Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cpu hog (dont know the cause)


  • This topic is locked This topic is locked

#1
hayrider007

hayrider007

    Member

  • Member
  • PipPip
  • 21 posts
running any type of media player on my comp leads to svchost.exe (Dcom launcher) to hog my cpu making my comp unuseable. i have a feeling its a virus but dont know what kind

hijackthis log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:31 a.m., on 3/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Fraps\fraps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Installers\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6710 bytes


DSS Log:

Deckard's System Scanner v20071014.68
Run by Zer0 on 2008-08-03 03:21:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-08-02 09:26:23 UTC - RP196 - Device Driver Package Install: NVIDIA Display adapters
3: 2008-08-02 09:10:41 UTC - RP195 - Windows Update
2: 2008-08-01 17:35:36 UTC - RP194 - Scheduled Checkpoint
1: 2008-08-01 02:24:32 UTC - RP193 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Zer0.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:04 a.m., on 3/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Fraps\fraps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Installers\dss.exe
C:\INSTAL~1\Zer0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6676 bytes

-- HijackThis Fixed Entries (C:\INSTAL~1\backups\) -----------------------------

backup-20080802-231150-694 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - \??\c:\progra~1\common~1\motive\mrempr5.sys
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - \??\c:\progra~1\common~1\motive\mrendis5.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-02 18:22:29 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{0DDF4A69-B6D5-4BED-A4F7-902DE9679F21}.job
2008-08-01 01:00:19 330 --a------ C:\Windows\Tasks\McQcTask.job
2008-07-15 01:20:00 338 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-07-29 04:14:11 0 d-------- C:\Program Files\iPod
2008-07-29 04:11:15 0 d-------- C:\Program Files\Bonjour
2008-07-29 04:10:02 0 d-------- C:\Program Files\QuickTime
2008-07-27 01:22:31 0 d-------- C:\Users\Zer0\Phone Browser
2008-07-27 01:14:08 0 d-------- C:\Windows\Downloaded Installations
2008-07-27 01:12:51 0 d-------- C:\Program Files\Common Files\Nokia
2008-07-27 01:12:21 0 d-------- C:\Users\All Users\PC Suite
2008-07-27 01:12:11 0 d-------- C:\Program Files\Common Files\PCSuite
2008-07-27 01:11:25 0 d-------- C:\Program Files\Nokia
2008-07-27 01:10:50 0 d-------- C:\Users\All Users\Downloaded Installations
2008-07-21 14:31:46 23 --a------ C:\Users\Zer0\jagex_runescape_preferences.dat
2008-07-16 14:59:10 0 d-a------ C:\Users\All Users\TEMP
2008-07-16 14:59:05 0 d-------- C:\Fraps


-- Find3M Report ---------------------------------------------------------------

2008-08-03 01:45:31 0 d-------- C:\Program Files\Steam
2008-08-02 23:30:58 0 d-------- C:\Users\Zer0\AppData\Roaming\Xfire
2008-08-02 23:25:02 12 --a------ C:\Windows\bthservsdp.dat
2008-08-02 23:19:42 0 d-------- C:\Users\Zer0\AppData\Roaming\IGN_DLM
2008-08-01 13:58:54 0 d-------- C:\Program Files\Common Files\Steam
2008-07-30 21:02:17 0 d-------- C:\Program Files\Xfire
2008-07-29 04:17:36 0 d-------- C:\Users\Zer0\AppData\Roaming\Apple Computer
2008-07-29 04:14:21 0 d-------- C:\Program Files\iTunes
2008-07-27 01:56:29 844608 --a------ C:\Users\Zer0\AppData\Roaming\NMM-MetaData.db
2008-07-27 01:22:33 0 d-------- C:\Users\Zer0\AppData\Roaming\Datalayer
2008-07-27 01:19:55 0 d-------- C:\Users\Zer0\AppData\Roaming\Nokia
2008-07-27 01:13:29 0 d-------- C:\Users\Zer0\AppData\Roaming\PC Suite
2008-07-27 01:12:51 0 d-------- C:\Program Files\Common Files
2008-07-23 16:03:58 0 d-------- C:\Program Files\McAfee
2008-07-10 01:44:50 0 d-------- C:\Program Files\Windows Mail
2008-07-02 00:43:20 0 d-------- C:\Users\Zer0\AppData\Roaming\DivX
2008-07-01 00:10:56 0 d-------- C:\Program Files\DivX
2008-07-01 00:10:47 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-29 13:12:49 0 d-------- C:\Users\Zer0\AppData\Roaming\Adobe
2008-06-29 13:09:31 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-28 23:06:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 21:09:09 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-27 21:08:44 0 d-------- C:\Program Files\McAfee.com
2008-06-24 18:25:40 0 d-------- C:\Program Files\DVD Decrypter
2008-06-24 00:32:49 0 d-------- C:\Program Files\AviSynth 2.5
2008-06-24 00:32:43 0 d-------- C:\Program Files\Red Kawa
2008-06-13 17:47:51 0 d-------- C:\Program Files\Ventrilo
2008-06-13 17:47:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 00:00:48 0 d-------- C:\Program Files\ChankastAlpha025
2008-05-31 11:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 11:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 11:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 11:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 11:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-23 10:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-23 10:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 10:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 10:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 07:38 p.m.]
"RtHDVCpl"="RtHDVCpl.exe" [01/12/2006 05:37 p.m. C:\Windows\RtHDVCpl.exe]
"VX1000"="C:\Windows\vVX1000.exe" [05/12/2006 02:38 p.m.]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [12/01/2007 04:48 p.m.]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 12:11 a.m.]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 07:12 p.m.]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 p.m.]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [15/06/2006 12:36 p.m.]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10/07/2008 09:47 a.m.]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50 a.m.]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2008 10:51 a.m.]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [16/05/2008 02:01 p.m.]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [16/05/2008 02:01 p.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 07:33 p.m.]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 07:33 p.m.]
"Steam"="c:\program files\steam\steam.exe" [30/03/2008 01:01 a.m.]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 10:34 a.m.]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 09:39 p.m.]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 07:33 p.m.]

C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [22/07/2008 12:42:28 p.m.]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 12:01:04 a.m.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-03 03:24:52 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 2046.83 MiB / 1193.96 MiB
Pagefile Memory (total/avail): 5061.13 MiB / 3814.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.36 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 55.42 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160811AS ATA Device - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Zer0\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ZER0S_COMP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HellgateEnv=C:\Program Files\Flagship Studios\Hellgate London\
HKCU_S=\REGISTRY\CUSER\Software
HKLM_S=\REGISTRY\MACHINE\Software
HOMEDRIVE=C:
HOMEPATH=\Users\Zer0
LOCALAPPDATA=C:\Users\Zer0\AppData\Local
LOGONSERVER=\\ZER0S_COMP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Zer0\AppData\Local\Temp
TMP=C:\Users\Zer0\AppData\Local\Temp
USERDOMAIN=Zer0s_comp
USERNAME=Zer0
USERPROFILE=C:\Users\Zer0
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Zer0 (admin)


-- Add/Remove Programs ---------------------------------------------------------

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch --> C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch --> C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Condition Zero Deleted Scenes --> "C:\Program Files\Steam\steam.exe" steam://uninstall/100
Counter-Strike: Condition Zero --> C:\Valve\CONDIT~1\UNWISE.EXE C:\Valve\CONDIT~1\INSTALL.LOG
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverCD --> C:\Windows\IsUninst.exe -f"C:\Program Files\GIGABYTE\DriverCD\Uninst.isu"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
FLV Player --> "C:\Windows\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Fraps --> "C:\Fraps\uninstall.exe"
Garry's Mod --> "C:\Program Files\Steam\steam.exe" steam://uninstall/4000
GCFScape 1.6.7 --> "C:\Program Files\GCFScape\unins000.exe"
Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "C:\Program Files\Steam\steam.exe" steam://uninstall/340
Half-Life: Blue Shift --> "C:\Program Files\Steam\steam.exe" steam://uninstall/130
Hellgate: London --> MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
HijackThis 2.0.2 --> "C:\Installers\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft LifeCam --> MsiExec.exe /X{06C32EA0-4A22-4919-979A-8700715865B8}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights --> MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia Nseries Skin for Microsoft Windows Media Player --> MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Ventrilo --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Videora iPod Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type7424 / Success
Event Submitted/Written: 08/02/2008 11:31:14 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7414 / Success
Event Submitted/Written: 08/02/2008 11:26:19 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type7413 / Success
Event Submitted/Written: 08/02/2008 11:26:18 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type7408 / Success
Event Submitted/Written: 08/02/2008 11:26:09 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type7379 / Success
Event Submitted/Written: 08/02/2008 09:30:47 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38831 / Warning
Event Submitted/Written: 08/03/2008 03:23:22 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Zer0s_comp27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zer0s_comp27 can't undo changes that you allow.

For more information please see the following:
%Zer0s_comp275

Scan ID: {E24911B3-844E-4345-A77E-342D3AA3F232}

User: Zer0s_comp\Zer0

Name: %Zer0s_comp271

ID: %Zer0s_comp272

Severity ID: %Zer0s_comp273

Category ID: %Zer0s_comp274

Path Found: %Zer0s_comp276

Alert Type: %Zer0s_comp278

Detection Type: 1.1.1600.02

Event Record #/Type38830 / Warning
Event Submitted/Written: 08/03/2008 03:23:22 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Zer0s_comp27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zer0s_comp27 can't undo changes that you allow.

For more information please see the following:
%Zer0s_comp275

Scan ID: {AE335005-61F9-4BEE-91D8-D53AF1162AF4}

User: Zer0s_comp\Zer0

Name: %Zer0s_comp271

ID: %Zer0s_comp272

Severity ID: %Zer0s_comp273

Category ID: %Zer0s_comp274

Path Found: %Zer0s_comp276

Alert Type: %Zer0s_comp278

Detection Type: 1.1.1600.02

Event Record #/Type38829 / Warning
Event Submitted/Written: 08/03/2008 03:23:22 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Zer0s_comp27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zer0s_comp27 can't undo changes that you allow.

For more information please see the following:
%Zer0s_comp275

Scan ID: {0EDFDDFD-0699-4D8F-AA52-D06CBA0E7C68}

User: Zer0s_comp\Zer0

Name: %Zer0s_comp271

ID: %Zer0s_comp272

Severity ID: %Zer0s_comp273

Category ID: %Zer0s_comp274

Path Found: %Zer0s_comp276

Alert Type: %Zer0s_comp278

Detection Type: 1.1.1600.02

Event Record #/Type38828 / Warning
Event Submitted/Written: 08/03/2008 03:23:22 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Zer0s_comp27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zer0s_comp27 can't undo changes that you allow.

For more information please see the following:
%Zer0s_comp275

Scan ID: {DF8B8E42-7EF7-4D81-80E0-DE0D0787FAC4}

User: Zer0s_comp\Zer0

Name: %Zer0s_comp271

ID: %Zer0s_comp272

Severity ID: %Zer0s_comp273

Category ID: %Zer0s_comp274

Path Found: %Zer0s_comp276

Alert Type: %Zer0s_comp278

Detection Type: 1.1.1600.02

Event Record #/Type38827 / Warning
Event Submitted/Written: 08/03/2008 03:23:22 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Zer0s_comp27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zer0s_comp27 can't undo changes that you allow.

For more information please see the following:
%Zer0s_comp275

Scan ID: {8A9E5FE7-FB79-4129-8895-8EAD924F7D44}

User: Zer0s_comp\Zer0

Name: %Zer0s_comp271

ID: %Zer0s_comp272

Severity ID: %Zer0s_comp273

Category ID: %Zer0s_comp274

Path Found: %Zer0s_comp276

Alert Type: %Zer0s_comp278

Detection Type: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-08-03 03:24:52 ------------


ANY help desperately appreciated
  • 0

Advertisements


#2
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Hiya and welcome to Geeks to Go! :)

As its been a while since you posted, can you post a fresh HijackThis log please :)

Regards

eddie

Edited by eddie5659, 18 August 2008 - 02:56 PM.

  • 0

#3
hayrider007

hayrider007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hi eddie
thx fr replyin, my computers been getin on my nerves fr 2 weeks now

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:42 p.m., on 19/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Fraps\fraps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Installers\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6616 bytes
  • 0

#4
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Hmm, can't see much there :)

We'll try some scans first, to see what that brings:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Post the contents of the MBAM and SAS logs :)

eddie
  • 0

#5
hayrider007

hayrider007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Malwarebytes' Anti-Malware 1.25
Database version: 1071
Windows 6.0.6001 Service Pack 1

4:11:26 p.m. 20/08/2008
mbam-log-08-20-2008 (16-11-26).txt

Scan type: Quick Scan
Objects scanned: 40106
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)















SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2008 at 05:49 PM

Application Version : 4.15.1000

Core Rules Database Version : 3541
Trace Rules Database Version: 1530

Scan type : Complete Scan
Total Scan Time : 01:08:39

Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 6604
Registry threats detected : 0
File items scanned : 91776
File threats detected : 129

Adware.Tracking Cookie
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
  • 0

#6
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.




Note: You must be logged on to the system with an account that has Administrator privileges to run this program.




  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.

Use the Add Reply button and attach the file in your next post.
  • 0

#7
hayrider007

hayrider007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hey
sorry i couldnt upload the report because the file was too big :)

but heres the report neways

[code=auto:0]OTScanIt logfile created on: 21/08/2008 4:20:47 p.m.
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Installers\OTScanIt
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.22% Memory free
4.00 Gb Paging File | 3.59 Gb Available in Paging File | 89.69% Paging File free
Paging file location(s): c:\pagefile.sys 3069 3069;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 50.58 Gb Free Space | 33.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 466.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZER0S_COMP
Current User Name: Zer0
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
nvvsvc.exe -> %SystemRoot%\System32\nvvsvc.exe -> NVIDIA Corporation [Ver = 7.15.11.7519 | Size = 118784 bytes | Modified Date = 16/05/2008 2:01:00 p.m. | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 1/12/2006 5:37:00 p.m. | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 4:27:04 a.m. | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 1/11/2007 7:12:38 p.m. | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 22/07/2008 8:42:12 p.m. | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 3:17:08 p.m. | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 12:36:04 p.m. | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 24/07/2007 12:02:14 p.m. | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 3:54:42 p.m. | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 30/07/2008 10:47:56 a.m. | Attr = ]
pnkbstra.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 1/03/2008 3:58:44 p.m. | Attr = ]
daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.30.1.0 | Size = 490952 bytes | Modified Date = 25/07/2008 3:02:06 a.m. | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 9/01/2008 4:50:22 p.m. | Attr = ]
servicelayer.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 5/06/2006 1:59:18 p.m. | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 30/07/2008 10:47:48 a.m. | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 25/01/2008 1:38:12 a.m. | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 5/12/2007 10:04:10 a.m. | Attr = ]
steam.exe -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 30/03/2008 1:01:22 a.m. | Attr = ]
mcupdmgr.exe -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 9,0,260,0 | Size = 781288 bytes | Modified Date = 14/06/2008 10:41:54 a.m. | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 a.m. | Attr = ]
steamservice.exe -> %CommonProgramFiles%\Steam\SteamService.exe -> Valve Corporation [Ver = 1, 0, 0, 1 | Size = 87288 bytes | Modified Date = 31/07/2008 8:56:47 p.m. | Attr = ]
otscanit.exe -> %SystemDrive%\Installers\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 9:29:54 a.m. | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 22/07/2008 8:42:12 p.m. | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 3:17:08 p.m. | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 30/07/2008 10:47:48 a.m. | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 9/01/2008 4:50:22 p.m. | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 25/01/2008 1:38:12 a.m. | Attr = ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/11/2007 9:35:40 a.m. | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 12:36:04 p.m. | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 24/07/2007 12:02:14 p.m. | Attr = ]
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 5/12/2007 10:04:10 a.m. | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 3:54:42 p.m. | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(nvsvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\nvvsvc.exe -> NVIDIA Corporation [Ver = 7.15.11.7519 | Size = 118784 bytes | Modified Date = 16/05/2008 2:01:00 p.m. | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\System32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 1/03/2008 3:58:44 p.m. | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 5/06/2006 1:59:18 p.m. | Attr = ]
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Steam\SteamService.exe -> Valve Corporation [Ver = 1, 0, 0, 1 | Size = 87288 bytes | Modified Date = 31/07/2008 8:56:47 p.m. | Attr = ]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Running] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found

[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 2/11/2006 9:51:38 p.m. | Attr = ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 2/11/2006 9:51:32 p.m. | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 2/11/2006 9:50:35 p.m. | Attr = ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 2/11/2006 9:51:00 p.m. | Attr = ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 2/11/2006 9:50:11 p.m. | Attr = ]
(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 14952 bytes | Modified Date = 2/11/2006 9:49:20 p.m. | Attr = ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 2/11/2006 9:50:09 p.m. | Attr = ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 2/11/2006 9:50:10 p.m. | Attr = ]
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 2/11/2006 8:24:45 p.m. | Attr = ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 2/11/2006 8:24:46 p.m. | Attr = ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 2/11/2006 8:25:24 p.m. | Attr = ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 2/11/2006 8:24:44 p.m. | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 2/11/2006 8:24:44 p.m. | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 2/11/2006 8:24:47 p.m. | Attr = ]
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_rtm.061101-2205) | Size = 16488 bytes | Modified Date = 2/11/2006 9:49:28 p.m. | Attr = ]
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 2/11/2006 7:30:54 p.m. | Attr = ]
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 2/11/2006 9:51:34 p.m. | Attr = ]
(gdrv) gdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\gdrv.sys -> Windows (R) Codename Longhorn DDK provider [Ver = 6.0.5744.16384 built by: WinDDK | Size = 14656 bytes | Modified Date = 23/02/2008 6:32:59 p.m. | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 29/01/2008 12:01:28 p.m. | Attr = ]
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 2/11/2006 9:50:10 p.m. | Attr = ]
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 2/11/2006 9:51:25 p.m. | Attr = ]
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 2/11/2006 9:50:17 p.m. | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> Realtek Semiconductor Corp. [Ver = 6.0.1.5334 built by: WinDDK | Size = 1655464 bytes | Modified Date = 1/12/2006 5:38:00 p.m. | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 2/11/2006 9:50:07 p.m. | Attr = ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 2/11/2006 9:50:09 p.m. | Attr = ]
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 2/11/2006 9:50:04 p.m. | Attr = ]
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 2/11/2006 9:50:05 p.m. | Attr = ]
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 2/11/2006 9:50:10 p.m. | Attr = ]
(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 2/11/2006 9:49:53 p.m. | Attr = ]
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 79304 bytes | Modified Date = 22/11/2007 6:44:08 a.m. | Attr = ]
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 35240 bytes | Modified Date = 22/11/2007 6:44:08 a.m. | Attr = ]
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\System32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 201320 bytes | Modified Date = 22/11/2007 6:44:08 a.m. | Attr = ]
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 33832 bytes | Modified Date = 22/11/2007 6:44:04 a.m. | Attr = ]
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 2/12/2007 12:51:42 p.m. | Attr = ]
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 125728 bytes | Modified Date = 13/07/2007 6:21:12 a.m. | Attr = ]
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 2/11/2006 9:49:59 p.m. | Attr = ]
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMPR5.sys -> Motive, Inc. [Ver = 503.1658.1 | Size = 19345 bytes | Modified Date = 11/04/2006 4:55:38 p.m. | Attr = ]
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 11/04/2006 4:55:38 p.m. | Attr = ]
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 2/11/2006 9:50:19 p.m. | Attr = ]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\nmwcdc.sys -> Nokia [Ver = 6.80.5.0 | Size = 8704 bytes | Modified Date = 29/05/2006 8:26:36 a.m. | Attr = ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.80.5.0 | Size = 13312 bytes | Modified Date = 29/05/2006 8:26:36 a.m. | Attr = ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\nmwcd.sys -> Nokia [Ver = 6.80.5.0 | Size = 127488 bytes | Modified Date = 29/05/2006 8:26:38 a.m. | Attr = ]
(Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.80.5.0 | Size = 13312 bytes | Modified Date = 29/05/2006 8:26:36 a.m. | Attr = ]
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 2/11/2006 7:36:50 p.m. | Attr = ]
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\nvlddmkm.sys -> NVIDIA Corporation [Ver = 7.15.11.7519 | Size = 7465312 bytes | Modified Date = 16/05/2008 2:01:00 p.m. | Attr = ]
(nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 88680 bytes | Modified Date = 2/11/2006 9:50:24 p.m. | Attr = ]
(nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 40040 bytes | Modified Date = 2/11/2006 9:50:13 p.m. | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 2/11/2006 9:51:45 p.m. | Attr = ]
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 2/11/2006 9:50:35 p.m. | Attr = ]
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.207.0609.2008 built by: WinDDK | Size = 123904 bytes | Modified Date = 10/06/2008 10:54:36 a.m. | Attr = ]
(secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2/11/2006 6:37:21 p.m. | Attr = ]
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 2/11/2006 9:50:10 p.m. | Attr = ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 2/11/2006 9:50:16 p.m. | Attr = ]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Modified Date = 10/05/2008 9:16:21 a.m. | Attr = ]
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 2/11/2006 9:50:05 p.m. | Attr = ]
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 2/11/2006 9:49:56 p.m. | Attr = ]
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 2/11/2006 9:50:03 p.m. | Attr = ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 2/11/2006 9:51:25 p.m. | Attr = ]
(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 2/11/2006 9:50:35 p.m. | Attr = ]
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 2/11/2006 9:50:45 p.m. | Attr = ]
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 17512 bytes | Modified Date = 2/11/2006 9:49:30 p.m. | Attr = ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 2/11/2006 9:50:41 p.m. | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 28/05/2008 10:33:36 a.m. | Attr = ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 28/05/2008 10:33:36 a.m. | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 28/05/2008 10:33:38 a.m. | Attr = R ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 10:16:38 p.m. | Attr = ]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 10/07/2008 9:47:28 a.m. | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 30/07/2008 10:47:56 a.m. | Attr = ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 1/11/2007 7:12:38 p.m. | Attr = ]
NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.7519 | Size = 13535776 bytes | Modified Date = 16/05/2008 2:01:00 p.m. | Attr = ]
NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.7519 | Size = 92704 bytes | Modified Date = 16/05/2008 2:01:00 p.m. | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup] -> Nokia [Ver = 6, 81, 61, 4 | Size = 229376 bytes | Modified Date = 15/06/2006 12:36:18 p.m. | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 27/05/2008 10:50:30 a.m. | Attr = ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 1/12/2006 5:37:00 p.m. | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 4:27:04 a.m. | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.30.1.0 | Size = 490952 bytes | Modified Date = 25/07/2008 3:02:06 a.m. | Attr = ]
Steam -> %ProgramFiles%\Steam\Steam.exe ["c:\program files\steam\steam.exe" -silent] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 30/03/2008 1:01:22 a.m. | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 a.m. | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 13/05/2008 10:13:36 a.m. | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2927104 bytes | Modified Date = 19/01/2008 7:33:10 p.m. | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 25088 bytes | Modified Date = 19/01/2008 7:33:33 p.m. | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 11580416 bytes | Modified Date = 24/04/2008 4:58:20 p.m. | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 242688 bytes | Modified Date = 19/01/2008 7:32:57 p.m. | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 1:41:36 p.m. | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> File not found
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 19/01/2008 5:49:51 p.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-RW__DVR-112D________________1.09____\5&22586c4d&0&1.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_DCTS&Prod_T6NWHUZO9A&Rev_1.03\5&36e5972&0&000000 ->
< Drives - Autoruns > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 19/09/2006 9:43:36 a.m. | Attr = ]
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 11:08:42 p.m. | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 4:27:02 a.m. | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 9/11/2007 12:09:08 p.m. | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10/06/2008 4:27:02 a.m. | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 4:27:02 a.m. | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{47F813EB-A83F-4829-9F06-FB399E3FD369} -> () ->
{C937C18F-9D13-4D6F-8573-04221B929925} -> (Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.0)) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24/07/2007 3:17:08 p.m. | Attr = ]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file:///C:/Windows/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyImpersonationLevel -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{835BEE60-8731-4159-8BFF-941301D76D05} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{91BC037F-B58C-43cb-AD9C-1718ACA70E2F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{9da0e0ea-86ce-11d1-8699-00c04fb98036} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{CA6C8347-120F-4122-873F-F89138694AC8} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{E8494122-79AD-11D2-909C-00A0C9AFE0AA} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A373F3DA-7A87-11D3-B1C1-00C04F68155C} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C7310557-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ($build.empty) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -
  • 0

#8
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Sorry for the late reply, it was Bank Holiday weekend, and been away.

It looks like you may have some problems that aren't necessarily malware related that are causing this. Have you tried a restore from when this started to happened?

If you have, or its been too long since its started, then lets try some things.

Go to Start | Run and type REGEDIT, and press OK.

Then, navigate to this folder:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

Click on it so its highlighted, then at the top select File | Export . call it svchost, and save it to your Desktop.

Close the Registry by pressing the large X as normal.

Then, rightclick on the svchost.reg and select Edit, then copy/paste the contents here, like the following:

indows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
  00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
  00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
  73,00,74,00,73,00

Also, go to Start | Find Files and Folders, and in the C drive, search for svchost.exe, and tell me where they are located.

eddie
  • 0

#9
hayrider007

hayrider007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
well atleast on the bright side its not malware :)

heres my regedit thing:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalService"=hex(7):6e,00,73,00,69,00,00,00,6c,00,6c,00,74,00,64,00,73,00,76,\
00,63,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,75,00,70,00,\
6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,61,00,72,00,64,00,53,\
00,76,00,72,00,00,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,00,\
00,00,57,00,69,00,6e,00,48,00,74,00,74,00,70,00,41,00,75,00,74,00,6f,00,50,\
00,72,00,6f,00,78,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,\
61,00,6e,00,77,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,\
00,00,00,54,00,42,00,53,00,00,00,53,00,4c,00,55,00,49,00,4e,00,6f,00,74,00,\
69,00,66,00,79,00,00,00,54,00,48,00,52,00,45,00,41,00,44,00,4f,00,52,00,44,\
00,45,00,52,00,00,00,66,00,64,00,72,00,65,00,73,00,70,00,75,00,62,00,00,00,\
6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,66,00,64,00,70,00,68,\
00,6f,00,73,00,74,00,00,00,77,00,63,00,6e,00,63,00,73,00,76,00,63,00,00,00,\
51,00,57,00,41,00,56,00,45,00,00,00,4d,00,63,00,78,00,32,00,53,00,76,00,63,\
00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,53,00,\
73,00,74,00,70,00,53,00,76,00,63,00,00,00,00,00
"LocalSystemNetworkRestricted"=hex(7):68,00,69,00,64,00,73,00,65,00,72,00,76,\
00,00,00,55,00,78,00,53,00,6d,00,73,00,00,00,57,00,64,00,69,00,53,00,79,00,\
73,00,74,00,65,00,6d,00,48,00,6f,00,73,00,74,00,00,00,4e,00,65,00,74,00,6d,\
00,61,00,6e,00,00,00,74,00,72,00,6b,00,77,00,6b,00,73,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,69,00,6e,00,74,00,42,00,75,\
00,69,00,6c,00,64,00,65,00,72,00,00,00,57,00,55,00,44,00,46,00,53,00,76,00,\
63,00,00,00,69,00,72,00,6d,00,6f,00,6e,00,00,00,73,00,79,00,73,00,6d,00,61,\
00,69,00,6e,00,00,00,49,00,50,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,\
00,00,64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,50,00,63,00,61,00,53,\
00,76,00,63,00,00,00,45,00,4d,00,44,00,4d,00,67,00,6d,00,74,00,00,00,54,00,\
61,00,62,00,6c,00,65,00,74,00,49,00,6e,00,70,00,75,00,74,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,00,00,77,00,6c,00,61,00,6e,00,73,00,76,00,63,00,\
00,00,57,00,50,00,44,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,00,00,00,\
00
"NetworkServiceNetworkRestricted"=hex(7):50,00,6f,00,6c,00,69,00,63,00,79,00,\
41,00,67,00,65,00,6e,00,74,00,00,00,00,00
"LocalServiceNoNetwork"=hex(7):50,00,4c,00,41,00,00,00,44,00,50,00,53,00,00,00,\
42,00,46,00,45,00,00,00,6d,00,70,00,73,00,73,00,76,00,63,00,00,00,65,00,68,\
00,73,00,74,00,61,00,72,00,74,00,00,00,00,00
"NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\
44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,4b,00,74,00,6d,00,52,00,6d,00,00,00,44,00,4e,00,\
53,00,43,00,61,00,63,00,68,00,65,00,00,00,4e,00,61,00,70,00,41,00,67,00,65,\
00,6e,00,74,00,00,00,6e,00,6c,00,61,00,73,00,76,00,63,00,00,00,57,00,69,00,\
6e,00,52,00,4d,00,00,00,57,00,45,00,43,00,53,00,56,00,43,00,00,00,54,00,61,\
00,70,00,69,00,73,00,72,00,76,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WerSvcGroup"=hex(7):77,00,65,00,72,00,73,00,76,00,63,00,00,00,00,00
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,\
00,72,00,74,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,43,00,65,00,\
72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,\
00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,\
6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,\
00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,\
00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,\
6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,\
00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,\
61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\
00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,\
57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,\
00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,\
00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,\
63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,\
00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,\
68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,\
00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,\
63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,\
00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,\
69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,50,00,72,00,6f,00,66,00,53,\
00,76,00,63,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,77,00,\
69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,73,00,63,00,68,00,65,00,64,00,75,\
00,6c,00,65,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,\
76,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,68,00,6b,00,6d,\
00,73,00,76,00,63,00,00,00,00,00
"swprv"=hex(7):73,00,77,00,70,00,72,00,76,00,00,00,00,00
"LocalServiceNetworkRestricted"=hex(7):44,00,48,00,43,00,50,00,00,00,65,00,76,\
00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,41,00,75,00,64,00,69,00,6f,00,\
53,00,72,00,76,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,\
00,73,00,63,00,73,00,76,00,63,00,00,00,70,00,32,00,70,00,69,00,6d,00,73,00,\
76,00,63,00,00,00,50,00,4e,00,52,00,50,00,53,00,76,00,63,00,00,00,70,00,32,\
00,70,00,73,00,76,00,63,00,00,00,57,00,50,00,43,00,53,00,76,00,63,00,00,00,\
50,00,6e,00,72,00,70,00,41,00,75,00,74,00,6f,00,52,00,65,00,67,00,00,00,00,\
00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"regsvc"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,79,00,00,00,00,00
"wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
"DcomLaunch"=hex(7):50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,00,00,44,\
00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,00,00,00,00,00
"wdisvc"=hex(7):57,00,64,00,69,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,48,\
00,6f,00,73,00,74,00,00,00,00,00
"sdrsvc"=hex(7):73,00,64,00,72,00,73,00,76,00,63,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"secsvcs"=hex(7):57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,00,64,00,00,00,\
00,00
"bthsvcs"=hex(7):42,00,74,00,68,00,53,00,65,00,72,00,76,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc]
"CoInitializeSecurityParam"=dword:00000001
"CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsupport]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001


my svchost.exe is in C/windows/system32

P.S. should i uninstall all the antimalware stuf u recommended or should i just leave em?
  • 0

#10
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
They look okay :)

One of the environment variables may be altered, so lets run ComboFix, to see if that solves it. Plus, it gives us more to look at :)

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingc...to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

Advertisements


#11
hayrider007

hayrider007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ComboFix 08-08-26.02 - Zer0 2008-08-27 22:45:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1095 [GMT 12:00]
Running from: C:\Users\Zer0\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Zer0\AppData\Roaming\macromedia\Flash Player\#SharedObjects\KDYP3LK9\bin.clearspring.com
C:\Users\Zer0\AppData\Roaming\macromedia\Flash Player\#SharedObjects\KDYP3LK9\bin.clearspring.com\clearspring.sol
C:\Users\Zer0\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Users\Zer0\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.

2008-08-27 15:43 . 2008-08-27 15:43 268 --ah----- C:\sqmdata09.sqm
2008-08-27 15:43 . 2008-08-27 15:43 244 --ah----- C:\sqmnoopt09.sqm
2008-08-20 16:29 . 2008-08-20 16:29 <DIR> d-------- C:\Users\Zer0\AppData\Roaming\SUPERAntiSpyware.com
2008-08-20 16:29 . 2008-08-20 16:29 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-20 16:29 . 2008-08-20 16:29 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-08-20 16:29 . 2008-08-20 16:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-20 16:03 . 2008-08-20 16:03 <DIR> d-------- C:\Users\Zer0\AppData\Roaming\Malwarebytes
2008-08-20 16:02 . 2008-08-20 16:02 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-20 16:02 . 2008-08-20 16:02 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-20 16:02 . 2008-08-20 16:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-20 16:02 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-20 16:02 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-16 14:12 . 2008-07-16 13:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-16 13:21 . 2008-06-27 13:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-16 13:21 . 2008-06-27 16:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-16 13:11 . 2008-06-19 15:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-16 13:05 . 2008-04-18 17:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-16 12:54 . 2008-04-10 17:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-13 10:08 . 2008-08-13 10:08 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-08-11 21:39 . 2008-08-11 21:39 268 --ah----- C:\sqmdata08.sqm
2008-08-11 21:39 . 2008-08-11 21:39 244 --ah----- C:\sqmnoopt08.sqm
2008-08-03 04:21 . 2008-08-03 04:21 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-03 04:15 . 2008-08-03 04:15 <DIR> d-------- C:\Program Files\iPod
2008-08-03 03:21 . 2008-08-03 03:21 <DIR> d-------- C:\Deckard
2008-08-02 21:26 . 2008-06-11 14:48 188,960 --a------ C:\Windows\System32\nvapps.xml
2008-07-29 04:11 . 2008-07-29 04:11 <DIR> d-------- C:\Program Files\Bonjour
2008-07-29 04:10 . 2008-07-29 04:10 <DIR> d-------- C:\Program Files\QuickTime
2008-07-27 01:22 . 2008-07-27 01:22 <DIR> d-------- C:\Users\Zer0\Phone Browser
2008-07-27 01:22 . 2008-07-27 01:22 <DIR> d-------- C:\Users\Zer0\AppData\Roaming\Datalayer
2008-07-27 01:19 . 2008-07-27 01:19 <DIR> d-------- C:\Users\Zer0\AppData\Roaming\Nokia
2008-07-27 01:14 . 2008-07-27 01:15 <DIR> d-------- C:\Windows\Downloaded Installations
2008-07-27 01:12 . 2008-07-27 01:13 <DIR> d-------- C:\Users\Zer0\AppData\Roaming\PC Suite
2008-07-27 01:12 . 2008-07-27 01:13 <DIR> d-------- C:\Users\All Users\PC Suite
2008-07-27 01:12 . 2008-07-27 01:13 <DIR> d-------- C:\ProgramData\PC Suite
2008-07-27 01:12 . 2008-07-27 01:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-07-27 01:12 . 2008-07-27 01:12 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-07-27 01:11 . 2008-07-27 01:15 <DIR> d-------- C:\Program Files\Nokia
2008-07-27 01:11 . 2006-05-29 08:26 50,688 --a------ C:\Windows\System32\nmwcdcls.dll
2008-07-27 01:10 . 2008-07-27 01:10 <DIR> d-------- C:\Users\All Users\Downloaded Installations
2008-07-27 01:10 . 2008-07-27 01:10 <DIR> d-------- C:\ProgramData\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 10:41 --------- d---a-w C:\ProgramData\TEMP
2008-08-27 08:29 24 ----a-w C:\Users\Zer0\jagex_runescape_preferences.dat
2008-08-27 06:09 --------- d-----w C:\Program Files\Steam
2008-08-23 21:46 --------- d-----w C:\ProgramData\Xfire
2008-08-23 21:46 --------- d-----w C:\Program Files\Xfire
2008-08-23 03:46 --------- d-----w C:\Users\Zer0\AppData\Roaming\Xfire
2008-08-20 04:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 04:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 03:06 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 13:57 --------- d-----w C:\Program Files\McAfee
2008-08-11 07:56 --------- d-----w C:\Program Files\Apple Software Update
2008-08-07 13:28 --------- d-----w C:\Program Files\DivX
2008-08-02 16:15 --------- d-----w C:\Program Files\iTunes
2008-08-02 15:37 --------- d-----w C:\Program Files\Java
2008-08-02 11:19 --------- d-----w C:\Users\Zer0\AppData\Roaming\IGN_DLM
2008-08-02 09:31 --------- d-----w C:\ProgramData\NVIDIA
2008-08-01 01:58 --------- d-----w C:\Program Files\Common Files\Steam
2008-07-28 16:17 --------- d-----w C:\Users\Zer0\AppData\Roaming\Apple Computer
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-19 09:53 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-07-19 09:53 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-07-18 18:34 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-01 12:43 --------- d-----w C:\Users\Zer0\AppData\Roaming\DivX
2008-06-30 12:10 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-29 01:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-28 11:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 09:10 --------- d-----w C:\ProgramData\McAfee
2008-06-27 09:09 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-27 09:08 --------- d-----w C:\Program Files\McAfee.com
2008-06-27 08:51 --------- d-----w C:\ProgramData\Avg7
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-03-21 11:25 174 --sha-w C:\Program Files\desktop.ini
2008-03-01 03:53 22,328 ----a-w C:\Users\Zer0\AppData\Roaming\PnkBstrK.sys
2008-02-27 10:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-27 10:20 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-27 10:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 19:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 19:33 125952]
"Steam"="c:\program files\steam\steam.exe" [2008-03-30 01:01 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-25 03:02 490952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 19:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="C:\Windows\vVX1000.exe" [2006-12-05 14:38 707360]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 16:48 275800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 12:36 229376]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 17:37 4186112 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B56FB295-935D-44E8-899C-7B74F2799F71}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{08064C8A-F5D9-4B12-A89F-6948834BD2EF}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{CB6E9192-6BBA-40F7-AFC1-5F7068477EED}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C8D183FE-055A-4F65-A444-85512843B7F3}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{A1980D24-DB97-4473-85E9-877A12FC9B9A}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{8ADD4CA9-F3C4-4AA0-AE17-2C05D20965C1}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{B66CE66C-0224-42B1-93EF-085DF179568D}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{27E24D54-2359-4A4A-8628-E1776786ABD2}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A1AB4FB3-D499-422B-94CF-E96C40FC3267}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{0947FE0B-A869-4697-A5D1-6AEE501AB39A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{976117DC-B796-4212-8A02-1ADCAD621778}C:\\program files\\steam\\steamapps\\hayrider007\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\hayrider007\counter-strike source\hl2.exe:hl2
"UDP Query User{6157DDC7-0500-4F36-9780-D0CB678B069A}C:\\program files\\steam\\steamapps\\hayrider007\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\hayrider007\counter-strike source\hl2.exe:hl2
"TCP Query User{EBB8482D-8CEE-4AAD-96C6-C4EB287DDCE1}C:\\program files\\steam\\steamapps\\hayrider007\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\hayrider007\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{2435ACEB-EA07-46D3-9528-6311A50B347F}C:\\program files\\steam\\steamapps\\hayrider007\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\hayrider007\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{C0FC6301-0C54-4D15-8C94-64CD0670FE53}C:\\program files\\steam\\steamapps\\hayrider007\\half-life blue shift\\hl.exe"= UDP:C:\program files\steam\steamapps\hayrider007\half-life blue shift\hl.exe:Half-Life Launcher
"UDP Query User{B816F0BD-263A-4B13-9A7B-BF3F94B4BB92}C:\\program files\\steam\\steamapps\\hayrider007\\half-life blue shift\\hl.exe"= TCP:C:\program files\steam\steamapps\hayrider007\half-life blue shift\hl.exe:Half-Life Launcher
"{80FD8C5C-CAFA-41D0-AB5C-5F796BCD050C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B2CD37F9-4AF0-498E-87D5-4E4B6D88AF53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{99658F5F-0D6B-43F1-A698-FDCA112E398E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{108CA337-2572-4B1F-A786-15E7CED486B4}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5B68F344-17A6-480B-AA0B-DF36D92A85AD}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{6421FEC7-C07C-4ACB-8126-6E7C4E173E64}C:\\program files\\steam\\steamapps\\hayrider007\\condition zero deleted scenes\\hl.exe"= UDP:C:\program files\steam\steamapps\hayrider007\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{1334F19B-440F-4C24-B04F-28D5044A6495}C:\\program files\\steam\\steamapps\\hayrider007\\condition zero deleted scenes\\hl.exe"= TCP:C:\program files\steam\steamapps\hayrider007\condition zero deleted scenes\hl.exe:Half-Life Launcher
"{23EEE7BB-3A8E-48D7-88C9-B944300C6E44}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CEBB2B51-4720-405D-A509-3DC4BF3DB57B}C:\\program files\\doom 3\\doom3.exe"= UDP:C:\program files\doom 3\doom3.exe:DOOM 3
"UDP Query User{130BD70F-D9A0-404B-8B29-A1514F8C9AAA}C:\\program files\\doom 3\\doom3.exe"= TCP:C:\program files\doom 3\doom3.exe:DOOM 3
"TCP Query User{67E1C57C-7F87-4D7C-8024-7EDE7D580073}C:\\program files\\steam\\steamapps\\hayrider007\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\hayrider007\team fortress 2\hl2.exe:hl2
"UDP Query User{7771C099-7C47-4CDA-8355-3D382DEDF9D1}C:\\program files\\steam\\steamapps\\hayrider007\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\hayrider007\team fortress 2\hl2.exe:hl2
"TCP Query User{E1C2015B-CF0A-4256-B64A-8BD30F46103C}C:\\program files\\steam\\steamapps\\hayrider007\\half-life\\hl.exe"= UDP:C:\program files\steam\steamapps\hayrider007\half-life\hl.exe:Half-Life Launcher
"UDP Query User{AC83E297-CAD7-4CF7-9B90-15ACF39797D1}C:\\program files\\steam\\steamapps\\hayrider007\\half-life\\hl.exe"= TCP:C:\program files\steam\steamapps\hayrider007\half-life\hl.exe:Half-Life Launcher
"TCP Query User{8C8B148D-89BC-4FAB-9D57-FB5FFF549085}C:\\program files\\steam\\steamapps\\o0calibre0o\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\o0calibre0o\counter-strike source\hl2.exe:hl2
"UDP Query User{405FDE89-04CB-4E29-B5AD-F4D622223170}C:\\program files\\steam\\steamapps\\o0calibre0o\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\o0calibre0o\counter-strike source\hl2.exe:hl2
"TCP Query User{6856907F-6D5A-4F0F-B1C0-9229455BA24E}C:\\program files\\steam\\steamapps\\o0calibre0o\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\o0calibre0o\garrysmod\hl2.exe:hl2
"UDP Query User{645243C6-F7C6-4E5E-92A5-8D9852FCD6C3}C:\\program files\\steam\\steamapps\\o0calibre0o\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\o0calibre0o\garrysmod\hl2.exe:hl2
"{40541AD0-7522-40BF-9263-8BAE53EBE02A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{003A386F-6358-4856-93AF-CDCE22BD10D6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{13EE009D-0699-4B3C-9B16-70693EB33BD5}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{776AC91C-6507-4EBE-A9B0-EE28CFFF4C5E}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{607859D7-B933-48B0-ABED-E77C20F20107}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{C7997412-4A7E-43BA-BA03-E1484FEED031}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{A07B220E-BD76-42C5-B969-1DCDF82814C7}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{04F008B6-78CA-4A7E-923B-7689EE01E23E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7FEBCDC7-15A5-4C08-B49A-3449DBCA2EF7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DCA8300C-0AB4-4324-86F1-9AFFE8EA998E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{746B3A83-A972-4A7F-A879-8A9D9EA038C4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 13:13]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-31 20:56]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2006-12-05 14:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-14 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-07-31 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-27 C:\Windows\Tasks\User_Feed_Synchronization-{0DDF4A69-B6D5-4BED-A4F7-902DE9679F21}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 19:33]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 22:50:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-27 22:52:18
ComboFix-quarantined-files.txt 2008-08-27 10:52:10

Pre-Run: 50,960,097,280 bytes free
Post-Run: 50,692,661,248 bytes free

249 --- E O F --- 2008-08-27 03:48:13
  • 0

#12
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Everything looks fine in the ComboFix log.

Can you export the contents of this registry key, in the same way you did the other above:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
  • 0

#13
hayrider007

hayrider007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,6d,00,64,00,2e,00,65,00,78,00,65,00,00,00
"FP_NO_HOST_CHECK"="NO"
"NUMBER_OF_PROCESSORS"="2"
"OS"="Windows_NT"
"Path"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,3b,00,25,00,\
73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,3b,00,25,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,\
73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,65,00,6d,\
00,3b,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,5c,00,51,00,75,00,69,00,63,00,6b,00,54,00,69,\
00,6d,00,65,00,5c,00,51,00,54,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00
"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
"PROCESSOR_ARCHITECTURE"="x86"
"PROCESSOR_IDENTIFIER"="x86 Family 15 Model 6 Stepping 5, GenuineIntel"
"PROCESSOR_LEVEL"="15"
"PROCESSOR_REVISION"="0605"
"TEMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,54,00,45,00,4d,00,50,00,00,00
"TMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,54,00,45,00,4d,00,50,00,00,00
"USERNAME"="SYSTEM"
"windir"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,00,00
"HellgateEnv"="C:\\Program Files\\Flagship Studios\\Hellgate London\\"
"CLASSPATH"=".;C:\\Program Files\\Java\\jre1.6.0_03\\lib\\ext\\QTJava.zip"
"QTJAVA"="C:\\Program Files\\Java\\jre1.6.0_03\\lib\\ext\\QTJava.zip"





by the way would it help if i did wat u ask while im gettin the lag spikes or or does it not matter
  • 0

#14
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
OK, it looks like ComboFix did the trick and fixed it :)

Are you still having problems?

eddie
  • 0

#15
hayrider007

hayrider007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
kk ill test it out (basically run a whole lot of stuff at once and see if lag occurs after every programs been turned off)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP