Need Lots Of Help Please

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Need Lots Of Help Please

Options

pcdome View Member Profile	Sep 30 2006, 07:08 PM Post #46
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, I'm going to post up my HJT Uninstall list. I'm sorry that I'm not doing it all in one posting, but my internet is acting so slowly these days (I suspect it's these malware problems that your helping me with) that I can only do what item from the list at a time. So, I want to post them when I finish just in case I can't get through the next step before I have to go somewhere. Here's the list, I'm writing in red next to the files either "Don't Know" for the files that I don't know what they are. These are files that I can't seem to uninstall through the control panel or don't appear on the control panel's list. If you see anything on here that I should remove and I don't mark it please let me know. Below the uninstall list is a new HJT posting. I'm a little concerned with a file on there called VM_STI.exe I've recently seen it running in my task manager. I've tried to search for the file on the internet but can't find any info about it. So I'm a little worried b/c as far as I can tell it's new on my computer and not something I installed, also there is no info so that worries me. Usually, if a program is safe it can be found when searching for the programs name. The last reason I'm concerned about it is because of it's locations the following are the 3 locations I found it in: C:\WINDOWS\VM_STI C:\WINDOWS\LastGood\VM_STI (the file path LastGood, I have no idea what that is from) C:\WINDOWS\Programfiles\Vimicro\VM301B\Driver Autoinstall\Driver Files (spaces are included in the directory) I'm not trying to step on your toes, because I'm by no means the professional you are, but having been working on these problems with you for so long, I'm starting to notice odd things and learn a little bit about this stuff. So, I'm posting this info only to try and help make your life easier, if I notice something funny. Thanks a million times over. pcDome Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Illustrator CS Adobe Photoshop CS Adobe Reader 7.0.8 Adobe SVG Viewer 3.0 AeCOAUμ\|(Unified Codec Pack) 8.0.0.5 ≫eA\| Alcohol 120% (Trial Version) BitComet 0.56 Canon MP Drivers 7.0 Canon ScanGear Starter CASHFLOW?202 THE E-GAME CASHFLOW?THE E-GAME ccCommon Don't Know CCleaner (remove only) CN°OAO Don't Know CN°OAO AUμ¿ AI½ºAc·? Don't Know CN°OAO º¸¾EÆÐA¡ Don't Know CN¹æ¿¡~ V2.15 Don't Know Codec 7.8i Desktop Weather by The Weather Channel ewido anti-spyware 4.0 GOM Player Google Earth Google SketchUp Google Toolbar for Internet Explorer HijackThis 1.99.1 Internet Explorer Q903235 Internet Worm Protection Don't Know iPod for Windows 2005-10-12 iTunes J2SE Runtime Environment 5.0 Update 8 Juice 2.2 LiveUpdate 3.0 (Symantec Corporation) Macromedia ColdFusion MX 7 Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Macromedia Flash Player 8 Plugin Macromedia Shockwave Player Microsoft .NET Framework 2.0 Microsoft Data Access Components KB870669 Microsoft Office Professional Edition 2003 MSN Messenger 7.5 NAVShortcut Nero 6 Ultra Edition Norton AntiVirus 2006 Norton AntiVirus 2006 (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center Norton WMI Update nProtect KeyCrypt Don't Know nProtect Netizen Ver.3(remove only) Don't Know NVIDIA Drivers PDF reDirect (remove only) PeerGuardian 2.0 PowerISO QuickTime Real Alternative 1.46 Realtek AC'97 Audio REALTEK Gigabit and Fast Ethernet NIC Driver Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896426) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905495) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Serif DrawPlus 4.0 Slim TV Driver Don't Know SnoopFree Privacy Shield SoftCamp Secure KeyStroke 4.0 Don't Know SPBBC Don't Know Spybot - Search & Destroy 1.4 Symantec The Rosetta Stone ToToBrowser verion 2 TV Card Don't Know TV Card Driver Don't Know TV Driver Don't Know TVUPlayer 2.2.0 Update for Windows XP (KB835409) Update for Windows XP (KB898461) Update for Windows XP (KB910437) VideoLAN VLC media player 0.8.4a VobSub v2.23 (Remove Only) Weather Services Winamp (remove only) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Media Player Hotfix [See Q828026 for more information] Windows XP Hotfix - KB823182 Windows XP Hotfix - KB824105 Windows XP Hotfix - KB825119 Windows XP Hotfix - KB826939 Windows XP Hotfix - KB828035 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833407 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB837001 Windows XP Hotfix - KB839645 Windows XP Hotfix - KB840315 Windows XP Hotfix - KB840374 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB841873 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB871250 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB883939 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889293 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891711 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892944 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Hotfix - KB896688 Windows XP Hotfix - KB896727 Windows XP Hotfix - KB897715 Windows XP Hotfix - KB905915 Windows XP Hotfix - KB911567 Windows XP Hotfix - KB912812 Windows XP Hotfix - KB916281 Windows XP Hotfix - KB918439 Windows XP Hotfix - KB918899 Windows XP Hotfix - KB925486 WinISO 5.3 WinRAR archiver XecureWeb Control Don't Know Yahoo! Messenger ZoneAlarm Pro HJT Log Logfile of HijackThis v1.99.1 Scan saved at 9:09:24 AM, on 10/1/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\SnoopFreeUI.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HJT.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE lebeca web camera driver O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ksvhtclidsver] ksvhtclidsver.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {3D51DCE5-683F-422E-AB48-9D21E6DD5808} (cRsiteup.acRsiteup) - http://www.hebogo.com/ActiveX/cRsiteup.cab O16 - DPF: {3E5BBDC8-18F9-4A70-94B5-DD64929C0AF4} (AniCastH Class) - http://gogo.jaeminara.co.kr/gogo/hansol/na...ol/axacastH.cab O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spatic.go.kr/www/msxml4.cab O16 - DPF: {95FAA6CA-9CD5-40A5-B9EA-2ED419D4D9E7} - http://www.spatic.go.kr/www/ZeusWEB.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://kings.nefficient.co.kr/kings/kdfx/k...29/kdfense8.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://id.hangame.com/common/HanSetup1008.cab O16 - DPF: {D2A4C311-F608-4E0E-BBFE-6B25E31AC15B} (Kdfense5 Control) - http://kings.cachenet.com/kdf5106/kdfense5.cab O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul.com/ActiveX/Release/C...amulMap_V17.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe This post has been edited by pcdome: Sep 30 2006, 07:21 PM

pcdome View Member Profile	Sep 30 2006, 08:43 PM Post #47
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Alrighty, I've finished the scans. Only one note when I started SilentRunners it tried to install that SpywareRemover Program that we removed a while ago, the install could never find the program, but I still had to hit cancel 3 or 4 times in order for SilentRunners to start. Also, the SilentRunners program never said "All Done" but it did automatically save the list to the desktop. Once again, I just want to remind you that for most of this coming week I won't be at my computer. I'll be gone from your Monday night until your Friday morning. So if you post during this time please understand that I won't be able to work on your instructions. Have a great weekend! pcDome SilentRunners: "Silent Runners.vbs", revision 48, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "BitComet" = ""C:\Program Files\BitComet\BitComet.exe"" ["www.BitComet.com"] "updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"] "PeerGuardian" = "C:\Program Files\PeerGuardian2\pg2.exe" ["Methlabs"] "Yahoo! Pager" = ""C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet" ["Yahoo! Inc."] "ksvhtclidsver" = "ksvhtclidsver.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "winupx Service" = "winupx.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "PHIME2002ASync" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "SnoopFreeUI" = "SnoopFreeUI.exe" ["SnoopFree Software"] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "BigDogPath" = "C:\WINDOWS\VM_STI.EXE lebeca web camera driver" ["VM."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"" ["Sun Microsystems, Inc."] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "SSC_UserPrompt" = ""C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"" ["Symantec Corporation"] "NAV CfgWiz" = "C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper" -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{2AA489CC-FEDC-4DD5-A693-0B8FED9D8B0D}" = "ALSee 1.0 Context Menu Shell Extension" -> {HKLM...CLSID} = "ALSee 1.0 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALSee\ASSHLE~1.DLL" [file not found] "{170C6CC2-9FB2-42e1-9184-5336C51EBE6D}" = "ViRobot Expert Ver 4.0" -> {HKLM...CLSID} = "ViRobot Expert Ver 4.0" \InProcServer32\(Default) = "C:\Program Files\ViRobotXP\VShExt.dll" [file not found] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\System32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\System32\dfshim.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\\shellex\ContextMenuHandlers\ ALSee\(Default) = "{2AA489CC-FEDC-4DD5-A693-0B8FED9D8B0D}" -> {HKLM...CLSID} = "ALSee 1.0 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALSee\ASSHLE~1.DLL" [file not found] ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Bliss.bmp" Startup items in "Robb" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Run Full System Scan - Robb" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] "{C4069E3A-68F1-403E-B40E-20066696354B}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] "{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Explorer Bars Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ "ButtonText" = "Yahoo! Messenger" "MenuText" = "Yahoo! Messenger" "Exec" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" ["Yahoo! Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Messenger" "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] ColdFusion MX 7 Application Server, ColdFusion MX 7 Application Server, ""C:\CFusionMX7\runtime\bin\jrunsvc.exe"" ["Macromedia Inc."] ColdFusion MX 7 Search Server, ColdFusion MX 7 Search Server, ""C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1" ["Verity, Inc."] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"] Norton Protection Center Service, NSCService, ""C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Snoop Free Service, SnoopFreeSvc, "System32\SnoopFreeSvc.exe" [null data] SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"] Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MP110\Driver = "CNMLM6f.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] PDF reDirect Monitor\Driver = "PDFreDirectMonNT.dll" [null data] ---------- + This report excludes default entries except where indicated. + To see everywhere* the script checks and everything it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 198 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 261 seconds. ---------- (total run time: 1331 seconds) HJT Startup List: StartupList report, 10/1/2006, 9:36:17 AM StartupList version: 1.52.2 Started from : C:\Program Files\HijackThis\HJT.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\SnoopFreeUI.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\WScript.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\HijackThis\HJT.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\System32\Userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName SoundMan = SOUNDMAN.EXE NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit SnoopFreeUI = SnoopFreeUI.exe BigDogPath = C:\WINDOWS\VM_STI.EXE lebeca web camera driver SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" SSC_UserPrompt = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" NAV CfgWiz = C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe BitComet = "C:\Program Files\BitComet\BitComet.exe" updateMgr = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 PeerGuardian = C:\Program Files\PeerGuardian2\pg2.exe Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet ksvhtclidsver = ksvhtclidsver.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=Registry value not found drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry value not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Run Full System Scan - Robb.job -------------------------------------------------- Enumerating Download Program Files: [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get/shock...director/sw.cab [cRsiteup.acRsiteup] InProcServer32 = C:\WINDOWS\Downloaded Program Files\cRsiteup.ocx CODEBASE = http://www.hebogo.com/ActiveX/cRsiteup.cab [AniCastH Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\axACastH.dll CODEBASE = http://gogo.jaeminara.co.kr/gogo/hansol/na...ol/axacastH.cab [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab [Malicious Software Removal Tool] InProcServer32 = C:\WebCleaner.dll CODEBASE = http://download.microsoft.com/download/b/d.../WebCleaner.cab [YahooCS Class] CODEBASE = http://kr.memo.yahoo.com/CAB/YahooWCS.cab [XML DOM Document 4.0] InProcServer32 = %SystemRoot%\System32\msxml4.dll CODEBASE = http://www.spatic.go.kr/www/msxml4.cab [{95FAA6CA-9CD5-40A5-B9EA-2ED419D4D9E7}] CODEBASE = http://www.spatic.go.kr/www/ZeusWEB.cab [{A4508A45-F1C4-40F3-99B4-0CA08AC77E3B}] CODEBASE = http://kings.nefficient.co.kr/kings/kdfx/k...29/kdfense8.cab [HanSetupCtrl1008 Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HanSetup1008.dll CODEBASE = http://id.hangame.com/common/HanSetup1008.cab [{D27CDB6E-AE6D-11CF-96B8-444553530000}] CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab [Kdfense5 Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\kdfense5.ocx CODEBASE = http://kings.cachenet.com/kdf5106/kdfense5.cab [CongnamulMap Control] InProcServer32 = C:\WINDOWS\System32\CONGNA~1.OCX CODEBASE = http://www.congnamul.com/ActiveX/Release/C...amulMap_V17.cab [GameDesire Pool 8] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Billard8.dll CODEBASE = http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run winupx Service = winupx.exe -------------------------------------------------- End of report, 9,138 bytes Report generated in 1.063 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

pcdome View Member Profile	Sep 30 2006, 08:50 PM Post #48
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Sorry I ran out of space for posting so I had to split the Gmer1 scan here and Gmer2 scans. Gmer1: GMER 1.0.11.11390 - http://www.gmer.net Rootkit 2006-10-01 10:19:32 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.11 ---- SSDT 81FC1410 ZwAlertResumeThread SSDT 81FE8C20 ZwAlertThread SSDT 820BC160 ZwAllocateVirtualMemory SSDT d346bus.sys ZwClose SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwCreateKey SSDT 81FF8A60 ZwCreateMutant SSDT d346bus.sys ZwCreatePagingFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT 820C6158 ZwCreateThread SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteKey SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT d346bus.sys ZwEnumerateKey SSDT d346bus.sys ZwEnumerateValueKey SSDT 820B4C60 ZwFreeVirtualMemory SSDT 82016BE0 ZwImpersonateAnonymousToken SSDT 82017478 ZwImpersonateThread SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT 81FCD410 ZwOpenEvent SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT d346bus.sys ZwOpenKey SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT 820BD1A8 ZwOpenProcessToken SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT 82042268 ZwOpenThreadToken SSDT d346bus.sys ZwQueryKey SSDT 8202AEA0 ZwQueryValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT 821896D8 ZwResumeThread SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT 82081238 ZwSetContextThread SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT 8202C1C8 ZwSetInformationProcess SSDT 81FC7D18 ZwSetInformationThread SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT d346bus.sys ZwSetSystemPowerState SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey SSDT 8202AB18 ZwSuspendProcess SSDT 81FDEEB0 ZwSuspendThread SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT 82037A48 ZwTerminateThread SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver SSDT 82039168 ZwUnmapViewOfSection SSDT 820B9DC8 ZwWriteVirtualMemory ---- Devices - GMER 1.0.11 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82365BB0 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F6B40230] vsdatant.sys Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8208F280 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8208F280 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82018C00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8208F280 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8208F280 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN

pcdome View Member Profile	Sep 30 2006, 08:52 PM Post #49
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Gmer1 Cont'd: 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 820F2E40 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_CREATE 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_CREATE_NAMED_PIPE 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_CLOSE 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_READ 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_WRITE 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_QUERY_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SET_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_QUERY_EA 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SET_EA 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_FLUSH_BUFFERS 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_QUERY_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SET_VOLUME_INFORMATION 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_DIRECTORY_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_FILE_SYSTEM_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_INTERNAL_DEVICE_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SHUTDOWN 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_LOCK_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_CLEANUP 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_CREATE_MAILSLOT 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_QUERY_SECURITY 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SET_SECURITY 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_POWER 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SYSTEM_CONTROL 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_DEVICE_CHANGE 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_QUERY_QUOTA 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SET_QUOTA 820F2E40 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_PNP 820F2E40 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8208F280 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8208F280 Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 81C02460 Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F6B40230] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE

pcdome View Member Profile	Sep 30 2006, 08:53 PM Post #50
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Gmer1 Cont'd2: 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_POWER 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8217B400 Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_PNP 8217B400 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_CREATE 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_CLOSE 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_READ 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_WRITE 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_SET_INFORMATION 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_EA 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_SET_EA 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_SHUTDOWN 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_CLEANUP 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_SET_SECURITY 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_POWER 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_SET_QUOTA 81FE7D68 Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 IRP_MJ_PNP 81FE7D68 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 82355780 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 82355780 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 82355780 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 82355780 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 82355780 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81FC3220 ---- Modules - GMER 1.0.11 ---- Module _________ F8445000 ---- Registry - GMER 1.0.11 ---- Reg \Registry\USER\S-1-5-21-1060284298-1417001333-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:R:\Nypuby 120% 1.9.2 + XrlTra + Penpx\Nypuby 120% 1.9.2 + XrlTra + Penpx\Nypbuby 120 1.4.8.1222 +PENPX + Nypbubyre 4.0o [SE] + onfr + pybalkky2.0.14\Nypbuby 120 1.4.8.1222 +PENPX + Nypbubyre 4.0o [SE] + onfr + pybalkky2.0.14\nypbuby\gevny_frghc.rkr 0x48 0x00 0x00 0x00 ... ---- Files - GMER 1.0.11 ---- ADS C:\Documents and Settings\Robb\My Documents\My DVDs\Untitled\Untitled.dvd:Afp_AfpInfo ADS C:\Documents and Settings\Robb\My Documents\My DVDs\Wembldon 2004\Wembldon 2004.dvd:Afp_AfpInfo ADS ... ---- EOF - GMER 1.0.11 ----

pcdome View Member Profile	Sep 30 2006, 08:54 PM Post #51
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Gmer2: GMER 1.0.11.11390 - http://www.gmer.net Autostart 2006-10-01 10:23:36 Windows 5.1.2600 Service Pack 1 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\System32\Userinit.exe, HKLM\SYSTEM\CurrentControlSet\Services\ >>> Automatic LiveUpdate Scheduler /Automatic LiveUpdate Scheduler/@ = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" ccEvtMgr /Symantec Event Manager/@ = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" ccSetMgr /Symantec Settings Manager/@ = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" ColdFusion MX 7 Application Server /ColdFusion MX 7 Application Server/@ = "C:\CFusionMX7\runtime\bin\jrunsvc.exe" ColdFusion MX 7 Search Server /ColdFusion MX 7 Search Server/@ = "C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 ewido anti-spyware 4.0 guard /ewido anti-spyware 4.0 guard/@ = C:\Program Files\ewido anti-spyware 4.0\guard.exe navapsvc /Norton AntiVirus Auto-Protect Service/@ = "C:\Program Files\Norton AntiVirus\navapsvc.exe" NPFMntor /Norton AntiVirus Firewall Monitor Service/@ = "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" npkcsvc /npkcsvc/@ = C:\WINDOWS\System32\npkcsvc.exe NVSvc /NVIDIA Display Driver Service/@ = %SystemRoot%\System32\nvsvc32.exe SNDSrvc /Symantec Network Drivers Service/@ = "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" SnoopFreeSvc /Snoop Free Service/@ = System32\SnoopFreeSvc.exe SPBBCSvc /SPBBCSvc/@ = "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" Spooler /Print Spooler/@ = %SystemRoot%\system32\spoolsv.exe Symantec Core LC /Symantec Core LC/@ = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" UMWdf /Windows User Mode Driver Framework/@ = C:\WINDOWS\System32\wdfmgr.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 @PHIME2002ASyncC:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC @PHIME2002AC:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName @SoundManSOUNDMAN.EXE = SOUNDMAN.EXE @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup @nwiznwiz.exe /install = nwiz.exe /install @NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit @SnoopFreeUISnoopFreeUI.exe = SnoopFreeUI.exe @KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k @BigDogPathC:\WINDOWS\VM_STI.EXE lebeca web camera driver = C:\WINDOWS\VM_STI.EXE lebeca web camera driver @SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" = "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" @ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" @SSC_UserPrompt"C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" @NAV CfgWizC:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" /file not found/ = C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" /file not found/ HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@winupx Service = winupx.exe /file not found/ HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @CTFMON.EXEC:\WINDOWS\System32\ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe @BitComet"C:\Program Files\BitComet\BitComet.exe" = "C:\Program Files\BitComet\BitComet.exe" @updateMgr"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 @PeerGuardianC:\Program Files\PeerGuardian2\pg2.exe = C:\Program Files\PeerGuardian2\pg2.exe @Yahoo! Pager"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet @ksvhtclidsverksvhtclidsver.exe = ksvhtclidsver.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /Display Panning CPL Extension/deskpan.dll /file not found/ = deskpan.dll /file not found/ @{4EB37360-49E8-11D3-95B5-004033382980} /ALZip 4.0 Context Menu Shell Extension/(null) = @{2AA489CC-FEDC-4DD5-A693-0B8FED9D8B0D} /ALSee 1.0 Context Menu Shell Extension/C:\PROGRA~1\ESTsoft\ALSee\ASSHLE~1.DLL /file not found/ = C:\PROGRA~1\ESTsoft\ALSee\ASSHLE~1.DLL /file not found/ @{E976844F-E7A7-41E1-B7DF-6FDC48AE2C57} /MJ2Desc Shell Extension/(null) = @{170C6CC2-9FB2-42e1-9184-5336C51EBE6D} /ViRobot Expert Ver 4.0/C:\Program Files\ViRobotXP\VShExt.dll /file not found/ = C:\Program Files\ViRobotXP\VShExt.dll /file not found/ @{239E3514-6AE0-4482-895F-F2A61B49B655} /ViRobot Property scan Shell Extension/(null) = @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /Web Folders/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{42042206-2D85-11D3-8CFF-005004838597} /Microsoft Office HTML Icon Handler/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /WinRAR shell extension/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll @{A70C977A-BF00-412C-90B7-034C51DA2439} /NvCpl DesktopContext Class/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /Play on my TV helper/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll @{1CDB2949-8F65-4355-8456-263E7C208A5D} /Desktop Explorer/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /Desktop Explorer Menu/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /nView Desktop Context Menu/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll @{32020A01-506E-484D-A2A8-BE3CF17601C3} /AlcoholShellEx/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll @{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /iTunes/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll @{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /Shell Extensions for RealOne Player/(null) = @{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /PowerISO/C:\Program Files\PowerISO\PWRISOSH.DLL = C:\Program Files\PowerISO\PWRISOSH.DLL @{e82a2d71-5b2f-43a0-97b8-81be15854de8} /ShellLink for Application References/C:\WINDOWS\System32\dfshim.dll = C:\WINDOWS\System32\dfshim.dll @{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /Shell Icon Handler for Application References/C:\WINDOWS\System32\dfshim.dll = C:\WINDOWS\System32\dfshim.dll HKLM\Software\Classes\\shellex\ContextMenuHandlers\ >>> ALSee@{2AA489CC-FEDC-4DD5-A693-0B8FED9D8B0D} = C:\PROGRA~1\ESTsoft\ALSee\ASSHLE~1.DLL /file not found*/ ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll @{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll @{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll @{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}C:\Program Files\Norton AntiVirus\NavShExt.dll = C:\Program Files\Norton AntiVirus\NavShExt.dll @{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar2.dll = c:\program files\google\googletoolbar2.dll HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.hangame.com = http://www.hangame.com @Start Pagehttp://www.hangame.com = http://www.hangame.com HKCU\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch @Start Pagehttp://www.cnet.com/ = http://www.cnet.com/ HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll its@CLSID = C:\WINDOWS\System32\ITSS.DLL mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\System32\ITSS.DLL msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll" mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL tv@CLSID = C:\WINDOWS\System32\msvidctl.dll vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>> Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk ---- EOF - GMER 1.0.11 ----

Whisperer View Member Profile	Oct 2 2006, 03:30 AM Post #52
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, Hopefully before you disappear for a few (noted) days, can you do a re-run of the HJT Startup List:, the last one appears to be incomplete, please ensure that both boxes to the right of the button are checked... If you run out of space then split it like you did with the Gmer logs GT ;) This post has been edited by Whisperer: Oct 2 2006, 03:35 AM

pcdome View Member Profile	Oct 2 2006, 07:45 PM Post #53
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	I haven't left yet, so that's good. It's strange that the list was only partial, because I followed all your instructions before. I have attempted to make a full HJT startup list again. It is posted below. Have a good week. pcDome StartupList report, 10/3/2006, 9:37:40 AM StartupList version: 1.52.2 Started from : C:\Program Files\HijackThis\HJT.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\SnoopFreeUI.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\System32\svchost.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\HijackThis\HJT.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\System32\Userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName SoundMan = SOUNDMAN.EXE NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit SnoopFreeUI = SnoopFreeUI.exe BigDogPath = C:\WINDOWS\VM_STI.EXE lebeca web camera driver SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" SSC_UserPrompt = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" NAV CfgWiz = C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe BitComet = "C:\Program Files\BitComet\BitComet.exe" updateMgr = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 PeerGuardian = C:\Program Files\PeerGuardian2\pg2.exe Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet ksvktcgidscer = ksvktcgidscer.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=Registry value not found drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry value not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Run Full System Scan - Robb.job -------------------------------------------------- Enumerating Download Program Files: [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get/shock...director/sw.cab [cRsiteup.acRsiteup] InProcServer32 = C:\WINDOWS\Downloaded Program Files\cRsiteup.ocx CODEBASE = http://www.hebogo.com/ActiveX/cRsiteup.cab [AniCastH Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\axACastH.dll CODEBASE = http://gogo.jaeminara.co.kr/gogo/hansol/na...ol/axacastH.cab [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab [Malicious Software Removal Tool] InProcServer32 = C:\WebCleaner.dll CODEBASE = http://download.microsoft.com/download/b/d.../WebCleaner.cab [YahooCS Class] CODEBASE = http://kr.memo.yahoo.com/CAB/YahooWCS.cab [XML DOM Document 4.0] InProcServer32 = %SystemRoot%\System32\msxml4.dll CODEBASE = http://www.spatic.go.kr/www/msxml4.cab [{95FAA6CA-9CD5-40A5-B9EA-2ED419D4D9E7}] CODEBASE = http://www.spatic.go.kr/www/ZeusWEB.cab [{A4508A45-F1C4-40F3-99B4-0CA08AC77E3B}] CODEBASE = http://kings.nefficient.co.kr/kings/kdfx/k...29/kdfense8.cab [HanSetupCtrl1008 Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HanSetup1008.dll CODEBASE = http://id.hangame.com/common/HanSetup1008.cab [{D27CDB6E-AE6D-11CF-96B8-444553530000}] CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab [Kdfense5 Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\kdfense5.ocx CODEBASE = http://kings.cachenet.com/kdf5106/kdfense5.cab [CongnamulMap Control] InProcServer32 = C:\WINDOWS\System32\CONGNA~1.OCX CODEBASE = http://www.congnamul.com/ActiveX/Release/C...amulMap_V17.cab [GameDesire Pool 8] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Billard8.dll CODEBASE = http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run winupx Service = winupx.exe -------------------------------------------------- End of report, 9,509 bytes Report generated in 0.656 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

Whisperer View Member Profile	Oct 4 2006, 01:17 PM Post #54
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, The scans reveal a couple of items that need fixing in the registry so we will attend to that after using a program called Killbox to get rid of some files. In addition the scans throw up the possibility of a couple of infected files The first possible infection occurs within Ewido but this is a known false positive, it so happens that there is an update to Ewido available so please uninstall Ewido and remove your earlier download, if you still have it. Download an updated version of the program here the suite is fully functional on a 30 day trial basis The second file is an Office file so please download MSOXMLMF.DLL and save to your desktop. Now navigate to the C:\Program Files\Common Files\Microsoft Shared\OFFICE11 directory and delete the existing MSOXMLMF.DLL file and replace it with the file from your desktop Please download PocketKillbox by *Option^Explicit Software* from here Click the Killbox.zip file and choose Extract I suggest you extract it to its own folder on your desktop Please open a new notepad document and from the menu select Format ; ensure that there is no tick against Word Wrap Please do a search for winupx.exe and copy the full path when found to the new notepad document Please do another search using ?sv?tc?ids?er.exe and again copy all of the paths and files to the new notepad Select the files from within the quote box and place on the clipboard by selecting Ctrl+C and paste these into the same notepad document. Select all of the entries in the notepad document and select Copy or Ctrl+C QUOTE C:\WINDOWS\asvvtccidsger.exe C:\WINDOWS\csvatcgidsher.exe C:\WINDOWS\gsvctcaidsger.exe C:\WINDOWS\ksvhtclidsver.exe C:\WINDOWS\lsvktcvidsaer.exe C:\WINDOWS\ksvhtcgidsler.exe C:\WINDOWS\vsv\tchidsver.exe C:\WINDOWS\hsvgtccidsker.exe Open the Killbox folder and click to open killbox.exe Click on the File menu and then select the Paste from Clipboard item *If you select the down arrow to the right of the box you may find that some files are missing, this is because Killbox will check to see if the file still exists on your computer.* Click on Delete on Reboot. Place a tick in the box next to End Explorer Shell While Killing File Click All Files to the right of the flashing green "Single files" Click Yes at the confirmation message that files will be deleted on next reboot Click Yes to reboot. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). *If your computer does not restart automatically, please restart it manually.* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again. After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log Post this log in your next reply. *We will now remove a couple of entries from the registry* Please open a new notepad document and from the menu select Format ; ensure that there is no tick against Word Wrap QUOTE REGEDIT 4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] "ksvhtclidsver"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\] "winupx Service"=- Copy the contents of the quote box and paste into the Notepad document Save the file as Fix.reg Ensure that the Save as type is set to All Files Save the file to your desktop Make sure there are NO blank lines before REGEDIT4 Make sure there IS one blank line after each entry. Double-click on the fix.reg file, and when it *prompts to merge* say Yes , this will clear the bad registry entries. *One entry to go from HijackThis* Start your HijackThis and click on Scan Click in the check-box to the left of the following entry, if found O4 - HKCU\..\Run: [ksvhtclidsver] ksvhtclidsver.exe With all windows closed except HijackThis, select Fix Checked Start your Killbox and select File Click on Open !Killbox Backups Highlight the contents of the folder, right-click and zip the files Forward the compressed file to our analysis cell Please reboot the computer and then post the Actions History log and a new HijackThis log together with an update on the computers behaviour GT

Whisperer View Member Profile	Oct 13 2006, 03:18 AM Post #55
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, Any updates please? GT

pcdome View Member Profile	Oct 14 2006, 03:14 AM Post #56
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, I'm so sorry. I told you about the week long holiday, but I didn't tell you that after the holiday my family was coming for two weeks for my wedding. So right now, I'm extremely busy with work, family, and the wedding, so I won't be able to actually try to fix my pc again until after 10/22. I'm really sorry to keep you hanging and to continue doing this kinds of things to you. Thank you in advance for your patience and understanding. Sincerely, pcDome

Whisperer View Member Profile	Oct 14 2006, 06:03 AM Post #57
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	I shall start badgering you again on the 24th! (got to give you one day at least with your Wife) - in the meantime have a superbly special happy day for you and your bride. GT

pcdome View Member Profile	Oct 22 2006, 06:23 AM Post #58
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Alright Whisperer, Thanks for your blessing, and I even cancelled my honeymoon just for you. JK! I'm hoping I will be able to go away in January, but this month I've had way too much time off from work that I can't take more time off to go on a honeymoon. Booooo!!! Anyhow, I've got no idea what's going on here. I had success removing and adding ewido. However, when I tried to delete the old MSOXMLMF.DLL file I received a message telling me that the file couldn't be accessed due to it was in use or write-protected. I have downloaded the new .dll but I haven't replaced it yet. Second problem, I can't find the winupx.exe file anywhere, I searched back on these postings and noticed many notes next to it reading "file not found." So, do you have any idea where or how I might find it? The next one I searched for was the ?sv?tc?ids?er.exe file and the only file that came up there was csvatcgidsher.exe which was located at C:\Windows\csvatcgidsher.exe. No other similar files were found. I did as you instructed me and used Killbox and pasted the files from the clipboard and if Killbox was working correctly the only file it found on the computer from the pasting was csvatcgidsher.exe So, I tried to run Killbox but I never received the "Click Yes at the confirmation message that files will be deleted on next reboot" or the "Click Yes to reboot." prompts. So, I clicked exit thinking that might launch the prompts but it didn't so I tried again, and still the same thing. This time when I exited though I decided to restart the computer to see if that would get Killbox to work. However, judging by the Killbox log, and that the csvatcgidsher.exe file is still on my computer it didn't work. Here is the log just in case I'm wrong: Pocket Killbox version 2.0.0.648 Running on Windows XP as Robb(Administrator) was started @ Sunday, October 22, 2006, 7:55 PM Killbox Closed(Exit) @ 8:01:05 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Robb(Administrator) was started @ Sunday, October 22, 2006, 8:01 PM Killbox Closed(Exit) @ 8:01:57 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Robb(Administrator) was started @ Sunday, October 22, 2006, 8:05 PM Just a note about the messages from Killbox you said I may get, I never got any of those. So, since I seem to be doing everything wrong, I've stopped at this point to tell you what's happening to see if it's really something I'm doing or something with the software, etc. Thanks for your help and your congratulations again. I should be in contact more frequently again. pcDome

Whisperer View Member Profile	Oct 25 2006, 01:13 PM Post #59
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Can I have an updated HijackThis log please. GT

pcdome View Member Profile	Oct 27 2006, 03:23 AM Post #60
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Here's my latest HJT Whisperer: Logfile of HijackThis v1.99.1 Scan saved at 3:38:43 PM, on 10/27/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\SnoopFreeUI.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\conime.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\HijackThis\HJT.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE lebeca web camera driver O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {3D51DCE5-683F-422E-AB48-9D21E6DD5808} (cRsiteup.acRsiteup) - http://www.hebogo.com/ActiveX/cRsiteup.cab O16 - DPF: {3E5BBDC8-18F9-4A70-94B5-DD64929C0AF4} (AniCastH Class) - http://gogo.jaeminara.co.kr/gogo/hansol/na...ol/axacastH.cab O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spatic.go.kr/www/msxml4.cab O16 - DPF: {95FAA6CA-9CD5-40A5-B9EA-2ED419D4D9E7} - http://www.spatic.go.kr/www/ZeusWEB.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://kings.nefficient.co.kr/kings/kdfx/k...29/kdfense8.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://id.hangame.com/common/HanSetup1008.cab O16 - DPF: {D2A4C311-F608-4E0E-BBFE-6B25E31AC15B} (Kdfense5 Control) - http://kings.cachenet.com/kdf5106/kdfense5.cab O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul.com/ActiveX/Release/C...amulMap_V17.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe pcDome

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides