Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack Log Submitted

Started by Harley11407 , Jul 24 2007 04:25 PM

  • Please log in to reply
18 replies to this topic

#1 Harley11407

Harley11407

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 24 July 2007 - 04:25 PM

Could someone please tell me if anything within the below log file could be causing any havoc on my pc, and which ones I can check to remove?

I have turned off most all non-essential programs & services but the erratic behavior persists.

Also I have turned system restore off and run a full scan with AVG 7.5 and Adaware & rebooted before creating this Hijack file for viewing.

Thanks for any replys.

Logfile of HijackThis v1.99.1
Scan saved at 5:22:35 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PROMon.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AbsoluteShield Track Eraser - {4A0EF50C-6A4A-4b30-84D8-53D5BC95C043} - C:\Program Files\SysShield Tools\Track Eraser\cseraser.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} - http://www.pcpitstop...virus/PCPAV.CAB
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative....15016/CTPID.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop...p/PCPitStop.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Edited by Harley11407, 24 July 2007 - 04:26 PM.

    Advertisements

Register to Remove

#2 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 26 July 2007 - 08:58 PM

Howdy Harley11407, Welcome to Tom Coyote. No infection showing here - an unusual log in appearance though. Almost looks like many legitimate items have been partly removed or non-existent there. What methods did you do to reduce items on your system like you mention? Also, what type of "havoc" are you experiencing? If alerts or BSOD's, what error messages are you receiving?

#3 Harley11407

Harley11407

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 28 July 2007 - 02:54 PM

Jintan, Thanks for the reply. I simply went into msconfig and prevented various programs from starting with windows and also went into services and stopped non essential items.

I have been having problems with both shutdowns & startups with windows hanging in both.

I d\l and installed the utility called uphclean that will automatically unload any registry strings that may have been holding the process from terminating thus not allowing windows to properly shutdown. I only found one process which was one of the creative soundblaster programs so I simply terminated it from running in windows. This still did not rectify the problem.

I also uninstalled the latest Nvidia video drivers, rebooted in Safe mode and ran the driver cleaner program to remove all traces of nvidia and then re-installed the latest Nvidia drivers 93.71.

Still having problems.

I have been having to start windows up in VGA mode to get windows to load successfully and sometimes it hangs even attempting to load windows using the VGA mode for startup.

I have no artifacts or high temps in the pc cpu or the video card, no low P.S. voltages, ran memtest on the ram, and the pc is dust free and clean.

I even removed the secondary HD I had in it and am currently running just one 120gb and pinned it for CS [cable select]

But the shutdown & startup issues persist.

My display is a LCD 18" VGA\DVI and I have tried both the vga & dvi cable.

Intel P4 2.4 GHZ
1 gig ram
Antec 480 watt PS
I was using an ATI AIW X800XT but switched it out with a nominal load old Nvidia MX440 vid card.

All of windows updates are current with the latest.

I am just about ready to copy my wanted software files & pictures and just junk this pc and buy another, but I have always in the past been able to fix problems with help but this time it is getting the best of me !

I guess I could start uninstalling software programs and running CCleaner afterwards but havent tried that yet.

I havent replaced or reset the CMOS since the battery seems fine since the time is not lagging and I checked the bios and it is still the same from over two years ago when I had written it down.

I have no way of knowing what is causing the freezes during shutdown & startup. I know of no programs I could install that would tell me.

The event viewer in application nor system shows anything that is hanging or not loading causing this scenario.

Anyways sorry for the long reply, but was just wanting you to know all the remedys I have tried.

Regards,

Logfile of HijackThis v1.99.1
Scan saved at 3:49:21 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\PROMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AbsoluteShield Track Eraser - {4A0EF50C-6A4A-4b30-84D8-53D5BC95C043} - C:\Program Files\SysShield Tools\Track Eraser\cseraser.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} - http://www.pcpitstop...virus/PCPAV.CAB
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative....15016/CTPID.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop...p/PCPitStop.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

#4 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 29 July 2007 - 04:03 PM

Quite a few changes, and sounds like you have been doing some realistic assessment there. Again this log is pretty limited for info - let's take an additional look for now. If nothing shows amiss and no malware indicated might be something to take up at our Other Computer Problems, but let's see.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.


1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, it will create two text files - main.txt <- this one will be maximized and extra.txt<-this one will be minimized on your Taskbar.
4. Copy/paste both logs back here please (they will also be located at C:\Deckard\System Scanner).

Make sure you notice the extra.txt second log that will show as minimized on your Task Bar, "Maximize" that and be sure to paste those contents here as well.

#5 Harley11407

Harley11407

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 July 2007 - 07:34 AM

Jintan, I d\l the program you suggested and will run it and paste the two results in the next reply. In the meantime I d\l the SpeedFan 4.32 utility just to recheck my voltages & temps and everything is still O.K. but after d\l this from a site called filehippo I noticed two additional processes began running in the pc called DLL.HOST.exe/System and MSDTC.exe/ NetworkService and I had not noticed them running in task manager before. Are these valid programs as googling them indicates?

Here is another HiJack log before I paste the other scanner results you need in the next reply:

Logfile of HijackThis v1.99.1
Scan saved at 8:30:47 AM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\PROMon.exe
C:\WINNT\System32\dllhost.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AbsoluteShield Track Eraser - {4A0EF50C-6A4A-4b30-84D8-53D5BC95C043} - C:\Program Files\SysShield Tools\Track Eraser\cseraser.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} - http://www.pcpitstop...virus/PCPAV.CAB
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative....15016/CTPID.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop...p/PCPitStop.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Edited by Harley11407, 30 July 2007 - 07:35 AM.

#6 Harley11407

Harley11407

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 July 2007 - 07:44 AM

Jintan below are the results from the Scanner you requested:


Deckard's System Scanner v20070729.57
Run by Owner on 2007-07-30 at 08:35:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2007-07-30 13:35:44 UTC - RP240 - Deckard's System Scanner Restore Point
15: 2007-07-29 19:42:28 UTC - RP239 - System Checkpoint
14: 2007-07-28 19:36:17 UTC - RP238 - After Secondary HD F: removed from pc
13: 2007-07-28 18:51:43 UTC - RP237 - Restore Operation
12: 2007-07-28 15:40:25 UTC - RP236 - Latest with new net 2.0 updates Use this one


-- First Restore Point --
1: 2007-07-24 00:03:53 UTC - RP225 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:37:02 AM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\PROMon.exe
C:\WINNT\System32\dllhost.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AbsoluteShield Track Eraser - {4A0EF50C-6A4A-4b30-84D8-53D5BC95C043} - C:\Program Files\SysShield Tools\Track Eraser\cseraser.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} - http://www.pcpitstop...virus/PCPAV.CAB
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative....15016/CTPID.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop...p/PCPitStop.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070723-141842-155 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20070723-141842-852 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINNT\System32\shell32.dll,71
.ini - inifile - DefaultIcon - C:\WINNT\System32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINNT\System32\shell32.dll,70
.txt - txtfile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\winnt\system32\giveio.sys
R0 snapman (Acronis Snapshots Manager) - c:\winnt\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 speedfan - c:\winnt\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 SSI - c:\winnt\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\winnt\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 cdrbsdrv - c:\winnt\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 MBMIoDrvr - c:\winnt\system32\mbmiodrvr.sys <Not Verified; cansoft@livewiredev.com; Windows ® 2000 DDK driver>
R1 PCLEPCI - c:\winnt\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\winnt\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 hmonitor - c:\winnt\system32\drivers\hmonitor.sys
R2 lf - c:\program files\lock folder xp 3.2\unishieldxp.sys
R2 RioPNP - c:\winnt\system32\drivers\riopnp.sys <Not Verified; RioPort.com; >
R2 Sentinel - c:\winnt\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\winnt\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
R2 xinstall - c:\winnt\system32\drivers\xinstall.sys
R3 LMPC2 - c:\winnt\system32\drivers\lmpc2.sys <Not Verified; FSPro Labs; LMPC>
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\winnt\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>
R3 Pcouffin (Low level access layer for CD devices) - c:\winnt\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 TVICHW32 - c:\winnt\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
R3 wanatw (WAN Miniport (ATW)) - c:\winnt\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>

S0 PxHelp20 - c:\winnt\system32\drivers\pxhelp20.sys (file missing)
S1 ATITool (ATITool Overclocking Utility) - c:\winnt\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
S2 CDRPDACC (Arrowkey Device Access) - f:\program files\321studios\shared\cdrpdacc.sys (file missing)
S3 AGBFMON - c:\winnt\system32\drivers\agbfmon.sys
S3 AnyDVD - c:\winnt\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
S3 ASAPIW2k - c:\winnt\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\winnt\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>
S3 C-Dilla - c:\winnt\system32\drivers\cdant.sys <Not Verified; Macrovision; Licence Management System>
S3 ENTECH - c:\winnt\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 pfc (Padus ASPI Shell) - c:\winnt\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 RadProbe (Radeon Probe Driver) - c:\winnt\system32\drivers\radprobe.sys <Not Verified; ; RadProbe>
S3 SaiNtHid - c:\winnt\system32\drivers\sainthid.sys <Not Verified; Saitek; Configuration Software>
S3 VNUSB (VN Series Device) - c:\winnt\system32\drivers\vnusb.sys <Not Verified; OLYMPUS IMAGING CORP.; VVRUSB Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 C-DillaSrv - c:\winnt\system32\drivers\cdantsrv.exe <Not Verified; C-Dilla Ltd; CD-Secure/CD-Compress Windows NT>
R2 LicCtrlService (LicCtrl Service) - c:\winnt\runservice.exe
R2 NMSSvc (Intel® NMS) - c:\winnt\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S4 AcrSch2Svc (Acronis Scheduler2 Service) - c:\program files\common files\acronis\schedule2\schedul2.exe <Not Verified; Acronis; Acronis Scheduler 2>


-- Scheduled Tasks -------------------------------------------------------------

2006-11-28 21:58:19 342 --a------ C:\WINNT\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1156800542.job


-- Files created between 2007-06-30 and 2007-07-30 -----------------------------

2007-07-30 08:04:47 0 d-------- C:\Program Files\SpeedFan
2007-07-28 20:04:06 23600 --a------ C:\WINNT\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2007-07-28 19:48:28 0 d-------- C:\WINNT\LastGood
2007-07-28 13:52:07 0 d-------- C:\WINNT\nview
2007-07-28 13:51:52 0 d-------- C:\NVIDIA
2007-07-28 13:42:06 0 d-------- C:\NVIDIA(2)
2007-07-28 13:23:12 0 d-------- C:\WINNT\nview(2)
2007-07-28 10:40:20 7864320 --a------ C:\Documents and Settings\Owner\ntuser.dat
2007-07-28 09:02:21 0 d-------- C:\Program Files\Lavasoft
2007-07-27 22:43:08 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-07-23 14:41:08 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-07-23 14:40:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-22 22:59:22 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-07-21 21:39:24 0 d-------- C:\Program Files\MSECACHE
2007-07-21 21:37:44 0 d-------- C:\WINNT\SxsCaPendDel
2007-07-20 19:20:37 0 d-------- C:\Program Files\UPHClean
2007-07-20 18:52:57 0 d-------- C:\Documents and Settings\Administrator.SILVERFOX\Application Data\MSN6
2007-07-19 18:17:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7


-- Find3M Report ---------------------------------------------------------------

2007-07-28 19:30:32 1121 --ahs---- C:\WINNT\system32\mmf.sys
2007-07-27 21:47:23 384 --a------ C:\WINNT\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10021102}.dat
2007-07-27 21:47:23 384 --a------ C:\WINNT\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10021102}.dat
2007-07-20 15:43:46 0 d-------- C:\Program Files\PCBugDoctor
2007-07-20 13:03:46 1324 --a------ C:\WINNT\system32\d3d9caps.dat
2007-07-18 12:11:20 38567 --a------ C:\WINNT\system32\pcpbios.exe
2007-06-29 10:07:00 0 d-------- C:\Program Files\FaceOnBody
2007-06-28 12:20:04 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2007-06-28 09:51:47 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2007-06-26 10:44:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 10:11:10 0 d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-06-03 09:39:30 0 d-------- C:\Program Files\Ontrack
2007-06-03 08:01:57 0 d-------- C:\Program Files\AimOne_AlltoMP3
2007-06-03 07:57:18 0 d-------- C:\Program Files\Canon
2007-06-03 07:47:20 0 d-------- C:\Program Files\GetSmile
2007-05-31 11:23:13 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" [04/18/2002 07:32 PM C:\WINNT\system32\PROMon.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07/23/2007 02:40 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINNT\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINNT\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeAlarm]
C:\Program Files\Chameleon Clock\ChamClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search and Recover Disk Image Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speaking Clock Deluxe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyStopper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCleaner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tray Temperature]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tukati:1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwSecSvc"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

*Newly Created Service* - ALERTER
*Newly Created Service* - GIVEIO
*Newly Created Service* - NMSSVC
*Newly Created Service* - SPEEDFAN
*Newly Created Service* - TVICHW32



-- End of Deckard's System Scanner: finished at 2007-07-30 at 08:37:33 ---------


EXTRA.TXT:
Deckard's System Scanner v20070729.57
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1022.8 MiB / 575.41 MiB
Pagefile Memory (total/avail): 2461.43 MiB / 2195.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1968.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.79 GiB total, 64.67 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\WINNT\\system32\\dpvsetup.exe"="C:\\WINNT\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINNT\\system32\\rundll32.exe"="C:\\WINNT\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SILVERFOX
ComSpec=C:\WINNT\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\SILVERFOX
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\PC-Doctor for Windows\services;C:\WINNT\System32\spool\DRIVERS\W32X86\3;C:\Program Files\BadgerSoft\SVCD2DVD\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=SILVERFOX
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator.SILVERFOX (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE" /U /S /R
--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S /R
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
--> C:\WINNT\UNNeroVision.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
#1 Video Converter 3.9.4 --> "C:\Program Files\NO1 Video Converter\unins000.exe"
Abrosoft FantaMorph 3.0 --> "C:\Program Files\Abrosoft\FantaMorph3\unins000.exe"
AbsoluteShield Track Eraser --> "C:\Program Files\SysShield Tools\Track Eraser\unins000.exe"
Acoustica Audio Converter Pro --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica MP3 Audio Mixer --> C:\PROGRA~1\ACOUST~3\UNWISE.EXE C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Acronis True Image --> C:\Program Files\Acronis\TrueImage\MediaBuilder.exe -uninstall
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Advanced Image Resizer v2.0 --> "C:\Program Files\Advanced Image Resizer\unins000.exe"
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AntiCrash 3.6.1 --> "C:\Program Files\Dachshund Software\AntiCrash\Uninstall.exe" "C:\Program Files\Dachshund Software\AntiCrash\install.log"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
ArcSoft Funhouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21A7C708-D575-491C-94AE-86FFCF2BF19F}\Setup.exe" -l0x9 -uninst
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22D14F78-76EC-45E6-9D40-E8331019C4DF}\Setup.exe" -l0x9
Ashampoo Movie Shrink & Burn --> C:\PROGRA~1\Ashampoo\ASHAMP~1\UNWISE.EXE C:\PROGRA~1\Ashampoo\ASHAMP~1\INSTALL.LOG
Ashampoo Movie Shrink & Burn 2 --> "C:\Program Files\Ashampoo\Ashampoo Movie Shrink & Burn 2\Uninstall\MSB2_Uninstall.EXE"
Auction Picture FX --> C:\WINNT\unvise32.exe C:\Program Files\AuctionPictureFX\uninstal.log
Audio Recorder Deluxe --> "C:\Program Files\Audio Recorder Deluxe\unins000.exe"
Aurora MPEG To DVD Burner 4.6.12 --> "C:\Program Files\Aurora MPEG To DVD Burner\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI/MPEG/ASF/WMV Splitter 3.22 --> "C:\Program Files\AVI MPEG ASF WMV Splitter\unins000.exe"
AVI/MPEG/RM/WMV Joiner 4.81 --> "C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe"
BenVista PhotoZoom Professional 1.1.14 --> C:\Program Files\BenVista\PhotoZoom Professional\Uninstall.exe
CaptureWizPro 3.00 --> C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe uninstal
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD LabelMaker --> C:\WINNT\IsUninst.exe -f"C:\Program Files\DATA BECKER\CD LabelMaker\Uninst.isu"
Chameleon Clock 3.5 --> "C:\Program Files\Chameleon Clock\unins000.exe"
CloneDVD 3.9 --> "C:\Program Files\CloneDVD\unins000.exe"
CopyToDVD Suite 3 --> "C:\Program Files\VSO\unins000.exe"
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
CrazyTalk v3.5 Home Edition + Web Module --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2673A1E0-687D-11D4-AC17-0050FC01328A}\Setup.exe" -l0x9 /uninstall
CrazyTalk v4.0 Media Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40B3D357-96DE-4889-A8F4-C533A39E3608}\Setup.exe" -l0x9 /uninstall
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative DVD Audio Plugin for Audigy Series --> "C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Creative JukeBox Driver --> C:\Program Files\Creative\JukeBox Driver\Setup\Setup.exe /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Creative NOMAD II Driver --> C:\Program Files\Creative\NOMAD2 Driver\DrvUnins.exe /s
DH Driver Cleaner Professional Edition --> C:\Program Files\Driver Cleaner Pro\Uninstall.exe
Do More --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Gateway\Do More\Uninst.isu"
DVD Audio Extractor 3.4.1 --> "C:\Program Files\DVD Audio Extractor\unins000.exe"
DVD Shrink 3.1.6 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD X Copy Platinum 4.0.3 --> "C:\Program Files\321Studios\Platinum\uninstall.exe"
DVD X Rescue --> F:\PROGRA~1\321STU~1\DVDXRE~1\UNWISE.EXE F:\PROGRA~1\321STU~1\DVDXRE~1\INSTALL.LOG
DVDFab Platinum 2.9.5.9 --> "C:\Program Files\DVDFab Platinum\unins000.exe"
DVDXCopy Platinum 4.0.3 --> "C:\Program Files\321Studios\uninstall.exe"
Easy GIF Animator 3.2 --> "C:\Program Files\Easy GIF Animator\unins000.exe"
Evidence Eliminator --> C:\PROGRA~1\EVIDEN~1\UNWISE.EXE C:\PROGRA~1\EVIDEN~1\INSTALL.LOG
FaceOnBody --> C:\Program Files\FaceOnBody\Uninstall.exe
File-Saver --> "C:\Program Files\File-Saver\unins000.exe"
Focus Video Converter 1.8 --> "C:\Program Files\Focus Video Converter\unins000.exe"
Folder Guard - Professional Edition --> "C:\Program Files\WinAbility\Folder Guard NT\Setup.exe" /U
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
GoldWave v5.12 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.12" "C:\Program Files\GoldWave\unstall.log"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTW V.92 Voicemodem --> C:\WINNT\GWMDMU.exe verbose
HDD Regenerator --> MsiExec.exe /X{2FE765BF-9ED7-4A24-9FCF-B9DD3B48C028}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HiNetRecorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88386DE-0D91-4738-9ABD-A991D118A191}\Setup.exe"
Hit-Recorder --> "C:\Program Files\Hit-Recorder\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINNT\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2200 series --> MsiExec.exe /X{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}
HyperSnap-DX 5 --> C:\Program Files\HyperSnap-DX 5\HprUnInst.exe
ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
InkSaver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4025244F-7F7C-4AB8-BF9A-F4A017AE6674}
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Internet Explorer Q903235 --> C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
InterVideo WinDVD 5 --> "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
It'sMe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D88F4419-686D-476D-B9EF-ACF9F01309B7}\setup.exe" /uninstall
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{24960CD0-661D-4957-9D5F-D2905A30EDB1}
K-Lite Codec Pack 2.73 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\LHTTSENG.inf, Uninstall
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire PRO 4.12.4 --> "C:\Program Files\LimeWire\uninstall.exe"
Live Billiards --> C:\Program Files\TerraGame\Live Billiards\PoolUninst.exe C:\Program Files\TerraGame\Live Billiards\LiveBilliardUninst.log
Lock Folder XP 3.2 --> "C:\Program Files\Lock Folder XP 3.2\unins000.exe"
Lock My PC 3.2 for Windows 98/ME and Windows 2000/XP --> C:\Program Files\LMPC3\lockpc.exe /u
Logitech MouseWare 9.80 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
MadOnion.com/PCMark2002 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D81D227-790A-43D8-BD30-6A7935CD6837}\Setup.exe" -l0x9 uninstall -uninst
Magic ISO Maker v5.0 (build 0166) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MainConcept MPEG Encoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DB10AF3B-E30E-49F9-84AC-26785D689E13} /l1033
MakeTorrent v2.1 --> "C:\Program Files\Maketorrent 2\uninstall.exe"
Memory Guard --> "C:\Program Files\ParticleG\Memory Guard\Uninstall.exe" "C:\Program Files\ParticleG\Memory Guard\install.log"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Digital Image Pro 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE134}
Microsoft Encarta Encyclopedia Standard 2003 --> MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft English TTS 5.1 --> MsiExec.exe /I{27A33E01-2CBF-405A-A7DA-B900218DB898}
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msTTSs22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\wmv9vcm.inf, Uninstall
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe d:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Miliki Super Compressor Professional --> MsiExec.exe /X{F532F3CD-25C0-4391-9CE0-B98E8D03E12A}
Movie DVD Maker 1.3.8 --> "C:\Program Files\Movie DVD Maker\unins000.exe"
MP3 & MPEG Joiner 1.2 --> "C:\Program Files\MP3 & MPEG Joiner\unins000.exe"
MP3 CD Converter Professional 5.01 --> "C:\Program Files\MP3 CD Converter Professional\unins000.exe"
MP3 Edit Magic Platinum version 3.0.1 --> "C:\Program Files\Mp3 Edit Magic\unins000.exe"
MpegSoft Video Convert 1.4 --> C:\PROGRA~1\MPEGSO~1\UNWISE.EXE C:\PROGRA~1\MPEGSO~1\INSTALL.LOG
MSN Messenger 6.2 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msninst.inf,Uninstall
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\mtbs.exe c
MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe
MUSICMATCH Jukebox --> C:\WINNT\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
MyProfessionalBusinessCards --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3440743-FCC9-4BFC-B630-4EFC0C1A8D44}\setup.exe" -l0x9 UNINSTALL
Nature Illusion Studio --> C:\Program Files\Nufsoft\NatureStudio\Uninstall.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Noiseware Professional Edition --> MsiExec.exe /I{D6F1DA03-C914-4856-87EB-CF2C54A26A9D}
NVIDIA Drivers --> C:\WINNT\system32\nvudisp.exe UninstallGUI
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PC Pitstop Optimize 1.0t --> "C:\Program Files\PCPitstop\Optimize\unins000.exe"
PCBugDoctor version 1.0.0.5 --> "C:\Program Files\PCBugDoctor\unins000.exe"
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
PhotoBuilder --> C:\WINNT\IsUninst.exe -f"C:\Program Files\PhotoBuilder\Uninst.isu"
PhotoCleaner --> "C:\Program Files\PhotoCleaner\uninstall.exe"
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
PhotoDVD 0.9.8 --> "C:\Program Files\vso\PhotoDVD\unins000.exe"
PhotoShow Deluxe --> C:\WINNT\unvise32.exe C:\Program Files\Simple Star\PhotoShow Deluxe\data\uninstal.log
Pinnacle Hollywood FX 5 --> C:\WINNT\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
Pinnacle Hollywood FX for Studio --> C:\WINNT\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Power Video Converter 1.5.5 --> "C:\Program Files\Power Video Converter\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Private Encryptor ™ --> C:\Program Files\PrivateEncryptor\encryptor.exe /U
ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
Quicken 2002 New User Edition --> C:\WINNT\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime --> C:\WINNT\unvise32qt.exe C:\WINNT\System32\QuickTime\Uninstall.log
RAM Idle Professional --> "C:\Program Files\RAM Idle\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
Recover My Photos --> "C:\Program Files\Recover My Photos\unins000.exe"
Registry TuneUp 1.1 --> "C:\Program Files\AceLogix\Registry TuneUp\unins000.exe"
Saitek NT Controller Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}\setup.exe" AddRem
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sentinel System Driver --> C:\WINNT\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
SereneScreen Marine Aquarium 2 --> "C:\Program Files\SereneScreen\Marine Aquarium 2\unins000.exe"
Shockwave --> C:\WINNT\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\System32\Macromed\SHOCKW~1\Install.log
SmartFTP Client --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoftColor photo sledgehammer 1.0 - TRIAL --> "C:\Program Files\SoftColor photo sledgehammer\unins000.exe"
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\setup.exe" -l0x9
Sound Blaster Audigy 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\SETUP.EXE" -l0x9
Speed DVD Creator 4.0.1 --> "C:\Program Files\Speed DVD Creator\unins000.exe"
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
STOIK Smart Resizer --> MsiExec.exe /X{A71CE50A-6122-469A-BE77-1B7905287B4D}
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Studio 9.3 Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x9 UNINSTALL
Super Video Joiner 1.7.1 --> "C:\Program Files\Super Video Joiner\unins000.exe"
SVCD2DVD --> MsiExec.exe /I{C051E689-5F31-486B-A2F0-B26189FA9EA7}
The Panorama Factory V4 --> C:\PROGRA~1\SMOKYC~1\THEPAN~1\UNWISE.EXE C:\PROGRA~1\SMOKYC~1\THEPAN~1\INSTALL.LOG
TMPGEnc 3.0 XPress --> MsiExec.exe /I{D48EAA77-E526-41EB-894C-BD6A17EABD95}
TMPGEnc DVD Author 1.6 --> C:\Programme\Pegasys Inc\TMPGEnc DVD Author 1.6\Uninstal.exe
Total Video Converter 2.40 --> "C:\Program Files\Total Video Converter\unins000.exe"
Ultra DVD Creator 1.3.8 --> "C:\Program Files\Ultra DVD Creator\unins000.exe"
Ultra Video Converter 1.3.4 --> "C:\Program Files\Ultra Video Converter\unins000.exe"
Ultra Video Splitter 2.9.6 --> "C:\Program Files\Ultra Video Splitter\unins000.exe"
UltraISO V7.51 ME --> "C:\Program Files\UltraISO\unins000.exe"
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VCDEasy --> "C:\Program Files\VCDEasy\unins000.exe"
Video-AVI to GIF Converter v2.012 (Release date: 05-11-18) --> "C:\Program Files\Video-AVI to GIF Converter\unins000.exe"
VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VideoMach 3.2.0 --> C:\Program Files\VideoMach-3.2.0\uninstall.exe
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\\mtsAxInstaller.exe /u
Water Illusion Screensaver --> C:\Program Files\Nufsoft\WaterIllusion\Uninstall.exe
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\setup.exe" -l0x9 -eliminate
WinASO Registry Optimizer 2.5 --> "C:\Program Files\WinASO\Registry Optimizer 2.5\unins000.exe"
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Window Washer --> C:\WINNT\Unwash6.exe
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Connect --> "C:\WINNT\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinGuard Pro 2004 --> C:\WINNT\unins000.exe
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Your Uninstaller! 2006 Version 5 --> "C:\Program Files\Your Uninstaller 2006\unins000.exe"


-- End of Deckard's System Scanner: finished at 2007-07-30 at 08:37:33 ---------

#7 Harley11407

Harley11407

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 July 2007 - 08:21 AM

Jintan, just curious but since I have switched out the video card from the ATI AIW X800xt to the Nominal load Nvidia MX440 and ran the Drivercleaner pro program to remove presumably traces of any ATI data do you think because of these trace ATI programs found with the Deckard Scanner that these traces could be causing a conflict in the bootup & shutdown process:

I noticed these and would like to remove them if possible. These actual programs are not installed in the pc but these traces are still in the system:

S1 ATITool (ATITool Overclocking Utility) - c:\winnt\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>

S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\winnt\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream

S3 RadProbe (Radeon Probe Driver) - c:\winnt\system32\drivers\radprobe.sys <Not Verified; ; RadProbe>

I can recall the S1 above ATI overclocking utility causing problems in this pc right after I installed this 3rd party app and removed the program but obviously this low level driver remained.


Also this PowerStrip app is NOT installed in the pc either but the drivers still are depicted here:

S3 ENTECH - c:\winnt\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>


Just thought I would inquire about these findings even though I am just guessing !

I also thought about running sfc/ scannow to replace any missing files but this pc has SP2 in it now and I only have the original XP SP1 CD that came with the pc in 2002. So I am sure the sfc/ scannow run will be requesting the XP CD be inserted and I only have the SP1 version to insert. I do not have a slipstream bootable disc with the sp2 upgrade and I dont think I have the knowledge to create one anyway.

I thought about trying the below which may prevent the sfc/ scannow scan from requesting the XP CD but I dont know if I thouroughly understand how to do this procedure either:

http://www.compphix....protection.html

Regards & Thanks for All the help thus far ! :scratch:

#8 Harley11407

Harley11407

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 July 2007 - 09:05 AM

Jintan, I did take a closer look at the procedure outlined here in this link I mentioned in my last reply:

http://www.compphix....protection.html

I did go to the folder options/view and unchecked hide operating systems folders.

Then went to C:windows/system folder and it is empty. I could not find any folder on the system called C:WINDOWSSystem32Dllcache I have no clue where the 32Dllcache folder is ?
Even hit start and did a search/files or folders for 32Dllcache and it came up with nothing.

The I386 folder is in the C:drive and its contents is 327mb. I would assume that when I upgraded thru windows updates to SP2 a year ago that any sp2 files are now included in this I386 folder right?

I also went in regedit to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetup
and found the SourcePath registry string and it is pointing to D:

Do you suggest I change this to C: and then attempt to run the sfc/ scannow if you assume maybe it will find any files missing or corrupted and replace them with ones from the I386 folder?

If I do change this SourcePath from D: to C: will I have to reboot the pc as the author indicates?

The only reason Im asking is I hate to shutdown the PC due to the fact it is so darn hard to get it back up & running even in VGA mode as it is now.

But I will if I have to, so the registry change will be recognized by the system.

I will wait until I hear back from you before attempting anything !

Regards

Edited by Harley11407, 30 July 2007 - 09:11 AM.

#9 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 30 July 2007 - 05:22 PM

The logs are showing you have quite a practice of adding and using different downloaded software, as well as torrent/ripping/burning software that too often show on infected systems. Right off I would ask that you give this procedure of us reviewing here a chance before adding even more. Providing you with details on each service/driver/file you either select as unfamiliar or no longer necessary is, very honestly, beyond the scope of what I might assist with here. But we can see if malware is at fault and make those repairs, and if I do see other issues I recognize as corrections to be made I will surely address those as well.

There are some signature firewall changes often seen brought by infection, and it looks like some altering of some core file associations as well, so let's correct that and get a decent scan in now.


The following show as installed. Each of these can bring "havoc" blocking functions and processes, and all on one system, if active, can bring about changes over time that would be hard to unravel. Disable any of these and any prtections they cause to keep them out of the way while we do repairs please.

Folder Guard
WinGuard Pro
Lock Folder XP
Lock My PC


Right click Here and select Save Target As (Firefox Save Link As) and save UnHookExec.inf to your Desktop.

Then right-click on UnHookExec.inf and select Install.



Then Go to Start - Run, type firewall.cpl (and Enter). Click the Exceptions tab. If the following item(s) is present on that list click to hilight it, and select "Delete", and OK to close the Windows Firewall display. One for the Voice test is only questionable, but if needed you can add this again later, but the other two do not require this exception access.

"C:\WINNT\system32\dpvsetup.exe"
"C:\WINNT\system32\rundll32.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"



Then make sure any active monitoring protective software is disabled, and Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Please post the combofix.txt log back here.

#10 Harley11407

Harley11407

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 31 July 2007 - 07:33 AM

Jintan, I did exactly as you stated in your last reply and as the combofix.exe was running I walked away from the pc so as not to accidently touch the keyboard or mouse, and when I came back the PC was attempting to shutdown and was froze at the savings your settings phase. I went ahead and manually shutdown with the power button on the pc and rebooted in F8/ VGA Mode and the combofix program window came up and commenced creating the log file which is below:

I did check the exceptions tab in the firewall and the only exceptions listed now are these:

FILE AND PRINTER SHARING =Has a check by it.
UPNP FRAMEWORK = Has a check by it.
Remote Desktop= Does not have a check by it.

Also I have NOT been installing or uninstalling software applications for around a yr. now. I used to be involved in torrent sharing but havent done that in over a year now. And when I did I was a member of a private club that made sure ALL torrents were virus, spyware,& malware clean before even allowing the file to be shared as it was also screened by the admins before being posted for sharing.

BTW, I did uninstall three of the four Folder guard apps you suggested could cause a problem before doing these last tests for you. I only left the Lock Folder 3.2 installed.

Here is the combofix log:

ComboFix 07-07-30.2 - "Owner" 2007-07-31 8:03:14.1 [GMT -5:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\DOWNLO~1.\ODCTOOLS


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NM
-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))


2007-07-31 08:02 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-30 08:35 <DIR> d-------- C:\Deckard
2007-07-30 08:04 <DIR> d-------- C:\Program Files\SpeedFan
2007-07-28 20:04 23,600 --a------ C:\WINNT\system32\drivers\TVICHW32.SYS
2007-07-28 19:48 <DIR> d-------- C:\WINNT\LastGood.Tmp
2007-07-28 13:52 <DIR> d-------- C:\WINNT\nview
2007-07-28 13:51 <DIR> d-------- C:\NVIDIA
2007-07-28 13:42 <DIR> d-------- C:\NVIDIA(2)
2007-07-28 13:23 <DIR> d-------- C:\WINNT\nview(2)
2007-07-28 10:40 7,864,320 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-07-28 09:02 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-22 22:59 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-07-21 21:39 <DIR> d-------- C:\Program Files\MSECACHE
2007-07-21 21:37 <DIR> d-------- C:\WINNT\SxsCaPendDel
2007-07-20 19:20 <DIR> d-------- C:\Program Files\UPHClean
2007-07-20 18:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SIL\APPLIC~1\MSN6
2007-06-26 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-06-26 10:57 208,896 --a------ C:\WINNT\system32\NVUNINST.EXE
2007-06-26 10:57 208,896 --a------ C:\WINNT\system32\nvudisp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-31 08:11 1121 --ahs---- C:\WINNT\system32\mmf.sys
2007-07-31 08:05 384 --a------ C:\WINNT\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10021102}.dat
2007-07-31 08:05 384 --a------ C:\WINNT\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10021102}.dat
2007-07-30 20:46 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 20:45 --------- d-------- C:\Program Files\Recover My Photos
2007-07-30 20:39 --------- d-------- C:\Program Files\LMPC3
2007-07-30 20:36 --------- d-------- C:\Program Files\Video-AVI to GIF Converter
2007-07-20 15:43 --------- d-------- C:\Program Files\PCBugDoctor
2007-07-20 13:03 1324 --a------ C:\WINNT\system32\d3d9caps.dat
2007-07-18 12:11 38567 --a------ C:\WINNT\system32\pcpbios.exe
2007-06-29 10:07 --------- d-------- C:\Program Files\FaceOnBody
2007-06-28 12:20 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-06-28 09:51 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\MSN6
2007-06-26 10:11 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\ATI
2007-06-03 09:39 --------- d-------- C:\Program Files\Ontrack
2007-06-03 08:01 --------- d-------- C:\Program Files\AimOne_AlltoMP3
2007-06-03 07:57 --------- d-------- C:\Program Files\Canon
2007-06-03 07:47 --------- d-------- C:\Program Files\GetSmile
2007-05-31 11:23 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\LimeWire
2006-12-08 14:16 1940 --a------ C:\DOCUME~1\Owner\APPLIC~1\ViewerApp.dat
2006-08-11 11:19 64512 --ah----- C:\DOCUME~1\Owner\APPLIC~1\dach100.dll
2004-12-02 12:44 2352 --a------ C:\DOCUME~1\Owner\APPLIC~1\mpauth.dat
2004-05-20 00:13 1815 --a------ C:\DOCUME~1\Owner\APPLIC~1\D - LITE-ON - DVDRW LDW-411S - FS0J.dat
2004-05-20 00:13 1622 --a------ C:\DOCUME~1\Owner\APPLIC~1\E - MATSHITA - DVD-ROM SR-8588 - 7Z11.dat
2004-05-20 00:13 1613 --a------ C:\DOCUME~1\Owner\APPLIC~1\G - AXV - CD-DVD-ROM - 2.2a.dat
2003-06-01 13:46 8224 --a------ C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-01-09 13:10 30081 --ah----- C:\Program Files\fiz20
2003-01-09 12:13 30020 --ah----- C:\Program Files\fiz19
2003-01-09 10:52 30099 --ah----- C:\Program Files\fiz18
2003-01-07 23:57 30039 --ah----- C:\Program Files\fiz17
2003-01-07 17:54 30034 --ah----- C:\Program Files\fiz16
2003-01-07 02:32 30069 --ah----- C:\Program Files\fiz15
2003-01-06 11:16 30004 --ah----- C:\Program Files\fiz14
2003-01-05 17:25 30019 --ah----- C:\Program Files\fiz13
2003-01-05 16:53 30087 --ah----- C:\Program Files\fiz12
2003-01-05 01:11 30099 --ah----- C:\Program Files\fiz11
2003-01-04 14:28 30040 --ah----- C:\Program Files\fiz10
2003-01-04 13:50 30004 --ah----- C:\Program Files\fiz9
2003-01-04 13:07 30015 --ah----- C:\Program Files\fiz8
2003-01-03 17:42 30044 --ah----- C:\Program Files\fiz7
2003-01-03 12:08 30095 --ah----- C:\Program Files\fiz6
2003-01-01 20:29 30077 --ah----- C:\Program Files\fiz5
2002-12-19 16:58 30064 --ah----- C:\Program Files\fiz4
2002-12-18 23:10 30088 --ah----- C:\Program Files\fiz3
2002-12-17 01:01 30154 --ah----- C:\Program Files\fiz2
2002-12-16 16:59 30130 --ah----- C:\Program Files\fiz1
2002-07-26 18:02 153088 --a------ C:\Program Files\UNWISE.EXE
2005-04-08 05:41:04 1,121 --sha-w C:\WINNT\system32\mmf(10).sys
2005-04-08 03:01:51 1,121 --sha-w C:\WINNT\system32\mmf(11).sys
2005-04-08 05:55:45 1,121 --sha-w C:\WINNT\system32\mmf(12).sys
2005-04-08 06:00:48 1,121 --sha-w C:\WINNT\system32\mmf(13).sys
2005-11-02 23:12:03 1,121 --sha-w C:\WINNT\system32\mmf(14)(2).sys
2006-01-10 01:29:21 1,121 --sha-w C:\WINNT\system32\mmf(14)(3).sys
2005-10-31 19:21:04 1,121 --sha-w C:\WINNT\system32\mmf(15)(4).sys
2006-01-07 14:35:32 1,121 --sha-w C:\WINNT\system32\mmf(15)(5).sys
2004-04-02 18:37:52 1,121 --sha-w C:\WINNT\system32\mmf(7)(17).sys
2004-03-31 01:42:17 1,121 --sha-w C:\WINNT\system32\mmf(7)(18).sys
2004-03-30 23:15:59 1,121 --sha-w C:\WINNT\system32\mmf(7)(19).sys
2004-05-28 14:16:11 1,121 --sha-w C:\WINNT\system32\mmf(7)(20).sys
2005-03-18 19:06:41 1,121 --sha-w C:\WINNT\system32\mmf(7).sys
2004-04-02 18:26:58 1,121 --sha-w C:\WINNT\system32\mmf(8)(10).sys
2004-03-29 23:44:10 1,121 --sha-w C:\WINNT\system32\mmf(8)(11).sys
2005-03-18 14:44:31 1,121 --sha-w C:\WINNT\system32\mmf(8).sys
2005-04-08 05:49:00 1,121 --sha-w C:\WINNT\system32\mmf(9)(11).sys
2005-04-08 05:49:00 1,121 --sha-w C:\WINNT\system32\mmf(9).sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" [2002-04-18 19:32 C:\WINNT\system32\PROMon.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINNT\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-23 14:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINNT\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINNT\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeAlarm]
C:\Program Files\Chameleon Clock\ChamClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search and Recover Disk Image Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speaking Clock Deluxe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyStopper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCleaner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tray Temperature]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tukati:1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwSecSvc"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

R0 IdeBusDr;IdeBusDr;C:\WINNT\system32\DRIVERS\IdeBusDr.sys
R0 IdeChnDr;Intel® Ultra ATA Controller;C:\WINNT\system32\DRIVERS\IdeChnDr.sys
R0 snapman;Acronis Snapshots Manager;C:\WINNT\system32\DRIVERS\snapman.sys
R0 speedfan;speedfan;C:\WINNT\system32\speedfan.sys
R0 SSI;SSI;C:\WINNT\system32\Drivers\SSI.SYS
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINNT\system32\DRIVERS\timntr.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINNT\system32\drivers\cdrbsdrv.sys
R1 MBMIoDrvr;mbmiodrvr;\??\C:\WINNT\System32\mbmiodrvr.sys
R1 PCLEPCI;PCLEPCI;\??\C:\WINNT\System32\drivers\pclepci.sys
R1 Sk9920nt;PS/2 Keyboard Filter Driver for NT 4.0;C:\WINNT\system32\DRIVERS\Sk9920nt.sys
R2 ElbyCDIO;ElbyCDIO Driver;C:\WINNT\system32\Drivers\ElbyCDIO.sys
R2 hmonitor;hmonitor;\??\C:\WINNT\system32\drivers\hmonitor.sys
R2 lf;lf;\??\C:\Program Files\Lock Folder XP 3.2\UniShieldXP.sys
R2 LicCtrlService;LicCtrl Service;C:\WINNT\runservice.exe
R2 NMSSvc;Intel® NMS;C:\WINNT\System32\NMSSvc.exe
R2 RioPNP;RioPNP;C:\WINNT\system32\drivers\RioPNP.sys
R2 Sentinel;Sentinel;C:\WINNT\system32\Drivers\SENTINEL.SYS
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINNT\system32\DRIVERS\tifsfilt.sys
R2 xinstall;xinstall;\??\C:\WINNT\System32\drivers\xinstall.sys
R3 ctgame;Game Port;C:\WINNT\system32\DRIVERS\ctgame.sys
R3 E100B;Intel® PRO Network Connection Driver;C:\WINNT\system32\DRIVERS\e100b325.sys
R3 GTWModem;GTW V.92 Voicemodem;C:\WINNT\system32\DRIVERS\GWMDM.sys
R3 LMPC2;LMPC2;C:\WINNT\system32\drivers\LMPC2.sys
R3 MarvinBus;Pinnacle Marvin Bus;C:\WINNT\system32\DRIVERS\MarvinBus.sys
R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINNT\system32\drivers\NMSCFG.SYS
R3 Pcouffin;Low level access layer for CD devices;C:\WINNT\system32\Drivers\Pcouffin.sys
R3 Sk99202k;PS/2 Keyboard Filter Driver for Win2000;C:\WINNT\system32\DRIVERS\Sk99202k.sys
R3 wanatw;WAN Miniport (ATW);C:\WINNT\system32\DRIVERS\wanatw4.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINNT\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINNT\system32\drivers\WmXlCore.sys
S1 ATITool;ATITool Overclocking Utility;C:\WINNT\system32\DRIVERS\ATITool.sys
S2 CDRPDACC;Arrowkey Device Access;\??\F:\Program Files\321Studios\Shared\CDRPDACC.SYS
S2 DVR2INS;ADS Instant DVD 2.0;C:\WINNT\system32\Drivers\dvr2ins.sys
S3 AGBFMON;AGBFMON;C:\WINNT\system32\drivers\AGBFMON.sys
S3 AnyDVD;AnyDVD;C:\WINNT\system32\Drivers\AnyDVD.sys
S3 ASAPIW2k;ASAPIW2K;C:\WINNT\system32\drivers\ASAPIW2k.sys
S3 ATIAVAIW;ATI T200 Unified AVStream service;C:\WINNT\system32\DRIVERS\atinavt2.sys
S3 BCMModem;BCM V.90 56K Modem;C:\WINNT\system32\DRIVERS\BCMDM.sys
S3 C-Dilla;C-Dilla;\??\C:\WINNT\System32\drivers\CDANT.SYS
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 MxlW2k;MxlW2k;C:\WINNT\system32\drivers\MxlW2k.sys
S3 PcdrNt;PcdrNt;C:\WINNT\system32\drivers\PcdrNt.sys
S3 RadProbe;Radeon Probe Driver;C:\WINNT\system32\DRIVERS\RadProbe.sys
S3 SaiNtHid;SaiNtHid;C:\WINNT\system32\DRIVERS\SaiNtHid.sys
S3 Sntnlusb;Rainbow USB SuperPro;C:\WINNT\system32\DRIVERS\SNTNLUSB.SYS
S3 TVICHW32;TVICHW32;\??\C:\WINNT\system32\DRIVERS\TVICHW32.SYS
S3 usbcm;USB Cable Modem 351000 NDIS Driver;C:\WINNT\system32\DRIVERS\usbcm.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys
S3 VNUSB;VN Series Device;C:\WINNT\system32\DRIVERS\VNUSB.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINNT\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINNT\system32\drivers\WmVirHid.sys

*Newly Created Service* - NMSCFG
*Newly Created Service* - NMSSVC

Contents of the 'Scheduled Tasks' folder
2006-11-29 02:58:19 C:\WINNT\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1156800542.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 08:10:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\TP\23]
"DisplayName"="\x3e94\23\x40cc\23"
"DeviceDesc"="\x3e94\23\x40cc\23"
"ProviderName"=""
"MFG"="\x435c\x616c\x7373\"
"ReinstallString"="C:\WINNT\System32\ReinstallBackups\\x5054\23\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"7-88-030430m-008946c-efg\2kxp_inf\cx_08946.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\XP\23]
"DisplayName"="\x3e98\23\x40d0\23"
"DeviceDesc"="\x3e98\23\x40d0\23"
"ProviderName"=""
"MFG"="\x435c\x616c\x7373\"
"ReinstallString"="C:\WINNT\System32\ReinstallBackups\\x5058\23\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"7-88-030430m-008946c-efg\2kxp_inf\cx_08946.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG06.00.00.01WORKSTATION"="B76C2AAB48686E974AB8EF4601CF755A50D5CEBF9ECB88E24994E780A71E640B0D4A9EA8C03
E84DD930FE79FDE97F9669922888C3F4926021514BC63DF8941DC8353852594997F5D5080218E4BE
FD6C70B27CE24FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEB
9E127BECC74CFEBC9E127BECC74C9DB7CE019D40AA5CA9C6AECB7A5D1407A9C6AECB7A5D14078EDD
E5BE2F6E667385314D8F77FFBCF28CC19849F0CB9FCAAF62DB07FCE9A0988AF7F76F0D879A84EDA3
41DDE34F0F178C97ACAC7E201420B6B17304CBC367B078B961D8527C505B6EF0E5CED955037C9F75
96AD75BFD186ADBB891F3A10680952142598E159BCE5F63DD29661E1BAD286D67AC401AD46EA4956
0EAE1F44F4AAEC9B8E550B54EB01B3E460D1ED2AD24B2EFBD9A1BD12517BBB94F7A6586961DEC491
AB35926CBACF8D5F8A93E66E733DA1D6E29DB16400B1B655ECB221C6C5E45ECF2F8B0A3D73FBDB48
403BEA400E8BA5F8C8BDA391707A33665102E89158011940B974435198FD26CDA9C434FD8C4B941D
7E0E1F0CE1274C62D33401E807AA901CD3BDBCC1DAD757A3F70A61BE3170C127076DCD9CC0B44CD1
A3F6378E2E5235D1D12DB0B6B18F6B1E060764CF64D32230E404201588645A1BF5C4D03E06EBF126
6D6B9D1E48689288281798B18D62EF845AAE7D69CB7616F0046B7CF6574616D9D5F765E151052819
A351DA8E232891E587AA44D046699F4E7D0A851F0BC012EEB0CB5183855A13A55FB202966C1904C5
6389220BB12F61DCBB9A87DF4613E441771236767470B498ABBCAF2899A9E1E3830FE7A680983607
10033E9B27E2EFC3F25169D4D15A4D615C03DBF5DBF255ED0B47C340131A3E3925E5908C0E34F24C
05CA894C9B53381597DF9CE22D68A218F2DD55A0951111468249A77A0AA86AADBC737901196AEECC
0EED59C2660FFA5DF77A74578367021E95F532810115BD009C1BD61EB9A98AA18FCBF9297DE70DE4
2726CFDD005595A96AE34E5393FC3F5E74D19F921BEA499DE97BDD4404E48ED6B72C6109B5E590B8
C59C161756636F3BBC2EC4123FE9C95E4FD15A13310790B5222C388A1FA06CC531A9F12264A66F29
B8EB014AFEB1A72E08A5FA03203BAA61E67308BA53292C159C2E727A4F9CC4C4F5982F4C821C7862
5E9FD7A45B2F99F3E94ACA057964619AEF7EB485B034C012CE14C6F665638710E76AE9939403EEAA
5E83C82C11C9747DDCE21AAFD2725525756DE5A75D2E6CF66244EBC15A006B8B3869719BA48D4A35
8603EB7C76A1C1FAC954C8F4CD99AE3BC23D91A844C80B10AD58F779CC146863E53755A8CA5C0667
5864968DF9B5E70D037377E809E0159FE3C0175DE4F4309445EA5652103396F331619BCEC68052E6
7B072ABB79EDB5AFC64C8D8A8555"
"OODLED02.00.00.02WSSV"="B3F6CB623FD1C252A37E5A3DC711B9322845C484103A719CB1667C23A6E2145B0AF9C6179D0
D81F1FC4B787663347B655B2B823AC400E926FA6A64F422DDBA68511FDAB9D14DB0A8B628F5F6C83
3F26842503C2E9B15831723B0AD6688E0D9E71588F856475E7F3D7C93D04F38751D6406F4308E028
07FE795B922EC8CF13F8D1A3EA2434D4438AAC17FCCB3DEB3A530435F7895BCE09803D0F6B787337
48106AD02269A966B4FFE9499E232D827C135439C2245B24BF8F6D4B565BF09B1FEBC9E127BECC74
FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C
EDD5E5BE2F6E667A2D97226D213B555BA7FD869164D6794BA7FD869164D6794C492C8C81F8B53869
EF24EA56C56412BC6C1E946C55A6C6C704A4D514F766A400E74E5707626460E051F40977EEB7BF8D
8E0A68FA5BC3BCEA2017FFA121E7EB4A035220C64E32A36972B42E3E61272E8C0C78235C56501C7B
A0FD921D88B20AEC89AAC964721D897F2A0ED41FC26A39D2AD3659E0347C2A7878903524A1E9A673
8881BEC18C5523E78F548BDF5B7652D12613A5D22627116A00F02E7CB9EB8CDD26524393D059079C
1C011BBFC0DF2498B75B4E0BBE9EADD6E0DEDB4B22EE0B900047BA320E44CDD3B184C6183F19800B
1038030EF33587A04F326CA9600AC4A2AAE15296BF347237D1D7FD9BF077D531DBDF136A8B89B918
ACA3D7F42329BDC947213779A96BC45DD9BDC5A627CA82F759D3A370B8F6C416396362091669CD59
36CD669F131743F0C28FCA7F40D4C196A0FE5214559E1E38D2941F1184C00E817B5683FDD0312A5C
9E08CC74DC0996C73CCEE9EF29D741E26CAC236F237D977B72AC5306BF9E28EC3153F42D45339C0B
A10CDD13F3D8DB4D7C265E335941EEDCA4B53803AC2739326AD51A946EB6D94DCC4228668C9BEC2C
845542BBB646301CCC406E39C74522F5C866F655F55B8789E794AC65DB5D905CD7605BE3FB6DC676
0EEED799EF03CCF3E9028D83B514B1AD821E76CF288685007CA83D19B867A9E198728A958DE4C150
FAD42D45488B2F5E9BE1A5B4EF55A2BC2E931AF497D88BEC07C36A2C898159872997A34652B4189F
BC32D6A5927040CF367C609BB34EBB63DEFD57500CC687EEE0EFE90137DDF29CA3F15001E72D76BD
6156FEA01F9FF350DD74B365663E14F85CF69BC3DABC6BC786E207AB1034327E65BA2008753A08B8
4C78872C50ED3C227B805AF089F3AC6510FB3021BE69FBE5B59D8C8D185B7C35BC0BBF1AA3B2E201
E30CB7852ACE3DDB07DF38F2ED53D9B08DBDCC18FD3010E1C6B7C197E075B4650C145094B3C47666
B87773DFC545ED52483936B527D9518358B56D24B617A3AB9A481BD451D1133D04CFB62FB8B313F5
832E3569131A45DB6BB6E47D8DC0"
"OODEFRAG08.00.00.01WORKSTATION"="1943D3C849F34F4FF05EBB134FE73D7B0013A05D7EAD6446657FC2129D6ECB8BB2EFA8D901B
11F6E58AA18B436277D2E2BF6168138683AF8F1CA4A68A97AC5BED5A66529B0E9A20D5CDA5F30A00
45DB09D3E91F4FB3E6B52485079F04046CC55FDB35EB635A6B794CC7E44594052E7A5941FBF11E4B
C0F24FFE7C17B65747D82E3B9D91923462DA7EE96B09BAEFFEBC9E127BECC74CFEBC9E127BECC74C
EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A
D97226D213B555BA7FD869164D6794BA7FD869164D67946B4128179938DD58B1EACB25EB757F040A
18089FBD184D463D703E7C227226B0F5E4B03F6DE65320CD2F77C3A7243B19802052F9871F8E9171
D11450A0B841C2A1803A72213006323894CA4BA8D5FCB0CFF420A1D3897A5D9FAEF145F8829623CF
07FE59517EAFC2C8FE3C2CA46DB87E283E2AAE2990168DBAFD53FF0D7868317181A9C79863A7BA1A
213CAA348C0A19BA0037AB9E3923B9C499D1F0A36FE8840BD3562C7D1470F2FE5CC244D48E5733F3
34360A42627042B1D8402E4F20B8D2FFBC831905CD1DA7676D732F2A543D8DF7D3DD7C70BC8E87AB
D1552F77D9881CE41A30E8B94A79CE53F0B66BD955108103058ABBF209FB1967A8BC2927F5B0C165
676C19739D41C5976362EF64948332DF297462A22B146FE6CAE0E6F35A4E058BFF16CA3AE544475C
B9418F0DD29D1850BF42410065907274C52E0320E98F1C28394D5375C40316AFEDBEF3466442E4D9
A1D8E43565E368A426CD7F4E6B7931802DADB8356E5AFF9A252404C9674B8C29F59A9C125E73CED8
BF2925E696A4FBA7A3398A1D51BADC4FBFCD28E75CBA320F0DF0025A3A80539933735619BDBAB3AC
62BEB127AB0060CD93D9C39F5183F0A630541DEB580DFA5667A6212144513337733BE11EC9216140
F31C4E8F037A061ACB71808E3EB0FA0DC256C7D2356103001ACBDB86E3A1C95099CCD2CD2D641D83
D35F34E3ED20BED97F3950801DC093B6A1394FBAC32B1BB998B532AD2F48D055865CD520A49EC648
30BB1425B3541BF3484552F74574F1A467C0EC2E14B81BBC8E884AB00CDB5F63B45EAE9F0B19A148
E5AE5D5CA602BAE25F0B87FA025D18F72833CC286B7634160826072F92FE83FC32363D9A8643670B
1D010D6CFBCC8A0400FE569602867DC21687250D129CF475D54F9A3896F3E5D3E20C9F3E8CC02A6D
5C0058F627433A266564143637CC7E4087F36452F594ECFC376024F46F9300A7D02EB39A26B4779A
D15692E45E5AC9399FC9910C702EC3A4B086CD4155A16AF618ADCDB3C0DEF2735377E18028158F48
DFA52AD55CDF54FFD015C37C5C7D2E32B6E7C27D9E27442093A8C3F5822D1F9FB6F30B7BABAE1F1F
4A90845130BCFBB7D9E8B233038F"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-31 8:14:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-31 08:13

--- E O F ---

Edited by Harley11407, 31 July 2007 - 07:42 AM.

    Advertisements

Register to Remove

#11 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 31 July 2007 - 10:18 AM

Very unusual log info showing here. A registry setting new to me - disables notifications when this system gets mass distribution downloads while on a network - is your computer a work computer or part of a network? Also new services related to your NIC card and it's net functions. Related to some of those recent changes you made? And new eLicensing activity as well, though another I am not familiar with when it comes to malware assessment issues. The system does have the LicCtrl Service - often indicates running some game or copyrighted action (CD etc.) Let's allow a solid scan to see if any of this now is actually malware related. We'll have to see if that Lock Folder software doesn't cause problems - it basically loads as a rootkit and so some tools/scans may have issues with it.

I realize some of the wording I am using may come off as a bit harsh, but after seeing thousands of system logs your system's setup shows as one that has undergone more changes/alterations/adds/subtracts of software and files and registry activities than most others I have reviewed. If this were my personal computer I would be considering reinstalling, just to get a fresh start of things (and without all the stealth lock/encrypt/block software interfering). It is most difficult to see through all the change to truly assess which is friend or foe.




Go to Start -> Run -> type regedit (and OK)

Go to File->Export and save the registry somewhere as a backup (not to a temp folder). If the following steps lead to difficulties afterwards you can use this backup to restore the registry.



Still in the Registry Editor, navigate to the following key(s) and perform the actions indicated:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

In the right column, locate the following "Name", right click on it, and select "Delete". Repeat this for all items listed. Then close the Registry Editor.

"C:\\WINNT\\system32\\dpvsetup.exe"
"C:\\WINNT\\system32\\rundll32.exe"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"



Then Go here and download the free version of SUPERAntiSpyware and install it.

After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.

Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).

Start-up Options:
*Start SUPERAntiSpyware when Windows starts

Automatic Updates:
*Check for program updates when the application starts.

Start-up Scanning:
*Check for updates before scanning on startup.

Then select Close. Don't scan just yet though.


===============================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode). I am not sure what access you have now but Safe Mode is preferred for this scan.


Open SUPERAntiSpyware and click the Scan your Computer button. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.


SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here please.

Edited by Jintan, 31 July 2007 - 10:19 AM.

#12 Harley11407

Harley11407

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 31 July 2007 - 12:26 PM

Still in the Registry Editor, navigate to the following key(s) and perform the actions indicated: CODE[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] In the right column, locate the following "Name", right click on it, and select "Delete". Repeat this for all items listed. Then close the Registry Editor. "C:\\WINNT\\system32\\dpvsetup.exe" "C:\\WINNT\\system32\\rundll32.exe" "C:\\Program Files\\Internet Explorer\\iexplore.exe" Jintan, Can I just simply export the registry backup to the desktop? Also will deleteing these strings in the registry prevent me from accessing the internet and running any apps before I go to your next step of d\l and installing the antispyware program? The pc is simply a single home desktop setup on a broadband connection thru Roadrunner at this time fixing to be switched over to the Comcast server soon. Comcast may have done something in the network getting ready for this transition from Roadrunner to the Comcast server that your seeing. I have no clue. I also do use the free AOL 9.0 as my primary e-mail client but it still runs thru the Roadrunner client server at this time before the switch to Comcast. Running the free version of AVG 7.5 with resident shield and using the SP2 Firewall. I should be able to boot up in Safe mode with networking as I have done this recently and it worked. Regards

Edited by Harley11407, 31 July 2007 - 12:35 PM.

#13 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 31 July 2007 - 03:15 PM

You don't want to save anything you need for recovery on your desktop - even a simple scheduled desktop cleanup tool can remove it. Also your desktop is more an interactive user's console, and storing large files there bogs down functions 9reason for only using desktop shortcuts). Internet Explorer (browsers in general) has a net access independent of the firewall, so when it shows as an exception it is not supposed to need that - often a method used by infection. Same with the other files - the speech one is suspect, and you can return that if needed, and the other is used to run .dll's as executables, and is highly suspect when it has firewall permissions. Infection, if active in Safe Mode, would also like you to boot into Safe Mode with Networking. We won't make progress unless you go along with the steps as suggested. If you question and ask for details for each step I really am not sure how much I will be able to assist you here.

#14 Harley11407

Harley11407

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 31 July 2007 - 03:37 PM

No problem, I will export the total registry backup to the documents section and do or attempt to perform the steps you have outlined. The only reason I mentioned booting up in Safe Mode with networking is the fact that a few months back the pc would not bootup in normal safeboot but only safemode with networking. So I always just disconnected my modem when booting up in safemode with networking just in case there was an infection. Regards

#15 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 31 July 2007 - 07:59 PM

I had never thought of it that way doing Networking but disconnecting. But /w Networking adds services that infection may take advantage of - we really want to keep Safe Mode simple, so we can catch infection during idle time.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·