512 -ra------ C:\WINDOWS\TFTP2244
2008-04-15 23:22:16 0 -ra------ C:\WINDOWS\TFTP324
2008-04-15 19:12:08 0 d-------- C:\Documents and Settings\Kris\Application Data\Skype
2008-04-15 18:07:45 0 -ra------ C:\WINDOWS\TFTP2552
2008-03-21 17:42:07 664 --a------ C:\WINDOWS\System32\d3d9caps.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [08/30/2006 06:51 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [08/30/2006 06:51 PM]
"GBB36X Configure"="C:\WINDOWS\System32\JMRaidTool.exe" [06/02/2006 09:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [03/14/2007 05:03 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 01:23 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [05/06/2003 10:28 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/06/2007 12:52 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 03:41 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kris^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kris\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kris^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Kris\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent
-- End of Deckard's System Scanner: finished at 2008-06-01 13:47:55 ------------
Hope this shed's some light?
Also, I've installed Avira Antivirus, but even though I double click the prog to run, and it comes up, it doesnt start with startup and I'm not even sure its protecting my system. Any ideas?
Edited by demeggy, 01 June 2008 - 09:05 AM.