Nimrod Posted January 23, 2006 Share Posted January 23, 2006 Logfile of HijackThis v1.99.1Scan saved at 02:14:47, on 20/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\BT Yahoo! Internet\ModemLock.exeC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exeC:\Program Files\BT Yahoo! Internet\Watchdog.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\system32\carpserv.exeC:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\USBDRIVE\shwicon.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\MsMovies\MsMovies.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\msiexec.exeC:\Documents and Settings\Mark Freeman\My Documents\My Received Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.swan.ac.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirec...=search&ap=b204R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...=search&ap=b204R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...=search&ap=b204R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...1c02&lc=0809&acR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/2Q00CPT/0809/bF7.aspR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworldO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)O4 - HKLM\..\Run: [CARPService] carpserv.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -dO4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exeO4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /sO4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXEO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [showIcon_Justrams_USB Drives Driver v1.19r020] "C:\Program Files\USBDRIVE\shwicon.exe" -t"Justrams\USB Drives Driver v1.19r020"O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [bTopenworld] "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDialO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /autoO4 - HKLM\..\Run: [virtual-ie] winlogi.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\RunServices: [virtual-ie] winlogi.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - Global Startup: LG SyncManager.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com/O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exeO16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1810784e30d07906b621/...ip/RdxIE601.cabO16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cabO16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2756C4EA-3F36-4674-B118-A139E76EF5C8}: NameServer = 192.168.1.1O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: BT Modem Lock - British Telecommunications plc - C:\Program Files\BT Yahoo! Internet\ModemLock.exeO23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exeO23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Quote Link to comment Share on other sites More sharing options...
Steve Posted January 23, 2006 Author Share Posted January 23, 2006 You gotta couple of trojans on there mate. Before you start, download CCleaner from THIS page, install it but don't run it yet. Run HijackThis and check off all of the following: - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.swan.ac.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirec...=search&ap=b204R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...=search&ap=b204R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...=search&ap=b204R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...1c02&lc=0809&acR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/2Q00CPT/0809/bF7.aspR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworldO3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /autoO4 - HKLM\..\Run: [virtual-ie] winlogi.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\RunServices: [virtual-ie] winlogi.exeO14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com/O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exeO16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exeO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1810784e30d07906b621/...ip/RdxIE601.cabO16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cabO16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab Close ALL other windows and hit Fix Checked. Reboot the PC into Safe Mode by tapping F8 as it's booting. Start Windows Explorer and hit Tools, then Folder Options. On the View tab, set the following like this: - Show hidden files and folders - CheckedHide extensions for known file types - NOT checkedHide protected operating system files (Recommended) - NOT checked Then hit Apply then OK. Search for the following files and folders shown in bold and delete them if found: - C:\Program Files\MsMovies winlogi.exe C:\Program Files\Q330994.exe Once you've done that, run CCleaner and let it clean your drive, then reboot into regular Windows. Start Internet Explorer and hit Tools, then Internet Options. Click on the Programs tab, followed by the Reset Web Settings button. Then click on the Security tab, then the Internet zone icon and see if the security level has been set to low. If it has, hit the Default Level button. Click on the General tab and re-enter the homepage you want to use. Now you must click Apply then OK. Click this link to download the latest version of Java: - http://jdl.sun.com/webapps/download/AutoDL?BundleId=10343 Uninstall your current version, reboot the PC, then install the new one. Job done. You could do with getting some antivirus software too. Avast is OK and it's free: - http://www.avast.com/ Quote Link to comment Share on other sites More sharing options...
Steve Posted January 23, 2006 Author Share Posted January 23, 2006 Yeah man, you can do. Best to make sure all the shit's gone. I take it your email works now yeah? Quote Link to comment Share on other sites More sharing options...
Steve Posted January 23, 2006 Author Share Posted January 23, 2006 Yes mate, you had a variant of the Rbot trojan. Threat level 10 (as bad as you can get). Functionality of it: - Allows others to access the computer Steals information Uses its own emailing engine Reduces system security Records keystrokes Installs itself in the Registry This is why having a firewall is essential because as long as you don't allow it to access the web, it's basically powerless and will do nothing more than slow down your machine. Quote Link to comment Share on other sites More sharing options...
Steve Posted January 23, 2006 Author Share Posted January 23, 2006 You have Norton Internet Security right? When a program tries to access the web for the first time you should get a box asking if you want to allow it or not. You can choose yes or no, plus you can also tell the firewall to remember what you select so you're not asked again. If you didn't allow the trojan to access the web then you're OK. If you did, then who knows? It's possible that personal information has been sent out. Quote Link to comment Share on other sites More sharing options...
Steve Posted January 23, 2006 Author Share Posted January 23, 2006 Kaspersky has a better detection rate than Norton. Very often someone will post a HijackThis log where Norton is running but the machine is still infected. Try the Kaspersky online scanner here: - http://www.kaspersky.com/virusscanner It's free and it'll give your machine a thorough going over. There are WAY more viruses and spyware infections that affect Windows based machines that's true, but then Mac only has a tiny market share and the people who write these nasties are going for the biggest target. A similar thing happened with Firefox where people claimed it was virtually bullet proof, but the more popular it became the more it was targetted. The difference between Mozilla and Microsoft is that Microsoft can take weeks (or years in some cases) to fix flaws, where Mozilla will tend to fix them quite quickly. Quote Link to comment Share on other sites More sharing options...
d00ban Posted January 29, 2006 Share Posted January 29, 2006 Yo steve can you take a peak please, my comps running proper slow!! cheers man dunno how u find the time xxx Logfile of HijackThis v1.99.1Scan saved at 18:19:03, on 29/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\sony\vaio power management\SPMgr.exeC:\Program Files\sony\vaio update 2\VAIOUpdt.exeC:\WINDOWS\ATK0100\Hcontrol.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\WINDOWS\system32\ICO.EXEC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Sony\HotKey Utility\HKWnd.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\ATK0100\ATKOSD.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Simon Hargreaves\Desktop\Clean up\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exeO4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exeO4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /StationaryO4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exeO4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exeO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeO4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstallO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -sO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/O15 - Trusted Zone: *.sony-europe.comO15 - Trusted Zone: *.sonystyle-europe.comO15 - Trusted Zone: *.vaio-link.comO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126983764273O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exeO23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exeO23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exeO23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe Quote Link to comment Share on other sites More sharing options...
Steve Posted January 30, 2006 Author Share Posted January 30, 2006 Your PC is infected with NewDotNet which can be quite nasty to remove. Before you start, download and install CCleaner from this link, but don't run it yet: - http://www.ccleaner.com Also download LSPFix.exe from this page, but don't run it yet: - http://www.cexx.org/lspfix.htm Run HijackThis and check off the following: - O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dllO4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -sO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Close all other windows and hit Fix Checked. Hit Start then Run and type "cmd" without quotes and hit Enter. An old DOS style window will open. Type the following commands pressing Enter after each one: - cd\cd program files\newdotnetregsvr32 /u newdotnet7_14.dll In the second command there are two spaces - one after "cd" and one after "program". In the third command there are also two spaces, one either side of "/u". Once you've done that, click the X in the corner of the screen to close that window. Run LSPFix and check the box next to "I know what I'm doing". In the list on the left hand side (the Keep list) you should see an entry relating to NewDotNet, probably with this name: - newdotnet7_14.dll Click on it to highlight it, then click the >> button to move it over to the Remove window on the right hand side. You must make sure that only the file relating to NewDotNet is shown in the right hand window! Once you've done that, click the Finish button. Reboot the PC into Safe Mode by tapping F8 as it's booting. Browse to this folder and delete it. If it's not found, go into Windows Explorer and enable the viewing of hidden and system files: - C:\Program Files\NewDotNet Run CCleaner to clean your drive of temporary files, then reboot the PC back into regular Windows. If for some reason you can't delete that folder, come back and tell me. If you deleted it without a problem and everything works OK, you might want to disable System Restore, reboot, then re-enable it again and create a new restore point. Also, look in Add or Remove Programs and see if NewDotNet is listed. If it is, run CCleaner again and click on Tools, then the Uninstall button. Find NewDotNet on the list of programs and hit the Delete Entry button on the right. Job done. If all goes to plan, come back and post another HijackThis log just to make sure everything is OK. Quote Link to comment Share on other sites More sharing options...
d00ban Posted January 30, 2006 Share Posted January 30, 2006 cheers steve will give it all a go after uni today.... Quote Link to comment Share on other sites More sharing options...
d00ban Posted January 30, 2006 Share Posted January 30, 2006 Hello me again i was unsuccesful pretty early on on this one. got to the point in dos and put in the 3 commands. on the last command a box popped up saying dllunregisterserver in newdotnet7_14.dll failed.return code was 0x8002801c does that mean any thing to you because it doesnt to me im guessing ive done something wrong but i dont think i strayed from your instructions, any ideas? cheers man sorry to take up more of your time Quote Link to comment Share on other sites More sharing options...
Steve Posted January 31, 2006 Author Share Posted January 31, 2006 That's not necessarily a bad thing man. What you're doing with those commands is unregistering the NewDotNet dll file so that when you reboot into Safe Mode you can delete it without any problems. That error code you were getting can either mean the dll has already been unregistered or it was never registered in the first place. Make sure you are logged in as an administrator and try again. If you still get the same message then carry on with the rest of the instructions and see how you get on. If for some reason you can't delete the NewDotNet folder, then there are other ways to tackle the problem so post back and let me know what happens. Quote Link to comment Share on other sites More sharing options...
d00ban Posted January 31, 2006 Share Posted January 31, 2006 ok man think its all sorted - u a legend i tell thee!! cheers mate instructions were spot on heres new log just to check Logfile of HijackThis v1.99.1Scan saved at 13:06:36, on 31/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\sony\vaio power management\SPMgr.exeC:\Program Files\sony\vaio update 2\VAIOUpdt.exeC:\WINDOWS\ATK0100\Hcontrol.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\WINDOWS\system32\ICO.EXEC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Apoint\Apntex.exeC:\WINDOWS\ATK0100\ATKOSD.exeC:\Program Files\Sony\HotKey Utility\HKWnd.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Simon Hargreaves\Desktop\Clean up\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exeO4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exeO4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /StationaryO4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exeO4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exeO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeO4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstallO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/O15 - Trusted Zone: *.sony-europe.comO15 - Trusted Zone: *.sonystyle-europe.comO15 - Trusted Zone: *.vaio-link.comO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126983764273O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exeO23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exeO23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exeO23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe Quote Link to comment Share on other sites More sharing options...
Steve Posted January 31, 2006 Author Share Posted January 31, 2006 Looks good man! NewDotNet is gone. BTW, if you want to change your home page to something other than the Vaio web site, then fix these items in HijackThis: - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ Then start IE and hit Tools - Internet Options - General (tab) and you can pick your own home page without having it reset all the time. Quote Link to comment Share on other sites More sharing options...
d00ban Posted January 31, 2006 Share Posted January 31, 2006 cool man i use firefox any way so that stuff doesnt bother me cheers any way mate, thanks again Quote Link to comment Share on other sites More sharing options...
flowerpot Posted February 1, 2006 Share Posted February 1, 2006 Hey,can you look at this!?Other dude asking for ppl to tell him whats goin on in there lol... Logfile of HijackThis v1.99.1Scan saved at 21:47:17, on 01.29.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\UPHClean\uphclean.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\System32\mqsvc.exeC:\Program Files\Raxco\PerfectDisk\PDSched.exeC:\WINDOWS\System32\mqtgsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\LTMSG.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Administrator\My Documents\My Received Files\hijackthis\HijackThis.exeC:\PROGRA~1\MESSEN~1\Msmsgs.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) StartupList report, 01.29.2006, 21:49:31StartupList version: 1.52.2Started from : C:\Documents and Settings\Administrator\My Documents\My Received Files\hijackthis\HijackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)* Using default options* Including empty and uninteresting sections* Showing rarely important sections==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\UPHClean\uphclean.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\System32\mqsvc.exeC:\Program Files\Raxco\PerfectDisk\PDSched.exeC:\WINDOWS\System32\mqtgsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\LTMSG.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Administrator\My Documents\My Received Files\hijackthis\HijackThis.exeC:\PROGRA~1\MESSEN~1\Msmsgs.exe--------------------------------------------------Listing of startup folders:Shell folders Startup:[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]*No files*Shell folders AltStartup:*Folder not found*User shell folders Startup:*Folder not found*User shell folders AltStartup:*Folder not found*Shell folders Common Startup:[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeShell folders Common AltStartup:*Folder not found*User shell folders Common Startup:*Folder not found*User shell folders Alternate Common Startup:*Folder not found*--------------------------------------------------Checking Windows NT UserInit:[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = C:\WINDOWS\system32\userinit.exe,[HKLM\Software\Microsoft\Windows\CurrentVersion\Win logon]*Registry key not found*[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]*Registry value not found*[HKCU\Software\Microsoft\Windows\CurrentVersion\Win logon]*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunMsmqIntCert = regsvr32 /s mqrt.dllLTMSG = LTMSG.exe 7Logitech Hardware Abstraction Layer = KHALMNPR.EXEPtipbmf = rundll32.exe ptipbmf.dll,SetWriteCacheModeSymantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"CTHelper = CTHELPER.EXENvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupnwiz = nwiz.exe /installgcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootQuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunPlaxoUpdate = C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a(Default) =ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run[OptionalComponents]*No values found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\Run*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------File association entry for .EXE:HKEY_CLASSES_ROOT\exefile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .COM:HKEY_CLASSES_ROOT\comfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .BAT:HKEY_CLASSES_ROOT\batfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .PIF:HKEY_CLASSES_ROOT\piffile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .SCR:HKEY_CLASSES_ROOT\scrfile\shell\open\command(Default) = "%1" /S--------------------------------------------------File association entry for .HTA:HKEY_CLASSES_ROOT\htafile\shell\open\command(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*--------------------------------------------------File association entry for .TXT:HKEY_CLASSES_ROOT\txtfile\shell\open\command(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1--------------------------------------------------Enumerating Active Setup stub paths:HKLM\Software\Microsoft\Active Setup\Installed Components(* = disabled by HKCU twin)[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP[>{26923b43-4d38-484f-9b9e-de460746276c}] *StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .NT[{4b218e3e-bc98-4770-93d3-2731b9329278}] *StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub[{7790769C-0471-11d2-AF11-00C04FA35D02}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install[{89820200-ECBD-11cf-8B85-00AA005B4340}] *StubPath = regsvr32.exe /s /n /i:U shell32.dll[{89820200-ECBD-11cf-8B85-00AA005B4383}] *StubPath = %SystemRoot%\system32\ie4uinit.exe[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install[{8b15971b-5355-4c82-8c07-7e181ea07608}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser--------------------------------------------------Enumerating ICQ Agent Autostart apps:HKCU\Software\Mirabilis\ICQ\Agent\Apps*Registry key not found*--------------------------------------------------Load/Run keys from C:\WINDOWS\WIN.INI:load=*INI section not found*run=*INI section not found*Load/Run keys from Registry:HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\Windows: load=HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=--------------------------------------------------Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found*Shell & screensaver key from Registry:Shell=Explorer.exeSCRNSAVE.EXE=C:\WINDOWS\System32\ssbezier.scrdrivers=*Registry value not found*Policies Shell key:HKCU\..\Policies: Shell=*Registry key not found*HKLM\..\Policies: Shell=*Registry value not found*--------------------------------------------------Checking for EXPLORER.EXE instances:C:\WINDOWS\Explorer.exe: PRESENT!C:\Explorer.exe: not presentC:\WINDOWS\Explorer\Explorer.exe: not presentC:\WINDOWS\System\Explorer.exe: not presentC:\WINDOWS\System32\Explorer.exe: not presentC:\WINDOWS\Command\Explorer.exe: not presentC:\WINDOWS\Fonts\Explorer.exe: not present--------------------------------------------------Checking for superhidden extensions:.lnk: HIDDEN! (arrow overlay: yes).pif: HIDDEN! (arrow overlay: yes).exe: not hidden.com: not hidden.bat: not hidden.hta: not hidden.scr: not hidden.shs: HIDDEN!.shb: HIDDEN!.vbs: not hidden.vbe: not hidden.wsh: not hidden.scf: HIDDEN! (arrow overlay: NO!).url: HIDDEN! (arrow overlay: yes).js: not hidden.jse: not hidden--------------------------------------------------Verifying REGEDIT.EXE integrity:- Regedit.exe found in C:\WINDOWS- .reg open command is normal (regedit.exe %1)- Company name OK: 'Microsoft Corporation'- Original filename OK: 'REGEDIT.EXE'- File description: 'Registry Editor'Registry check passed--------------------------------------------------Enumerating Browser Helper Objects:(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}(no name) - C:\Program Files\Yahoo!\Common\YIeTagBm.dll - {65D886A2-7CA7-479B-BB95-14D1EFB7946A}(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}(no name) - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}--------------------------------------------------Enumerating Task Scheduler jobs:1-Click Maintenance.jobNorton AntiVirus - Run Full System Scan - Administrator.job--------------------------------------------------Enumerating Download Program Files:[supportSoft SmartIssue]InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsi.dllCODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab[supportSoft Script Runner Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsr.dllCODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab[shockwave ActiveX Control]InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dllCODEBASE = http://fpdownload.macromedia.com/get...irector/sw.cab[Windows Genuine Advantage Validation Tool]InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLLCODEBASE = http://go.microsoft.com/fwlink/?linkid=39204[Microsoft PID Sniffer]InProcServer32 = C:\WINDOWS\system32\odc.dllCODEBASE = https://support.microsoft.com/OAS/ActiveX/odc.cab[Office Update Installation Engine]InProcServer32 = C:\WINDOWS\opuc.dllCODEBASE = http://office.microsoft.com/officeup...tent/opuc3.cab[WUWebControl Class]InProcServer32 = C:\WINDOWS\System32\wuweb.dllCODEBASE = http://update.microsoft.com/windowsu...?1125934598797[MUWebControl Class]InProcServer32 = C:\WINDOWS\system32\muweb.dllCODEBASE = http://update.microsoft.com/microsof...?1125962955828[Java Plug-in]InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllCODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]InProcServer32 = C:\WINDOWS\system32\macromed\download\Download.dllCODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab[iWinAmpActiveX Class]InProcServer32 = C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AmpX.dllCODEBASE = http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab[Java Plug-in]InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllCODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab[Java Plug-in]InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllCODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab[Java Plug-in 1.5.0_06]InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dllCODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab[Measurement Services Client v.3.7]InProcServer32 = C:\WINDOWS\system32\FUTURE~1\MSC\MSC3.ocxCODEBASE = http://gameadvisor.futuremark.com/global/msc37.cab[shockwave Flash Object]InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocxCODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab[MSN Chat Control 4.5]InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocxCODEBASE = http://chat.msn.com/controls/msnchat45.cab--------------------------------------------------Enumerating Winsock LSP files:NameSpace #1: C:\WINDOWS\System32\mswsock.dllNameSpace #2: C:\WINDOWS\System32\winrnr.dllNameSpace #3: C:\WINDOWS\System32\mswsock.dllProtocol #1: C:\WINDOWS\system32\ua_lsp.dllProtocol #2: C:\WINDOWS\system32\ua_lsp.dllProtocol #3: C:\WINDOWS\system32\ua_lsp.dllProtocol #4: C:\WINDOWS\system32\ua_lsp.dllProtocol #5: C:\WINDOWS\system32\ua_lsp.dllProtocol #6: C:\WINDOWS\system32\ua_lsp.dllProtocol #7: C:\WINDOWS\system32\ua_lsp.dllProtocol #8: C:\WINDOWS\system32\ua_lsp.dllProtocol #9: C:\WINDOWS\system32\ua_lsp.dllProtocol #10: C:\WINDOWS\system32\ua_lsp.dllProtocol #11: C:\WINDOWS\system32\ua_lsp.dllProtocol #12: C:\WINDOWS\system32\ua_lsp.dllProtocol #13: C:\WINDOWS\system32\ua_lsp.dllProtocol #14: C:\WINDOWS\system32\ua_lsp.dllProtocol #15: C:\WINDOWS\system32\ua_lsp.dllProtocol #16: C:\WINDOWS\system32\ua_lsp.dllProtocol #17: C:\WINDOWS\system32\ua_lsp.dllProtocol #18: C:\WINDOWS\system32\ua_lsp.dllProtocol #19: C:\WINDOWS\system32\ua_lsp.dllProtocol #20: C:\WINDOWS\system32\ua_lsp.dllProtocol #21: C:\WINDOWS\system32\ua_lsp.dllProtocol #22: C:\WINDOWS\system32\ua_lsp.dllProtocol #23: C:\WINDOWS\system32\ua_lsp.dllProtocol #24: C:\WINDOWS\system32\mswsock.dllProtocol #25: C:\WINDOWS\system32\mswsock.dllProtocol #26: C:\WINDOWS\system32\mswsock.dllProtocol #27: C:\WINDOWS\system32\rsvpsp.dllProtocol #28: C:\WINDOWS\system32\rsvpsp.dllProtocol #29: C:\WINDOWS\system32\mswsock.dllProtocol #30: C:\WINDOWS\system32\mswsock.dllProtocol #31: C:\WINDOWS\system32\mswsock.dllProtocol #32: C:\WINDOWS\system32\mswsock.dllProtocol #33: C:\WINDOWS\system32\mswsock.dllProtocol #34: C:\WINDOWS\system32\mswsock.dllProtocol #35: C:\WINDOWS\system32\mswsock.dllProtocol #36: C:\WINDOWS\system32\mswsock.dllProtocol #37: C:\WINDOWS\system32\mswsock.dllProtocol #38: C:\WINDOWS\system32\mswsock.dllProtocol #39: C:\WINDOWS\system32\mswsock.dllProtocol #40: C:\WINDOWS\system32\mswsock.dllProtocol #41: C:\WINDOWS\system32\mswsock.dllProtocol #42: C:\WINDOWS\system32\mswsock.dllProtocol #43: C:\WINDOWS\system32\mswsock.dllProtocol #44: C:\WINDOWS\system32\mswsock.dllProtocol #45: C:\WINDOWS\system32\mswsock.dllProtocol #46: C:\WINDOWS\system32\mswsock.dllProtocol #47: C:\WINDOWS\system32\ua_lsp.dll--------------------------------------------------Enumerating Windows NT/2000/XP servicesMicrosoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\as pnet_state.exe (manual start)ASUSHWIO: \??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys (manual start)RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)ATI USB 2.0 TV Audio Crossbar: system32\DRIVERS\atinysxx.sys (manual start)ATI TV WONDER USB2.0 Video & Audio: system32\DRIVERS\atinyvxx.sys (manual start)ATI TV WONDER USB2.0 TV Tuner: system32\DRIVERS\atinyuxx.sys (manual start)ATI TV WONDER USB2.0 Device Driver: System32\Drivers\ATIUTD.sys (manual start)ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)Indexing Service: %SystemRoot%\system32\cisvc.exe (disabled)ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled).NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe (manual start)COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Creative AC3 Software Decoder: System32\drivers\ctac32k.sys (manual start)Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)Creative DVD-Audio Device Driver: System32\drivers\ctdvda2k.sys (manual start)Creative Proxy Driver: System32\drivers\ctprxy2k.sys (manual start)Creative SoundFont Management Device Driver: System32\drivers\ctsfm2k.sys (manual start)DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Disk Driver: System32\DRIVERS\disk.sys (system)Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)dmboot: System32\drivers\dmboot.sys (disabled)Logical Disk Manager Driver: System32\drivers\dmio.sys (system)dmload: System32\drivers\dmload.sys (system)Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)Intel® PRO/1000 Adapter Driver: System32\DRIVERS\e1000325.sys (manual start)Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)E-mu Plug-in Architecture Driver: System32\drivers\emupia2k.sys (manual start)ENTECH: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS (manual start)Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Event Log: %SystemRoot%\system32\services.exe (autostart)COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)fasttx2k: system32\DRIVERS\fasttx2k.sys (system)Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Fax: %systemroot%\system32\fxssvc.exe (autostart)Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)FltMgr: system32\drivers\fltmgr.sys (system)Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)Game Port Enumerator: system32\DRIVERS\gameenum.sys (manual start)Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)GrandTechICNameNT: System32\Drivers\gt680x.sys (manual start)Creative Hardware Abstract Layer Driver: System32\drivers\ha10kx2k.sys (manual start)Creative P16V HAL Driver: System32\drivers\hap16v2k.sys (manual start)Creative P17V HAL Driver: system32\drivers\hap17v2k.sys (manual start)Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)HTTP: System32\Drivers\HTTP.sys (manual start)HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)Intel Integrated RAID: system32\drivers\iaStor.sys (system)IIS Admin: C:\WINDOWS\System32\inetsrv\inetinfo.exe (autostart)CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)RIP Listener: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)IPSEC driver: System32\DRIVERS\ipsec.sys (system)IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Logitech SetPoint HID Mouse Filter Driver: system32\DRIVERS\LHidKE.Sys (manual start)Logitech SetPoint USB Receiver device driver: System32\Drivers\LHidUsbK.Sys (manual start)LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)Logitech SetPoint Mouse Filter Driver: system32\DRIVERS\LMouKE.Sys (manual start)Agere Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)Message Queuing access control: \??\C:\WINDOWS\System32\drivers\mqac.sys (manual start)WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)MRXSMB: System32\DRIVERS\mrxsmb.sys (system)Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)FTP Publishing: %SystemRoot%\System32\inetsrv\inetinfo.exe (disabled)Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)Message Queuing: C:\WINDOWS\System32\mqsvc.exe (autostart)Message Queuing Triggers: C:\WINDOWS\System32\mqtgsvc.exe (autostart)Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)SQL Server (SQLEXPRESS): "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (autostart)SQL Server Active Directory Helper: "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" (disabled)Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)ATI TV WONDER USB2.0 Specialized MVD Codec: system32\DRIVERS\atinymxx.sys (manual start)NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\2006012 9.004\NAVENG.Sys (manual start)NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\2006012 9.004\NavEx15.Sys (manual start)Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)NetBIOS Interface: System32\DRIVERS\netbios.sys (system)NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)Network DDE: %SystemRoot%\system32\netdde.exe (disabled)Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)Net Logon: %SystemRoot%\System32\lsass.exe (manual start)Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Norton AntiVirus Firewall Monitor Service: "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" (autostart)Norton Protection Center Service: "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" (manual start)NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)nv: system32\DRIVERS\nv4_mini.sys (manual start)NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)Creative PC-CAM 550 (Still): System32\Drivers\P0250BUK.SYS (autostart)Creative PC-CAM 550 (Video): system32\DRIVERS\P0250V2K.SYS (manual start)Parallel port driver: System32\DRIVERS\parport.sys (manual start)ATI TV WONDER USB2.0 Specialized PCD Codec: system32\DRIVERS\atinypxx.sys (manual start)PCI Bus Driver: System32\DRIVERS\pci.sys (system)PCIIde: System32\DRIVERS\pciide.sys (system)PDEngine: "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe" (manual start)Portrait Displays low level device driver: System32\Drivers\PdiPorts.sys (manual start)PDScheduler: "C:\Program Files\Raxco\PerfectDisk\PDSched.exe" (autostart)PfDetNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)PfModNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)Plug and Play: %SystemRoot%\system32\services.exe (autostart)IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)Processor Driver: System32\DRIVERS\processr.sys (system)Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)PxHelp20: System32\Drivers\PxHelp20.sys (system)Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)Direct Parallel: System32\DRIVERS\raspti.sys (manual start)Rdbss: System32\DRIVERS\rdbss.sys (system)RDPCDD: System32\DRIVERS\RDPCDD.sys (system)Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)Reliable Multicast Protocol driver: \??\C:\WINDOWS\System32\drivers\RMCast.sys (manual start)Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (manual start)SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)Symantec AVScan: "C:\Program Files\Norton AntiVirus\SAVScan.exe" (manual start)Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Secdrv: System32\DRIVERS\secdrv.sys (autostart)Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)Serial port driver: System32\DRIVERS\serial.sys (system)Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Simple TCP/IP Services: %SystemRoot%\System32\tcpsvcs.exe (autostart)BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)Simple Mail Transfer Protocol (SMTP): C:\WINDOWS\System32\inetsrv\inetinfo.exe (disabled)Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)SQL Server Browser: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" (disabled)SQL Server VSS Writer: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (manual start)System Restore Filter Driver: System32\DRIVERS\sr.sys (system)System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Srv: System32\DRIVERS\srv.sys (manual start)SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{1ACE8623-AADC-4149-8C2D-500C7449E004} (manual start)Symantec Core LC: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (autostart)SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys (manual start)symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)Terminal Device Driver: System32\DRIVERS\termdd.sys (system)Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)ATI TV WONDER USB2.0 Teletext Decoder: system32\DRIVERS\atinyttx.sys (manual start)TuneUp WinStyler Theme Service: "C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe" (manual start)Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)Microcode Update Driver: System32\DRIVERS\update.sys (manual start)User Profile Hive Cleanup: C:\Program Files\UPHClean\uphclean.exe (autostart)Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (disabled)Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)World Wide Web Publishing: %SystemRoot%\System32\inetsrv\inetinfo.exe (disabled)Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)Windows Media Connect (WMC) Helper: C:\Program Files\Windows Media Connect\mswmcls.exe (manual start)Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)WMDM PMSP Service: C:\WINDOWS\system32\MsPMSPSv.exe (autostart)Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)YPCService: C:\WINDOWS\system32\YPCSER~1.EXE (manual start) --------------------------------------------------Enumerating Windows NT logon/logoff scripts:*No scripts set to run*Windows NT checkdisk command:BootExecute = PDBoot.exeWindows NT 'Wininit.ini':PendingFileRenameOperations: *Registry value not found*--------------------------------------------------Enumerating ShellServiceObjectDelayLoad items:PostBootReminder: C:\WINDOWS\system32\SHELL32.dllCDBurn: C:\WINDOWS\system32\SHELL32.dllWebCheck: C:\WINDOWS\System32\webcheck.dllSysTray: C:\WINDOWS\System32\stobject.dllUPnPMonitor: C:\WINDOWS\system32\upnpui.dll--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run*Registry key not found*--------------------------------------------------End of report, 43,767 bytesReport generated in 0.172 secondsCommand line options:/verbose - to add additional info on each section/complete - to include empty sections and unsuspicious data/full - to include several rarely-important sections/force9x - to include Win9x-only startups even if running on WinNT/forcent - to include WinNT-only startups even if running on Win9x/forceall - to include all Win9x and WinNT startups, regardless of platform/history - to list version history only Quote Link to comment Share on other sites More sharing options...
Steve Posted February 1, 2006 Author Share Posted February 1, 2006 Tell him to post a normal log! That's too fucking much to look at. lol. At a glance there doesn't seem to be anything wrong though. Quote Link to comment Share on other sites More sharing options...
staxman Posted February 1, 2006 Share Posted February 1, 2006 help my computer keeps on restarting for no reason, im running a xp 2.8 over clocked to a 3.2, 1 gig of ram, asus a7n8x motherboard, cpu 39 c, system temp 29 c. i dont know what to do, someone please help, hopefully someone can help me with a hijack this log, here it isalso im using a 300w psu which came with the case and pretty much all of the molex cables Logfile of HijackThis v1.99.1Scan saved at 11:48:44, on 01/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\SyncroSoft\Pos\H2O\cledx.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Free Download Manager\fdm.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\AW\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /rO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorunO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe thanks andy Quote Link to comment Share on other sites More sharing options...
Steve Posted February 2, 2006 Author Share Posted February 2, 2006 There's nothing in the log mate. You could try disabling the automatic restart so that a blue screen of death appears instead, then you can write down the error and Google it. To fo that: - Right click My Computer and choose Properties.Select the Advanced tab.In the Startup and Recovery section hit Settings.Uncheck the box next to "Automatically restart".Hit OK.Hit Apply then OK.Reboot. Next time it crashes you should see the error. Let it happen a couple of times to make sure it's the same every time, then once you have it written down you can reverse the steps above so it auto-restarts again (at least til you fix it). Quote Link to comment Share on other sites More sharing options...
staxman Posted February 2, 2006 Share Posted February 2, 2006 thanks man ill give it a go, although since i moved some wires about inside the case the airflow has improved and its not crashed since :s Quote Link to comment Share on other sites More sharing options...
Steve Posted February 4, 2006 Author Share Posted February 4, 2006 Right click on My Computer and choose Properties. Click on the System Restore tab and check the box that says "Turn off System Restore on all drives", then hit Apply then OK. Reboot the PC and do another virus scan - it should come back clean - if it does, then go back and turn System Restore back on then run it and create a new restore point. The area of the hard drive set aside for System Restore is protected and can't be cleaned by antivirus programs. If viruses get trapped in there, this is the only way to clean them. It has to be done, because if you ever need to use System Restore and there's a virus trapped in there, it'll re-infect your machine. Quote Link to comment Share on other sites More sharing options...
Steve Posted February 4, 2006 Author Share Posted February 4, 2006 lol. Cool man. Quote Link to comment Share on other sites More sharing options...
Nimrod Posted February 6, 2006 Share Posted February 6, 2006 steven could you have a quick look through this log please? basically my comp is starting to go much slower than normal, stuff like net pages loading much slower than normal, stuff like that (im on a network at home but none of my housemates are dling/uping anything too large at the min, and its never been a prob before) trying to figure out the best ways i can get my machine more streamlined etc. Logfile of HijackThis v1.99.1Scan saved at 09:43:56, on 06/02/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exeC:\WINDOWS\System32\DeltTray.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\MOZILL~1\firefox.exeC:\Program Files\iTunes\iTunes.exeC:\Documents and Settings\Matt\My Documents\INSTALLS\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nutrider.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ntlworld.com/broadbandO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0O4 - HKLM\..\Run: [DeltTray] DeltTray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimizeO4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: AMSN.lnk = C:\Program Files\AMSN\amsn.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exeO9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{72ED4BB2-D4EA-4140-A4FF-239980244C8B}: NameServer = 192.168.1.1O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exeO23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe any suggestions mate? Quote Link to comment Share on other sites More sharing options...
Steve Posted February 6, 2006 Author Share Posted February 6, 2006 There's nothing bad there, although there's a left over entry from a spyware infection. Fix these items in HijackThis: - O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing) Reboot, enable hidden/system files and delete this file if found: - C:\WINDOWS\System32\angelex.exe You might wanna disable programs like Skype, Ares, MSN Messenger and AMSN from starting with the PC unless you're using them constantly cos you can start any of them from a shortcut when required. You need to update your Java too. Download the new one by clicking this link: - http://jdl.sun.com/webapps/download/AutoDL?BundleId=10343 Uninstall the old one via Add or Remove Programs, reboot, then install the new one. Quote Link to comment Share on other sites More sharing options...
trick Posted February 8, 2006 Share Posted February 8, 2006 Eaaaaaaaasy now! Any chance you could cast an eye over this mate? Only I have a bitch of a problem with my system and I'm buggered if I can fix it. In short, the PC keeps freezing up, especially when I do things that thread via Explorer.exe, like click a URL in an email to open the page on my browser. I've run Ad Aware, which found some bits but only one major malware threat, and all found items were quarantined. However, the issue persists, leaving me flummoxed. So - any thoughts on this log file? Logfile of HijackThis v1.99.1Scan saved at 17:31:09, on 08/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\FSI\F-Prot\fpavupdm.exeC:\WINDOWS\System32\oodag.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\FSI\F-Prot\F-Sched.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\WINDOWS\system32\WISPTIS.EXEC:\Program Files\NetLimiter\NetLimiter.exeC:\Program Files\FSI\F-Prot\F-StopW.exeC:\Program Files\Avant Browser\avant.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\WINDOWS\system32\taskmgr.exeC:\Documents and Settings\Trick\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.turntableradio.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htmF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINNT\system32\explorer.exeO1 - Hosts: 66.250.45.10 inferno.demonoid.comO1 - Hosts: 66.250.45.10 demonoid.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\fdcatch.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\RepliGo\RepliGoIEHelper.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\RepliGo\RepliGoIEBar.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\fdiebar.dllO4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /sO4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUPO4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXEO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [skypeMate] C:\Program Files\SkypeMate\SkypeMate.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.htmlO8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htmO8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htmO8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htmO8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htmO8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htmO9 - Extra button: (no name) - AutorunsDisabled - (no file)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\SiteRipper\WinHTTrackIEBar.dllO9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\SiteRipper\WinHTTrackIEBar.dllO9 - Extra button: FreshDownload - {78C93D26-BFB6-4511-9D5B-88C062FC0100} - C:\Program Files\FreshDownload\fd.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cabO16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://207.177.70.58:83/kxhcm10.ocxO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cabO16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://camera5.buffalotrace.com/activex/AMC.cabO16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://www.vodafone.net/VoiceRecorder/SBCRP.cabO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.infuzer.com/IDC/client/player/isetup.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://85.142.6.54/activex/AxisCamControl.cabO16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cabO18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocxO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exeO23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe Any thoughts would be much appreciated, as for once I'm fairly well out of my comfort zone with all this Quote Link to comment Share on other sites More sharing options...
Steve Posted February 8, 2006 Author Share Posted February 8, 2006 Alright man. LTNS! At a glance I don't see anything, other than this: - F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINNT\system32\explorer.exe You're using XP right? I don't have a C:\WINNT folder on my machine. The file "explorer.exe" is in the main WINDOWS folder on my computer. Try browsing to the explorer.exe inside that WINNT\system32 folder and upload it here to check it over: - http://virusscan.jotti.org Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.