Cant seem to get this off my computer. "cbxwxvts.dll"
Every 15-30 mins my virus detector goes off with a new virus which I quarantine and delete but the program that keeps downloading them I cant seem to get rid of. Im assuming its this BHO that shows up in my HJT Log as C:\WINDOWS\system32\cbxwxvts.dll. HJT cant seem to get it off and neither does Combofix. Ive run AVG, Lavasoft and Spybot SD and they all come back clean. For the most part it just seems to download programs which my virus program seems to catch but occasionally a blank IE window pops open. HJT and ComboFix Logs attached.
0
Comments
When first run ComboFix causes the system to pop off two loud beeps, then posts a warning indicating it should not be run unless it is part of steps in a forum request. The beeps made me jump when I trialed it that first time those were added. I reckon it just isn't stopping folks from doing a system kamikaze move and running it anyway though.
Tougher to step in when someone has decided to do their own repairs, but let's see what all is there now. Please go ahead and post the logs you have directly in the forum thread here, and we'll start whatever repairs are needed.
Scan saved at 10:45:04 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Documents and Settings\Berto\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\cbxwxvts.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: cbxwxvts - C:\WINDOWS\SYSTEM32\cbxwxvts.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 8706 bytes
First follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps, including the required reboot.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Download SDFix.exe and save it to your desktop.
Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now.
===================================================
Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).
In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.
Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.
=============================
After the reboot reconnect to net access and Download Malwarebytes' Anti-Malware from Here or Here.
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
============================
Then Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):
"%userprofile%\desktop\dss.exe" /config
When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:
System Restore
Temp Cleanup
Process Modules
Then under Options, place a check next to the following:
Backup Registry Hives
Don't make any other changes at this time. Then click the "Scan!" button to start the scan.
Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)
Post those along with the MBAM log and the SDFix report.txt log please.
Run by Berto on Sun 04/20/2008 at 01:33 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFIX\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Malwarebytes' Anti-Malware 1.11
Database version: 599
Scan type: Full Scan (C:\|)
Objects scanned: 89346
Time elapsed: 30 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP40\A0004416.exe (Adware.Rabio) -> Quarantined and deleted successfully.
Deckard's System Scanner v20071014.68
Run by Berto on 2008-04-20 14:38:25
Computer is in Normal Mode.
Backed up registry hives.
-- HijackThis (run as Berto.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:09 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Berto\desktop\dss.exe
C:\DOCUME~1\Berto\Desktop\Berto.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\cbxwxvts.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: cbxwxvts - C:\WINDOWS\SYSTEM32\cbxwxvts.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 8009 bytes
-- File Associations
.bat - batfile - DefaultIcon - %SystemRoot%\System32\shell32.dll,-153
.bat - batfile - shell\open\command - "%1" %*
.bat - batfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1
.cmd - cmdfile - DefaultIcon - %SystemRoot%\System32\shell32.dll,-153
.cmd - cmdfile - shell\open\command - "%1" %*
.cmd - cmdfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1
.chm - chm.file - DefaultIcon - C:\WINDOWS\hh.exe,0
.chm - chm.file - shell\open\command - "C:\WINDOWS\hh.exe" %1
.com - comfile - DefaultIcon - %SystemRoot%\System32\shell32.dll,2
.com - comfile - shell\open\command - "%1" %*
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.exe - exefile - DefaultIcon - %1
.exe - exefile - shell\open\command - "%1" %*
.hlp - hlpfile - DefaultIcon - %SystemRoot%\System32\shell32.dll,23
.hlp - hlpfile - shell\open\command - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - DefaultIcon - %SystemRoot%\System32\shell32.dll,-151
.inf - inffile - shell\open\command - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - DefaultIcon - %SystemRoot%\System32\shell32.dll,-151
.ini - inifile - shell\open\command - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - DefaultIcon - %SystemRoot%\System32\WScript.exe,3
.js - JSFile - shell\open\command - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - CLSID - {00021401-0000-0000-C000-000000000046}
.pif - piffile - shell\open\command - "%1" %*
.reg - regfile - DefaultIcon - %SystemRoot%\regedit.exe,1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.reg - regfile - shell\edit\command - %SystemRoot%\system32\NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - %SystemRoot%\system32\shell32.dll,-152
.txt - txtfile - shell\open\command - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - DefaultIcon - %SystemRoot%\System32\WScript.exe,2
.vbs - VBSFile - shell\open\command - %SystemRoot%\System32\WScript.exe "%1" %*
.vbs - VBSFile - shell\edit\command - %SystemRoot%\System32\Notepad.exe %1
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys <Not Verified; Microsoft Corp., Veritas Software; VERITAS® NT Disk Manager>
R0 dmload - c:\windows\system32\drivers\dmload.sys <Not Verified; Microsoft Corp., Veritas Software.; Logical Disk Manager for Windows NT>
R0 DRVMCDB - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; Sonic Solutions; >
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 iastor (Intel AHCI Controller) - c:\windows\system32\drivers\iastor.sys <Not Verified; Intel Corporation; Intel Matrix Storage Manager driver>
R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 MountMgr - c:\windows\system32\drivers\mountmgr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 Mup - c:\windows\system32\drivers\mup.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 PartMgr - c:\windows\system32\drivers\partmgr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 PCIIde - c:\windows\system32\drivers\pciide.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 VolSnap - c:\windows\system32\drivers\volsnap.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 AFD - c:\windows\system32\drivers\afd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 AVG Anti-Spyware Driver - c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
R1 AvgAsCln (AVG Anti-Spyware Clean Driver) - c:\windows\system32\drivers\avgascln.sys <Not Verified; GRISOFT, s.r.o.; AVG7 Clean Driver>
R1 Beep - c:\windows\system32\drivers\beep.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 DLACDBHM - c:\windows\system32\drivers\dlacdbhm.sys <Not Verified; Sonic Solutions; >
R1 DLARTL_N - c:\windows\system32\drivers\dlartl_n.sys <Not Verified; Sonic Solutions; >
R1 ELhid - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELkbd - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmon - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmou - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 Fips - c:\windows\system32\drivers\fips.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 i2omgmt - c:\windows\system32\drivers\i2omgmt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Msfs - c:\windows\system32\drivers\msfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Npfs - c:\windows\system32\drivers\npfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Null - c:\windows\system32\drivers\null.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Rdbss - c:\windows\system32\drivers\rdbss.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R1 VgaSave - c:\windows\system32\drivers\vga.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 DLABOIOM - c:\windows\system32\dla\dlaboiom.sys <Not Verified; Sonic Solutions; >
R2 DLADResN - c:\windows\system32\dla\dladresn.sys <Not Verified; Sonic Solutions; >
R2 DLAIFS_M - c:\windows\system32\dla\dlaifs_m.sys <Not Verified; Sonic Solutions; >
R2 DLAOPIOM - c:\windows\system32\dla\dlaopiom.sys <Not Verified; Sonic Solutions; >
R2 DLAPoolM - c:\windows\system32\dla\dlapoolm.sys <Not Verified; Sonic Solutions; >
R2 DLAUDF_M - c:\windows\system32\dla\dlaudf_m.sys <Not Verified; Sonic Solutions; >
R2 DLAUDFAM - c:\windows\system32\dla\dlaudfam.sys <Not Verified; Sonic Solutions; >
R2 DRVNDDM - c:\windows\system32\drivers\drvnddm.sys <Not Verified; Sonic Solutions; >
R2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 Tmfilter - c:\windows\system32\drivers\tmxpflt.sys <Not Verified; Trend Micro Inc.; VSAPI>
R2 Tmpreflt - c:\windows\system32\drivers\tmpreflt.sys <Not Verified; Trend Micro Inc.; VSAPI>
R2 Vsapint - c:\windows\system32\drivers\vsapint.sys <Not Verified; Trend Micro Inc.; VSAPI>
R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - c:\windows\system32\drivers\e1e5132.sys <Not Verified; Intel Corporation; Intel(R) PRO/1000 Adapter>
R3 GEARAspiWDM - c:\windows\system32\drivers\gearaspiwdm.sys <Not Verified; GEAR Software Inc.; CD DVD Filter>
R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys <Not Verified; Windows (R) Server 2003 DDK provider; Microsoft® Windows® Operating System>
R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HTTP - c:\windows\system32\drivers\http.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Modem - c:\windows\system32\drivers\modem.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 nv - c:\windows\system32\drivers\nv4_mini.sys <Not Verified; NVIDIA Corporation; NVIDIA Compatible Windows 2000 Miniport Driver, Version 163.71>
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys <Not Verified; Parallel Technologies, Inc.; Microsoft® Windows® Operating System>
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Srv - c:\windows\system32\drivers\srv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 STHDA (SigmaTel High Definition Audio CODEC) - c:\windows\system32\drivers\sthda.sys <Not Verified; SigmaTel, Inc.; C-Major Audio>
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 usbhub (Microsoft USB Standard Hub Driver) - c:\windows\system32\drivers\usbhub.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 usbscan (USB Scanner Driver) - c:\windows\system32\drivers\usbscan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R4 Cdfs - c:\windows\system32\drivers\cdfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R4 Ntfs - c:\windows\system32\drivers\ntfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S0 PxHelp20 - c:\windows\system32\drivers\pxhelp20.sys (file missing)
S1 Cdaudio - c:\windows\system32\drivers\cdaudio.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S1 rio8drvv - c:\windows\system32\drivers\rio8drvv.sys (file missing)
S1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 catchme - c:\docume~1\berto\locals~1\temp\catchme.sys (file missing)
S3 DMusic (Microsoft Kernel DLS Syntheiszer) - c:\windows\system32\drivers\dmusic.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 E100B (Intel(R) PRO Adapter Driver) - c:\windows\system32\drivers\e100b325.sys <Not Verified; Intel Corporation; Intel(R) PRO Adapter>
S3 ELacpi - c:\windows\system32\drivers\elacpi.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
S3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MHNDRV (MHN driver) - c:\windows\system32\drivers\mhndrv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 npkcusb - c:\nexon\maplestory\npkcusb.sys (file missing)
S3 npkycryp - c:\nexon\maplestory\npkycryp.sys (file missing)
S3 NwlnkFlt (IPX Traffic Filter Driver) - c:\windows\system32\drivers\nwlnkflt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 NwlnkFwd (IPX Traffic Forwarder Driver) - c:\windows\system32\drivers\nwlnkfwd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 Secdrv - c:\windows\system32\drivers\secdrv.sys <Not Verified; Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.; Macrovision SECURITY Driver>
S3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - c:\windows\system32\drivers\wudfpf.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - c:\windows\system32\drivers\wudfrd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 abp480n5 - c:\windows\system32\drivers\abp480n5.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 agpCPQ (Compaq AGP Bus Filter) - c:\windows\system32\drivers\agpcpq.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 Aha154x - c:\windows\system32\drivers\aha154x.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 aic78u2 - c:\windows\system32\drivers\aic78u2.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 aic78xx - c:\windows\system32\drivers\aic78xx.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 AliIde - c:\windows\system32\drivers\aliide.sys <Not Verified; Acer Laboratories Inc.; ALi mini IDE Driver>
S4 alim1541 (ALI AGP Bus Filter) - c:\windows\system32\drivers\alim1541.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 amdagp (AMD AGP Bus Filter Driver) - c:\windows\system32\drivers\amdagp.sys <Not Verified; Advanced Micro Devices, Inc.; Windows (R) 2000 DDK Driver>
S4 amsint - c:\windows\system32\drivers\amsint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 asc - c:\windows\system32\drivers\asc.sys <Not Verified; Advanced System Products, Inc.; AdvanSys SCSI driver>
S4 asc3350p - c:\windows\system32\drivers\asc3350p.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 asc3550 - c:\windows\system32\drivers\asc3550.sys <Not Verified; Advanced System Products, Inc.; AdvanSys PCI Ultra Wide SCSI Driver>
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 cbidf2k - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 cd20xrnt - c:\windows\system32\drivers\cd20xrnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 CmdIde - c:\windows\system32\drivers\cmdide.sys <Not Verified; CMD Technology, Inc.; Microsoft® Windows® Operating System>
S4 Cpqarray - c:\windows\system32\drivers\cpqarray.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>
S4 dac960nt - c:\windows\system32\drivers\dac960nt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dmboot - c:\windows\system32\drivers\dmboot.sys <Not Verified; Microsoft Corp., Veritas Software; VERITAS® NT Disk Manager>
S4 dpti2o - c:\windows\system32\drivers\dpti2o.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 Fastfat - c:\windows\system32\drivers\fastfat.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 hpn - c:\windows\system32\drivers\hpn.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 i2omp - c:\windows\system32\drivers\i2omp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ini910u - c:\windows\system32\drivers\ini910u.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 IntelIde - c:\windows\system32\drivers\intelide.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 mraid35x - c:\windows\system32\drivers\mraid35x.sys <Not Verified; American Megatrends Inc.; MegaRAID Miniport Driver for Windows Whistler 32>
S4 ParVdm - c:\windows\system32\drivers\parvdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 perc2 - c:\windows\system32\drivers\perc2.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 perc2hib - c:\windows\system32\drivers\perc2hib.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ql1080 - c:\windows\system32\drivers\ql1080.sys <Not Verified; QLogic Corporation; Miniport Driver for QLogic ISP PCI Adapters>
S4 Ql10wnt - c:\windows\system32\drivers\ql10wnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ql12160 - c:\windows\system32\drivers\ql12160.sys <Not Verified; QLogic Corporation; Miniport Driver for QLogic ISP PCI Adapters>
S4 ql1240 - c:\windows\system32\drivers\ql1240.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ql1280 - c:\windows\system32\drivers\ql1280.sys <Not Verified; QLogic Corporation; Miniport Driver for QLogic ISP PCI Adapters>
S4 sisagp (SIS AGP Bus Filter) - c:\windows\system32\drivers\sisagp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS (R) NT AGP Filter>
S4 Sparrow - c:\windows\system32\drivers\sparrow.sys <Not Verified; Adaptec, Inc.; Microsoft(R) Windows (R) 2000 Operating System>
S4 sym_hi - c:\windows\system32\drivers\sym_hi.sys <Not Verified; LSI Logic; Microsoft® Windows® Operating System>
S4 sym_u3 - c:\windows\system32\drivers\sym_u3.sys <Not Verified; LSI Logic; Microsoft® Windows® Operating System>
S4 symc810 - c:\windows\system32\drivers\symc810.sys <Not Verified; Symbios Logic Inc.; Microsoft(R) Windows (R) 2000 Operating System>
S4 symc8xx - c:\windows\system32\drivers\symc8xx.sys <Not Verified; LSI Logic; Microsoft(R) Windows (R) 2000 Operating System>
S4 TosIde - c:\windows\system32\drivers\toside.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 Udfs - c:\windows\system32\drivers\udfs.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ultra - c:\windows\system32\drivers\ultra.sys <Not Verified; Promise Technology, Inc.; Promise ultra66 Miniport Driver for WindowsNT>
S4 viaagp (VIA AGP Bus Filter) - c:\windows\system32\drivers\viaagp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ViaIde - c:\windows\system32\drivers\viaide.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AudioSrv (Windows Audio) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 AVG Anti-Spyware Guard - c:\program files\grisoft\avg anti-spyware 7.5\guard.exe <Not Verified; GRISOFT s.r.o.; AVG Anti-Spyware>
R2 Basics Service - "c:\program files\seagate\basics\service\syncservicesbasics.exe" <Not Verified; Seagate Technology LLC; Sync>
R2 Browser (Computer Browser) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 CryptSvc (Cryptographic Services) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 DcomLaunch (DCOM Server Process Launcher) - c:\windows\system32\svchost -k dcomlaunch <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Dhcp (DHCP Client) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 dmserver (Logical Disk Manager) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Dnscache (DNS Client) - c:\windows\system32\svchost.exe -k networkservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ehRecvr (Media Center Receiver Service) - c:\windows\ehome\ehrecvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ehSched (Media Center Scheduler Service) - c:\windows\ehome\ehsched.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ERSvc (Error Reporting Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Eventlog (Event Log) - c:\windows\system32\services.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" <Not Verified; Google; Google Updater>
R2 helpsvc (Help and Support) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 IAANTMon (Intel(R) Matrix Storage Event Monitor) - c:\program files\intel\intel matrix storage manager\iaantmon.exe <Not Verified; Intel Corporation; RAID Monitor>
R2 lanmanserver (Server) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 lanmanworkstation (Workstation) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 LmHosts (TCP/IP NetBIOS Helper) - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 McrdSvc (Media Center Extender Service) - c:\windows\ehome\mcrdsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc32.exe <Not Verified; NVIDIA Corporation; NVIDIA Driver Helper Service, Version 163.71>
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 RemoteRegistry (Remote Registry) - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 RpcSs (Remote Procedure Call (RPC)) - c:\windows\system32\svchost -k rpcss <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Schedule (Task Scheduler) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 seclogon (Secondary Logon) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SENS (System Event Notification) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ShellHWDetection (Shell Hardware Detection) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 srservice (System Restore Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SSDPSRV (SSDP Discovery Service) - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 stisvc (Windows Image Acquisition (WIA)) - c:\windows\system32\svchost.exe -k imgsvc <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Themes - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>
R2 TrkWks (Distributed Link Tracking Client) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 w32time (Windows Time) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 WebClient - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 winmgmt (Windows Management Instrumentation) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 wscsvc (Security Center) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 wuauserv (Automatic Updates) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 WZCSVC (Wireless Zero Configuration) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 COMSysApp (COM+ System Application) - c:\windows\system32\dllhost.exe /processid:{02d4b3f1-fd88-11d1-960d-00805fc79235} <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 dlcc_device - c:\windows\system32\dlcccoms.exe -service <Not Verified; ; Printer Communication System>
R3 EventSystem (COM+ Event System) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 FastUserSwitchingCompatibility (Fast User Switching Compatibility) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" <Not Verified; Apple Inc.; iTunes>
R3 Netman (Network Connections) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 Nla (Network Location Awareness (NLA)) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 RasMan (Remote Access Connection Manager) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 TapiSrv (Telephony) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 TermService (Terminal Services) - c:\windows\system32\svchost -k dcomlaunch <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S2 ELService (Intel® Quick Resume Technology Drivers) - "c:\program files\intel\inteldh\intel(r) quick resume technology\elservice.exe" <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
S2 Fax - c:\windows\system32\fxssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 AppMgmt (Application Management) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
S3 BITS (Background Intelligent Transfer Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 CiSvc (Indexing Service) - c:\windows\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 HTTPFilter (HTTP SSL) - c:\windows\system32\svchost.exe -k httpfilter <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MHN - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 mnmsrvc (NetMeeting Remote Desktop Sharing) - c:\windows\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
S3 MSIServer (Windows Installer) - c:\windows\system32\msiexec.exe /v <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
S3 Netlogon (Net Logon) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 NetSvc (Intel NCS NetService) - c:\program files\intel\prosetwired\ncs\sync\netsvc.exe <Not Verified; Intel(R) Corporation; Intel(R) Network Configuration Services>
S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 ose (Office Source Engine) - "c:\program files\common files\microsoft shared\source engine\ose.exe" <Not Verified; Microsoft Corporation; Office Source Engine>
S3 RasAuto (Remote Access Auto Connection Manager) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 RSVP (QoS RSVP) - c:\windows\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SCardSvr (Smart Card) - c:\windows\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SwPrv (MS Software Shadow Copy Provider) - c:\windows\system32\dllhost.exe /processid:{6f6160a9-c71a-4d34-91a0-5b9e71074979} <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SysmonLog (Performance Logs and Alerts) - c:\windows\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 upnphost (Universal Plug and Play Device Host) - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 UPS (Uninterruptible Power Supply) - c:\windows\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmdmPmSN (Portable Media Serial Number Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Wmi (Windows Management Instrumentation Driver Extensions) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "c:\program files\windows media player\wmpnetwk.exe" <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - c:\windows\system32\svchost.exe -k wudfservicegroup <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 xmlprov (Network Provisioning Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 Alerter - c:\windows\system32\svchost.exe -k localservice <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ClipSrv (ClipBook) - c:\windows\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 HidServ (Human Interface Device Access) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 Messenger - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 NetDDE (Network DDE) - c:\windows\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 NetDDEdsdm (Network DDE DSDM) - c:\windows\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 NtmsSvc (Removable Storage) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 RemoteAccess (Routing and Remote Access) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled
No disabled devices found.
-- Scheduled Tasks
2008-04-15 17:20:45 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-03-20 and 2008-04-20
2008-04-20 14:25:22 2145554432 --ahs---- C:\hiberfil.sys
2008-04-20 14:17:10 0 d
C:\Deckard
2008-04-20 13:29:01 0 d
C:\SDFIX
2008-04-20 13:16:39 0 d
C:\Documents and Settings\Berto\Application Data\Malwarebytes
2008-04-20 13:16:31 0 d
C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 13:16:31 0 d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 12:59:51 0 d
C:\WINDOWS\ERUNT
2008-04-18 02:38:19 0 d--hs---- C:\RECYCLER
2008-04-18 02:37:24 0 d
C:\WINDOWS\TEMP
2008-04-18 02:33:54 0 d
C:\ComboFix
2008-04-17 12:51:49 0 d
C:\WINDOWS\system32\trcTMP
2008-04-17 12:51:49 0 d
C:\WINDOWS\system32\slNew
2008-04-17 12:51:49 0 d
C:\WINDOWS\system32\NFi
2008-04-17 12:51:49 0 d
C:\WINDOWS\system32\iTmp
2008-04-17 12:51:46 0 d
C:\WINDOWS\system32\xcsDd01
2008-04-17 12:51:45 34099 --a
C:\WINDOWS\system32\cbxwxvts.dll
2008-04-16 16:51:34 0 d
C:\Program Files\Dell Photo AIO Printer 924
2008-04-15 17:20:42 0 d
C:\Program Files\Apple Software Update
2008-04-09 13:49:06 0 d-a
C:\QooBox
2008-04-09 13:49:04 68096 --a
C:\WINDOWS\zip.exe
2008-04-09 13:49:04 49152 --a
C:\WINDOWS\VFind.exe
2008-04-09 13:49:04 212480 --a
C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-09 13:49:04 136704 --a
C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-09 13:49:04 161792 --a
C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-09 13:49:04 98816 --a
C:\WINDOWS\sed.exe
2008-04-09 13:49:04 80412 --a
C:\WINDOWS\grep.exe
2008-04-09 13:49:04 73728 --a
C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-09 12:52:52 0 d
C:\WINDOWS\system32\bharebio01
2008-04-09 01:54:46 0 d--h---c- C:\WINDOWS\$NtUninstallKB948881$
2008-04-09 01:54:40 0 d--h---c- C:\WINDOWS\$NtUninstallKB941693$
2008-04-09 01:54:15 0 d--h---c- C:\WINDOWS\$NtUninstallKB948590$
2008-04-09 01:52:52 0 d--h---c- C:\WINDOWS\$NtUninstallKB945553$
2008-04-08 16:33:55 0 d
C:\Program Files\ACW
2008-04-08 04:56:38 0 d
C:\WINDOWS\system32\Dell
2008-04-07 14:37:52 0 d
C:\Program Files\Seagate
2008-04-07 14:37:52 0 d
C:\Documents and Settings\All Users\Application Data\Seagate
2008-04-07 14:37:15 0 d
C:\Program Files\MSXML 6.0
2008-04-04 00:19:01 0 d
C:\Program Files\iPod
2008-03-27 17:55:50 0 d
C:\Program Files\Common Files\INCA Shared
2008-03-25 13:32:00 0 d
C:\Logs
2008-03-23 21:38:09 691545 --a
C:\WINDOWS\unins000.exe
2008-03-23 21:38:09 2541 --a
C:\WINDOWS\unins000.dat
2008-03-23 20:38:26 0 d
C:\WINDOWS\system32\usnv
2008-03-23 20:38:26 0 d
C:\WINDOWS\system32\md2
2008-03-23 20:38:26 0 d
C:\WINDOWS\system32\IDME
2008-03-23 20:38:25 0 d
C:\WINDOWS\system32\xTmp
2008-03-23 20:38:25 0 d
C:\WINDOWS\system32\bz3
-- Find3M Report
2008-04-20 14:36:39 0 d
C:\Program Files\Mozilla Firefox
2008-04-20 14:25:24 2048 --a-s---- C:\WINDOWS\bootstat.dat
2008-04-20 14:25:20 2145386496 --ahs---- C:\pagefile.sys
2008-04-20 03:44:05 0 d
C:\Documents and Settings\Berto\Application Data\BitTorrent
2008-04-17 17:03:11 0 d
C:\Program Files\Dl_cats
2008-04-17 15:57:39 0 d
C:\Program Files\SpywareBlaster
2008-04-09 01:55:57 201736 --a
C:\WINDOWS\system32\FNTCACHE.DAT
2008-04-09 01:54:30 0 d
C:\Program Files\Internet Explorer
2008-04-08 16:34:20 0 d---s---- C:\Documents and Settings\Berto\Application Data\Microsoft
2008-04-08 04:56:38 0 d
C:\Program Files\Dell
2008-04-07 14:38:06 0 d--h
C:\Program Files\InstallShield Installation Information
2008-04-06 00:56:20 19836024 --a
C:\WINDOWS\system32\MRT.exe <Not Verified; Microsoft Corporation; Microsoft Windows Malicious Software Removal Tool>
2008-04-04 00:19:11 0 d
C:\Program Files\iTunes
2008-04-04 00:14:08 0 d
C:\Program Files\QuickTime
2008-04-01 13:37:05 0 d
C:\Program Files\World of Warcraft
2008-03-27 17:55:50 0 d
C:\Program Files\Common Files
2008-03-25 12:56:10 0 d
C:\Documents and Settings\Berto\Application Data\Real
2008-03-23 21:39:43 0 d
C:\Program Files\Spybot - Search & Destroy
2008-03-19 04:47:00 1845248 --a
C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-16 19:28:31 409012 --a
C:\WINDOWS\system32\perfh009.dat
2008-03-16 19:28:31 64872 --a
C:\WINDOWS\system32\perfc009.dat
2008-03-01 18:36:30 3591680 --a
C:\WINDOWS\system32\mshtml.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:31 826368 --a
C:\WINDOWS\system32\wininet.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:30 233472 --a
C:\WINDOWS\system32\webcheck.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:30 1159680 --a
C:\WINDOWS\system32\urlmon.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:29 105984 --a
C:\WINDOWS\system32\url.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:29 44544 --a
C:\WINDOWS\system32\pngfilt.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:29 102912
n--- C:\WINDOWS\system32\occache.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:29 671232
n--- C:\WINDOWS\system32\mstime.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:28 193024
n--- C:\WINDOWS\system32\msrating.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:28 478208 --a
C:\WINDOWS\system32\mshtmled.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:26 52224 --a
C:\WINDOWS\system32\msfeedsbs.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:26 459264 --a
C:\WINDOWS\system32\msfeeds.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:25 27648
n--- C:\WINDOWS\system32\jsproxy.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:25 267776 --a
C:\WINDOWS\system32\iertutil.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:24 44544
n--- C:\WINDOWS\system32\iernonce.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:24 6066176 --a
C:\WINDOWS\system32\ieframe.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:22 384512
n--- C:\WINDOWS\system32\iedkcs32.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:22 383488 --a
C:\WINDOWS\system32\ieapfltr.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:21 230400
n--- C:\WINDOWS\system32\ieaksie.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:21 153088
n--- C:\WINDOWS\system32\ieakeng.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:21 63488 --a
C:\WINDOWS\system32\icardie.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:21 133120
n--- C:\WINDOWS\system32\extmgr.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:21 214528 --a
C:\WINDOWS\system32\dxtrans.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:21 347136 --a
C:\WINDOWS\system32\dxtmsft.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-03-01 08:06:20 124928 --a
C:\WINDOWS\system32\advpack.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-02-29 03:55:23 70656
n--- C:\WINDOWS\system32\ie4uinit.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-02-24 04:31:05 0 d
C:\Documents and Settings\Berto\Application Data\Adobe
2008-02-22 05:00:51 13824 --a
C:\WINDOWS\system32\ieudinit.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-02-20 14:42:16 0 d
C:\Program Files\Common Files\AOL
2008-02-20 14:01:07 0 d
C:\Program Files\AIM6
2008-02-20 01:51:05 282624 --a
C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 00:32:43 45568 --a
C:\WINDOWS\system32\dnsrslvr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 00:32:43 148992 --a
C:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-15 00:44:25 161792
n--- C:\WINDOWS\system32\ieakui.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-02-03 16:57:44 3686 --a
C:\WINDOWS\system32\tmp.reg
2008-02-03 05:03:34 12632 --a
C:\WINDOWS\system32\lsdelete.exe
2008-02-02 01:55:37 83456 --a
C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-01-29 12:02:30 107368 --a
C:\WINDOWS\system32\GEARAspi.dll <Not Verified; GEAR Software Inc.; GEAR Software GEARAspi>
2008-01-27 15:37:54 81920 --a
C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
04/17/2008 12:51 PM 34099 --a
C:\WINDOWS\system32\cbxwxvts.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 08:07 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 07:56 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 03:12 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 09:47 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [10/09/2007 04:21 PM]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [06/07/2005 02:38 PM]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [07/22/2005 03:03 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 07:39 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 11:15 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/25/2007 05:26 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/8/2006 11:02:09 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\cbxwxvts.dll [04/17/2008 12:51 PM 34099]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwxvts]
cbxwxvts.dll 04/17/2008 12:51 PM 34099 C:\WINDOWS\system32\cbxwxvts.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
-- End of Deckard's System Scanner: finished at 2008-04-20 14:39:29
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2046.09 MiB / 1499.88 MiB
Pagefile Memory (total/avail): 3938.23 MiB / 3519.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1971.59 MiB
C: is Fixed (NTFS) - 228.14 GiB total, 205.09 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 465.76 GiB total, 414.56 GiB free.
\\.\PHYSICALDRIVE0 - SAMSUNG SP2504C - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 228.14 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB
\\.\PHYSICALDRIVE1 - Seagate FreeAgentDesktop USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - F:
-- Security Center
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Trend Micro PC-cillin Internet Security (Firewall) v12 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security v12.7.1019 (Trend Micro, Inc.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Berto\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=POOKIE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Berto
LOGONSERVER=\\POOKIE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Berto\LOCALS~1\Temp
TMP=C:\DOCUME~1\Berto\LOCALS~1\Temp
USERDOMAIN=POOKIE
USERNAME=Berto
USERPROFILE=C:\Documents and Settings\Berto
windir=C:\WINDOWS
-- User Profiles
Berto (admin)
Administrator (admin)
-- Add/Remove Programs
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
924PLC32 --> MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
BitTorrent DNA --> "C:\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Photo AIO Printer 924 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlccUNST.EXE -NOLICENSE
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Drive Manager --> "C:\Program Files\InstallShield Installation Information\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager --> MsiExec.exe /I{48B0F38D-1913-44F3-99AA-D4C55A2B038E}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Enhancement Browser Tools Nextads --> C:\WINDOWS\system32\{c530fa23-ea17-b880-f048-bcd741ee480f}.dll-uninst.exe
FasterPing --> rundll32.exe dfshim.dll,ShArpMaintain FasterPing.application, Culture=neutral, PublicKeyToken=70e7d13bb83f253e, processorArchitecture=msil
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Berto\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864) --> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157) --> "C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795) --> "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593) --> "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961) --> "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256) -->
Hotfix for Windows XP (KB899337) --> "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510) --> "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841) --> "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569) -->
Hotfix for Windows XP (KB908673) -->
Hotfix for Windows XP (KB912024) -->
Hotfix for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865) --> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239) --> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
Intel(R) Quick Resume Technology Drivers --> MsiExec.exe /I{8C22F265-DE76-44D1-8A79-A71D819137DA}
Intel(R) Quick Resume Technology Drivers --> MsiExec.exe /X{8C22F265-DE76-44D1-8A79-A71D819137DA} /qb!
Intel® Viiv™ --> MsiExec.exe /X{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
K-Lite Codec Pack 3.5.7 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494) --> "C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Windows Internet Explorer 7 (KB938127) --> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653) --> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615) --> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533) --> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358) -->
Security Update for Windows XP (KB896422) -->
Security Update for Windows XP (KB896423) -->
Security Update for Windows XP (KB896424) -->
Security Update for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588) -->
Security Update for Windows XP (KB899591) -->
Security Update for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214) -->
Security Update for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706) -->
Security Update for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519) -->
Security Update for Windows XP (KB911562) -->
Security Update for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919) -->
Security Update for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281) -->
Security Update for Windows XP (KB917344) -->
Security Update for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439) -->
Security Update for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Trend Micro PC-cillin Internet Security 12 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
Update for Windows Media Player 10 (KB910393) -->
Update for Windows Media Player 10 (KB913800) --> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB912945) -->
Update for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows Installer 3.1 (KB893803) -->
Windows Internet Explorer 7 --> "C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 --> MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] --> C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB873339 -->
Windows XP Hotfix - KB885250 -->
Windows XP Hotfix - KB885835 -->
Windows XP Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472 -->
Windows XP Hotfix - KB888113 -->
Windows XP Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB889673 -->
Windows XP Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890927 --> C:\WINDOWS\$NtUninstallKB890927$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781 -->
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
-- Application Event Log
Event Record #/Type693 / Error
Event Submitted/Written: 04/20/2008 02:29:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss.exe!ws!]
Event Record #/Type689 / Error
Event Submitted/Written: 04/20/2008 02:22:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss.exe!ws!]
Event Record #/Type688 / Error
Event Submitted/Written: 04/20/2008 02:20:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss.exe!ws!]
Event Record #/Type655 / Error
Event Submitted/Written: 04/17/2008 03:11:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application update.exe, version 1.4.0.6, faulting module update.exe, version 1.4.0.6, fault address 0x00003e7e.
Processing media-specific event for [update.exe!ws!]
Event Record #/Type654 / Error
Event Submitted/Written: 04/17/2008 03:11:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sdupdate.exe, version 1.0.8.8, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [sdupdate.exe!ws!]
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event Record #/Type6138 / Error
Event Submitted/Written: 04/20/2008 02:26:42 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Intel® Quick Resume Technology Drivers service terminated with the following error:
%%203
Event Record #/Type6136 / Error
Event Submitted/Written: 04/20/2008 02:26:15 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%2
Event Record #/Type6132 / Error
Event Submitted/Written: 04/20/2008 02:24:51 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type6131 / Error
Event Submitted/Written: 04/20/2008 02:24:34 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type6130 / Error
Event Submitted/Written: 04/20/2008 02:24:30 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
-- End of Deckard's System Scanner: finished at 2008-04-20 14:39:29
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Download The Avenger by Swandog from here and save it to your Desktop.
Disconnect from net access, close all open programs and unzip the downloaded avenger.zip file. Then in the new avenger folder created locate and click on avenger.exe to run the tool.
Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.
Files to delete: C:\WINDOWS\system32\cbxwxvts.dll Folders to delete: C:\WINDOWS\system32\trcTMP C:\WINDOWS\system32\slNew C:\WINDOWS\system32\NFi C:\WINDOWS\system32\iTmp C:\WINDOWS\system32\xcsDd01 C:\WINDOWS\system32\bharebio01 Registry values to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} Registry keys to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwxvtsYour system may reboot twice to complete the repairs. After the reboot a text will open - copy/paste those contents back here please. The log can also be found at C:\avenger.txt.
Then reconnect to net access and go here and run the Kaspersky online scan, and post back the log it creates (it requires IE).
To use the scan, once the download has completed click Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click My Computer to begin the scan. Save the Report as a text file and post that back here.
To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)".
Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):
"%userprofile%\desktop\dss.exe" /config
When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:
System Restore
Temp Cleanup
Process Modules
Then under Extra Log, uncheck all the boxes.
Don't make any other changes at this time. Then click the "Scan!" button to start the scan.
Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)
Post back the that log along with the Kaspersky log and the avenger.txt log please.
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\cbxwxvts.dll" deleted successfully.
Folder "C:\WINDOWS\system32\trcTMP" deleted successfully.
Folder "C:\WINDOWS\system32\slNew" deleted successfully.
Folder "C:\WINDOWS\system32\NFi" deleted successfully.
Folder "C:\WINDOWS\system32\iTmp" deleted successfully.
Folder "C:\WINDOWS\system32\xcsDd01" deleted successfully.
Folder "C:\WINDOWS\system32\bharebio01" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwxvts" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
KASPERSKY ONLINE SCANNER REPORT
Monday, April 21, 2008 2:02:59 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/04/2008
Kaspersky Anti-Virus database records: 719150
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 88914
Number of viruses found: 6
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 00:53:56
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\Berto\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Berto\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Berto\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Berto\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Berto\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Berto\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Berto\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Berto\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Berto\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Berto\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Berto\ntuser.dat Object is locked skipped
C:\Documents and Settings\Berto\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP119\A0020018.dll Infected: Trojan.Win32.Agent.eek skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP119\A0020019.dll Infected: Trojan.Win32.Agent.eek skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP119\A0020021.dll Infected: Trojan.Win32.Agent.eek skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP119\A0020055.dll Infected: Trojan.Win32.Agent.eek skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP121\A0020180.exe Infected: Trojan-Downloader.Win32.VB.dkg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP121\A0020188.exe Infected: Trojan-Downloader.Win32.VB.dkg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP121\A0020227.dll Infected: Trojan.Win32.Agent.eek skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP122\A0020471.dll Infected: Trojan.Win32.Agent.eek skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP122\A0020474.exe Infected: Trojan-Downloader.Win32.VB.dza skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP122\change.log Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP45\A0005440.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP45\A0005440.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP45\A0005440.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP45\A0005450.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP93\A0010902.exe Infected: Trojan-Downloader.Win32.Delf.gda skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0B23B520-1075-4686-8872-B8572418B9A2}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bz3\pnglft22.exe Infected: Trojan-Downloader.Win32.Small.tei skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Run by Berto on 2008-04-21 12:58:47
Computer is in Normal Mode.
Backed up registry hives.
-- HijackThis (run as Berto.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:34 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Berto\desktop\dss.exe
C:\DOCUME~1\Berto\Desktop\Berto.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 7730 bytes
-- File Associations
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R1 ELhid - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELkbd - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmon - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmou - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S0 PxHelp20 - c:\windows\system32\drivers\pxhelp20.sys (file missing)
S1 rio8drvv - c:\windows\system32\drivers\rio8drvv.sys (file missing)
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 catchme - c:\docume~1\berto\locals~1\temp\catchme.sys (file missing)
S3 npkcusb - c:\nexon\maplestory\npkcusb.sys (file missing)
S3 npkycryp - c:\nexon\maplestory\npkycryp.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 ELService (Intel® Quick Resume Technology Drivers) - "c:\program files\intel\inteldh\intel(r) quick resume technology\elservice.exe" <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
S2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
S2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
S2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
S2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>
-- Device Manager: Disabled
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/1000 PL Network Connection
Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_01D11028&REV_01\4&22443A69&0&00E5
Manufacturer: Intel
Name: Intel(R) PRO/1000 PL Network Connection
PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_01D11028&REV_01\4&22443A69&0&00E5
Service: e1express
-- Scheduled Tasks
2008-04-15 17:20:45 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-03-21 and 2008-04-21
2008-04-20 13:16:39 0 d
C:\Documents and Settings\Berto\Application Data\Malwarebytes
2008-04-20 13:16:31 0 d
C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 13:16:31 0 d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 12:59:51 0 d
C:\WINDOWS\ERUNT
2008-04-16 16:51:34 0 d
C:\Program Files\Dell Photo AIO Printer 924
2008-04-15 17:20:42 0 d
C:\Program Files\Apple Software Update
2008-04-09 13:49:04 68096 --a
C:\WINDOWS\zip.exe
2008-04-09 13:49:04 49152 --a
C:\WINDOWS\VFind.exe
2008-04-09 13:49:04 212480 --a
C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-09 13:49:04 136704 --a
C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-09 13:49:04 161792 --a
C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-09 13:49:04 98816 --a
C:\WINDOWS\sed.exe
2008-04-09 13:49:04 80412 --a
C:\WINDOWS\grep.exe
2008-04-09 13:49:04 73728 --a
C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-08 16:33:55 0 d
C:\Program Files\ACW
2008-04-08 04:56:38 0 d
C:\WINDOWS\system32\Dell
2008-04-07 14:37:52 0 d
C:\Program Files\Seagate
2008-04-07 14:37:52 0 d
C:\Documents and Settings\All Users\Application Data\Seagate
2008-04-07 14:37:15 0 d
C:\Program Files\MSXML 6.0
2008-04-04 00:19:01 0 d
C:\Program Files\iPod
2008-03-27 17:55:50 0 d
C:\Program Files\Common Files\INCA Shared
2008-03-25 13:32:00 0 d
C:\Logs
2008-03-23 21:38:09 691545 --a
C:\WINDOWS\unins000.exe
2008-03-23 21:38:09 2541 --a
C:\WINDOWS\unins000.dat
2008-03-23 20:38:26 0 d
C:\WINDOWS\system32\usnv
2008-03-23 20:38:26 0 d
C:\WINDOWS\system32\md2
2008-03-23 20:38:26 0 d
C:\WINDOWS\system32\IDME
2008-03-23 20:38:25 0 d
C:\WINDOWS\system32\xTmp
2008-03-23 20:38:25 0 d
C:\WINDOWS\system32\bz3
-- Find3M Report
2008-04-21 01:59:24 0 d
C:\Program Files\Dl_cats
2008-04-20 23:53:00 0 d
C:\Program Files\World of Warcraft
2008-04-20 03:44:05 0 d
C:\Documents and Settings\Berto\Application Data\BitTorrent
2008-04-17 15:57:39 0 d
C:\Program Files\SpywareBlaster
2008-04-08 04:56:38 0 d
C:\Program Files\Dell
2008-04-07 14:38:06 0 d--h
C:\Program Files\InstallShield Installation Information
2008-04-04 00:19:11 0 d
C:\Program Files\iTunes
2008-04-04 00:14:08 0 d
C:\Program Files\QuickTime
2008-03-27 17:55:50 0 d
C:\Program Files\Common Files
2008-03-25 12:56:10 0 d
C:\Documents and Settings\Berto\Application Data\Real
2008-02-24 04:31:05 0 d
C:\Documents and Settings\Berto\Application Data\Adobe
2008-02-03 16:57:44 3686 --a
C:\WINDOWS\system32\tmp.reg
2008-02-02 01:55:37 83456 --a
C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-01-27 15:37:54 81920 --a
C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 08:07 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 07:56 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 03:12 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 09:47 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [10/09/2007 04:21 PM]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [06/07/2005 02:38 PM]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [07/22/2005 03:03 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 07:39 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 11:15 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/25/2007 05:26 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/8/2006 11:02:09 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
-- End of Deckard's System Scanner: finished at 2008-04-21 12:59:53
Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
Do a search ( Start - Search/Find - Files or Folders) for the following hilighted folders (shown in Bold), and if found, delete them.
C:\WINDOWS\system32\usnv
C:\WINDOWS\system32\md2
C:\WINDOWS\system32\IDME
C:\WINDOWS\system32\xTmp
C:\WINDOWS\system32\bz3
Then Go Here and download ATF cleaner. Close all open browsers, then click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).
If you have them, you can also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.
While the info is available I see one orphaned AOL driver remaining as well. If AOL is no longer installed there (I don't see it in logs), you can do this to remove that drive.
Go to Start > Run and type
cmd
and OK. At the prompt type (or copy\paste) the below commands and hit "Enter" after each line
sc config wanatw start= disabled
sc delete wanatw
Type Exit to close.
So before we move to clean up what we added there, how are things running now?
Kaspersky, if you don't plan to use it again, uninstalls through Add/Remove Programs.
The autoplay functions there were blocked as part of the procedures you did before we started repairs. You can return those to the Windows default settings at this time by doing the following step, if you wish. This will allow autoplay for all drives such as CD-ROM and external drives.
Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it autofix.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.
Also these logon script settings were altered, in part to keep removal scripts running from showing during startup. I would not know your original settings for these, but you can do the following to change these to a default setting. Most often changing these only would impact networked users relying on certain types of logon scripts. Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it logonfix.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and OK the prompt asking if you wish to merge the file with your registry.
You can also at this time delete the files/folders of the tools we used. To assist with some of that download OTMoveIt2 and save the file to your desktop. This will help by automatically removing some of the tools we used.
Please double-click OTMoveIt.exe to run it and click on Cleanup (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator"). When you do this list of malware removal programs will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has downloaded, you'll be asked if you want to begin cleanup process? Select Yes.
OTMoveIt will search for and delete/uninstall all the tools that we have used to fix your problems and all their backup folders and then delete itself when you next reboot. At the end of the run you will receive a prompt to reboot, but save that for the next step.
Then reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.
You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.
When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.
In addition, I like to recommend reviewing the information Here to make sure you stay malware free.
This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead