Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Authentium Antivirus, Raxco, And Uipopuphidden.exe


  • This topic is locked This topic is locked
17 replies to this topic

#1 snjnky

snjnky

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 14 July 2008 - 01:45 PM

TOSHIBA Satelite P100 -- 100GB -- Sympatico Antivirus (NO LONGER RUNNING PROPERLY) Even with RE-INSTALL

Hello,

I just realized after two months that DVPAPI.EXE has been running on my computer in the background. It does not show up in my ADD/REMOVE, but did find it in my C:/Program Files/Common Files Folder... However, it refused to let me delete it.

So.. I went into SAFE MODE, and proceeded into REGEDIT, CTRL-F for all files within C:/Program Files/Common Files/Authentium ...

This included specifically DVPAPI.exe, ODAPI.DLL, and AUTHENTIUM.

I was able to remove all but two ... LEGACY_DVPAPI and another key dvpapi.exe.

Since I restarted my computer, and thought maybe it was gone, it loaded again.. a POPUP immediatley opened stating "CONFIGURING AUTHENTIUM ANTIVIRUS" Installing now. SO, Ive lost my cool. Sympatico is also now not running properly, FIREWALL services shut down, and ANTIVIRUS too.

ALSO, I do not know what RAXCO PDAgent.exe is, but it too is running on my computer and will not let me remove.

When restarting my computer, I also get a popup right before shutdown that says it cannot end UIPOPUPHIDDEN.EXE... Oh, and I have also turned off system restore, and turned it back on!

Please Help, Here is my HIJACK THIS log,

If there is anything else you need, please let me know.
THANKS! Aaron

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:29 PM, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 7842 bytes

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 20 July 2008 - 03:24 PM

TOSHIBA Satelite P100 -- 100GB -- Sympatico Antivirus (NO LONGER RUNNING PROPERLY) Even with RE-INSTALL


The reason why you antivirus won't run correctly is that you deleted files related to authentium antivirus, which is the antivirus engine that that sympatico antivirus uses.

ALSO, I do not know what RAXCO PDAgent.exe is, but it too is running on my computer and will not let me remove.


It is part of PerfectDisk

When restarting my computer, I also get a popup right before shutdown that says it cannot end UIPOPUPHIDDEN.EXE


This appears to be related to the Sympatico Security Manager

I suggest that you uninstall Sympatico Security Manager, then reinstall it.

If this fails, then please uninstall it again, and then do this, and we will rip out any leftovers manually:
  • Download Autoruns from here
  • Unzip/extract it to a folder on your desktop
  • Double click on autoruns.exe to start Autoruns
  • Wait for it to finish scanning
  • Under Options make sure the following options are slected
    • Verify Code Signatures
    • Hide Signed Microsoft Entries
  • Click File > Refresh
  • Click File > Save As
  • Save it to the desktop as autoruns.txt
  • Post the contents of autoruns.txt as a reply to this topic

Edited by random/random, 20 July 2008 - 03:28 PM.


#3 snjnky

snjnky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 23 July 2008 - 06:11 PM

Hi, I am having a problem with BELL, and trying to get the software again to reinstall..

I have uninstalled it, but cannot reinstall it without the cd?

I am in contact with them right now.

I also am now getting a lot of MEM is Insufficient, and my computer will automatically shut down.. >>>> HOWEVER, the blue screen does not come up dumpin memory, and when i go to turn it back on, it refuses to start until the 6th time i hold it down.. and the numlock/caps/scroll just flash three times

on top of that, when windows logs back up.. there is nothing that says windows was shut down improperly

I found that very weird..

#4 snjnky

snjnky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 23 July 2008 - 06:17 PM

Here is the AUTORUN file you asked for

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ -FreedomNeedsReboot Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\zkrunoncer.exe
+ DLA Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlactrlw.exe
+ LVCOMSX LVCom Server (Not verified) Logitech Inc. c:\windows\system32\lvcomsx.exe
+ NDSTray.exe ConfigFree™ Tray (Not verified) TOSHIBA CORPORATION C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
+ nwiz NVIDIA nView Wizard, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe
+ SmoothView SmoothView (Not verified) TOSHIBA Corporation c:\program files\toshiba\toshiba zooming utility\smoothview.exe
+ SSA.exe Sympatico Security Advisor (Verified) Radialpoint c:\program files\bell\sympatico security advisor\ssa.exe
+ SunJavaUpdateSched Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_05\bin\jusched.exe
+ Sympatico Security Manager Sympatico Security Manager Main Application (Verified) Radialpoint c:\program files\bell\security manager\rps.exe
+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ Toshiba Hotkey Utility TOSHIBA Hotkey Filter Application (Not verified) TOSHIBA Inc. c:\program files\toshiba\windows utilities\hotkey.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ IndexCleaner Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\idxclnr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ RAMASST.lnk CD Burning of Windows XP disabling tool for DVD MULTI Drive (Not verified) Matsubleepa Electric Industrial Co., Ltd. c:\windows\system32\ramasst.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ TOSCDSPD CD/DVD Drive Acoustic Silencer (Not verified) TOSHIBA c:\program files\toshiba\toscdspd\toscdspd.exe
+ updateMgr Adobe Update Manager (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
+ IndexCleaner Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\idxclnr.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Address Book 6 File not found: %ProgramW6432%\Outlook Express\setup50.exe
+ Microsoft Outlook Express 6 File not found: %ProgramW6432%\Outlook Express\setup50.exe
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ AVG7 Shell Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ AVMenu Class Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\avcntxtr.dll
+ MediaFaceShellExtension Shell Extensions (Not verified) Fellowes, Inc. c:\program files\fellowes\mediaface 5.0\mfshlext.dll
+ WinRAR c:\program files\winrar\rarext.dll
+ Yahoo! Mail Yahoo! Mail (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ AVMenu Class Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\avcntxtr.dll
+ MediaFaceShellExtension Shell Extensions (Not verified) Fellowes, Inc. c:\program files\fellowes\mediaface 5.0\mfshlext.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ NeroDigitalColumnHandler Class File not found: C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
+ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ AVG7 Shell Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ AVMenu Class Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\avcntxtr.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ 00nView NVIDIA Desktop Explorer, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ AVG7 Find Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ AVG7 Shell Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Display CPL Extension TouchED CPL Property Page (Not verified) TOSHIBA Inc. c:\program files\toshiba\touched\touched.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ DriveLetterAccess Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlashx_w.dll
+ iTunes iTunes Mini Player DLL (Verified) Apple Inc. c:\program files\itunes\itunesminiplayer.dll
+ KodakShellExtension Shell Extension Resource DLL (Not verified) Eastman Kodak Company c:\program files\common files\kodak\ifscore\kodakshx.dll
+ MediaFace Shell Extension Shell Extensions (Not verified) Fellowes, Inc. c:\program files\fellowes\mediaface 5.0\mfshlext.dll
+ My Logitech Pictures Logitech Namespace2 (Not verified) Logitech Inc. c:\program files\logitech\video\namespc2.dll
+ NeroDigitalIconHandler File not found: C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
+ NeroDigitalPropSheetHandler File not found: C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ OpenOffice.org Column Handler (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ OpenOffice.org Infotip Handler (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ OpenOffice.org Property Sheet Handler (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ OpenOffice.org Thumbnail Viewer (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ RecordNow! ContextMenuExt Shell Extensions c:\program files\sonic\recordnow!\shlext.dll
+ RecordNow! SendToExt Shell Extensions c:\program files\sonic\recordnow!\shlext.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ Yahoo! Mail Yahoo! Mail (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
+ DriveLetterAccess Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlashx_w.dll
+ PopKill Class Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\pkr.dll
+ SSVHelper Class Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_05\bin\ssv.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ Veoh Video Finder Veoh Browser Plug-in (Not verified) Veoh Networks Inc c:\program files\veoh networks\veoh\plugins\reg\veohtoolbar.dll
Task Scheduler
+ AppleSoftwareUpdate.job Apple Software Update (Verified) Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe
+ Norton Security Online - Run Full System Scan - Sun Junky.job File not found: C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
+ Uniblue SpeedUpMyPC Nag.job File not found: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
HKLM\System\CurrentControlSet\Services
+ CFSvcs Service of ConfigFree. (Not verified) TOSHIBA CORPORATION c:\program files\toshiba\configfree\cfsvcs.exe
+ DVD-RAM_Service DVD-RAM Utility Helper Service (Not verified) Matsubleepa Electric Industrial Co., Ltd. c:\windows\system32\dvdramsv.exe
+ dvpapi Dynamic Virus Protection (Verified) Authentium inc c:\program files\common files\authentium\antivirus\dvpapi.exe
+ ITMRTSVC Service component for CA Pest Patrol Realtime Protection (Verified) CA c:\program files\ca\pprt\bin\itmrtsvc.exe
+ PDAgent This service controls PerfectDisk's scheduling and remote communication. (Verified) Raxco Software, Inc. c:\program files\raxco\perfectdisk\pdagent.exe
+ RP_FWS Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\fws.exe
+ VaultClientUpgrade Backup Manager Module (Not verified) BELL c:\program files\personal vault\vaultclientupgrade.exe
HKLM\System\CurrentControlSet\Services
+ Aspi32 ASPI for WIN32 Kernel Driver (Not verified) Adaptec c:\windows\system32\drivers\aspi32.sys
+ Avg7Core AVG Scanning Engine (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7core.sys
+ Avg7RsW AVG Resident Shield Unload Helper (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsw.sys
+ Avg7RsXP AVG Resident Anti-Virus Shield (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsxp.sys
+ AvgTdi AVG Network connection watcher (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgtdi.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ CSS DVP CSS-DVP (Verified) Authentium inc c:\windows\system32\drivers\css-dvp.sys
+ DefragFS Defragmentation Support Driver (Verified) Raxco Software, Inc. c:\windows\system32\drivers\defragfs.sys
+ DLABOIOM Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaboiom.sys
+ DLACDBHM Shared Driver Component (Not verified) Sonic Solutions c:\windows\system32\drivers\dlacdbhm.sys
+ DLADResN Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dladresn.sys
+ DLAIFS_M Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaifs_m.sys
+ DLAOPIOM Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaopiom.sys
+ DLAPoolM Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlapoolm.sys
+ DLARTL_N Shared Driver Component (Not verified) Sonic Solutions c:\windows\system32\drivers\dlartl_n.sys
+ DLAUDF_M Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaudf_m.sys
+ DLAUDFAM Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaudfam.sys
+ DRVMCDB Device Driver (Not verified) Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys
+ DRVNDDM Device Driver Manager (Not verified) Sonic Solutions c:\windows\system32\drivers\drvnddm.sys
+ GEARAspiWDM CD/DVD Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ Iviaspi InterVideo ASPI Shell (Not verified) InterVideo, Inc. c:\windows\system32\drivers\iviaspi.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ meiudf DVD-RAM UDF File System Driver (Not verified) Matsubleepa Electric Industrial Co.,Ltd. c:\windows\system32\drivers\meiudf.sys
+ Netdevio TOSHIBA Network Device Usermode I/O Protocol (Not verified) TOSHIBA Corporation. c:\windows\system32\drivers\netdevio.sys
+ obbn13rt File not found: C:\WINDOWS\system32\obbn13rt.sys
+ p76xxsks File not found: C:\WINDOWS\system32\p76xxsks.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ Pfc Padus® ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ qkbfiltr qkbfiltr.sys (Not verified) Quanta Computer, Inc. c:\windows\system32\drivers\qkbfiltr.sys
+ qmofiltr qmofiltr.sys (Not verified) Quanta Computer, Inc. c:\windows\system32\drivers\qmofiltr.sys
+ RPSKT Radialpoint Filter (Verified) Radialpoint c:\windows\system32\drivers\rp_skt32.sys
+ StarOpen c:\windows\system32\drivers\staropen.sys
+ symlcbrd Symantec Core Component (Verified) Symantec Corporation c:\windows\system32\drivers\symlcbrd.sys
+ TBiosDrv c:\windows\system32\drivers\tbiosdrv.sys
+ tmcomm TrendMicro Common Module (Verified) Trend Micro, Inc. c:\windows\system32\drivers\tmcomm.sys
+ UIUSys File not found: system32\DRIVERS\UIUSYS.SYS
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ WinDriver6 WinDriver Device Driver 6.03 (Not verified) Jungo c:\windows\system32\drivers\windrvr6.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ PDBoot.exe PerfectDisk Boot Time Defragmentation (Verified) Raxco Software, Inc. c:\windows\system32\pdboot.exe

#5 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 24 July 2008 - 05:56 AM

I have uninstalled it, but cannot reinstall it without the cd?


You should be able to download the installer from here:

https://securityservices.sympatico.ca/gs/ho...load.do?lang=en

#6 snjnky

snjnky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 25 July 2008 - 01:48 PM

Sympatico Security has been re-installed


ERROR MESSAGE:

The Firewall service cannot start because i was unable to load a required security component [PKT]. The rest of your services are not affected.

Note: The Diagnositc Utility may help this problem

Run all Tests, then use the repair option "Reinstall drivers." Done Twice, NO CHANGE...

Edited by snjnky, 25 July 2008 - 01:58 PM.


#7 snjnky

snjnky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 25 July 2008 - 11:52 PM

Also, I just installed 2GB of memory into my laptop today..
It shows in BIOS, but is it normal for the system to still lag the way it does while justrunning an anti-virus.
TOtalMem 512 + 2048MB ... Task manager says my CPU usage is at 70-80% when running SSA.AntiVirus.

my laptop is only 2 years old. :thumbsup:

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 26 July 2008 - 06:32 AM

It shows in BIOS, but is it normal for the system to still lag the way it does while justrunning an anti-virus.
TOtalMem 512 + 2048MB ... Task manager says my CPU usage is at 70-80% when running SSA.AntiVirus.


It doesn't seem normal.

From the autoruns log you posted, you seem to have installed AVG. You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC. This may be responsible for some of the problems you are experiencing. Please uninstall AVG and see if the problems persist.

#9 snjnky

snjnky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 26 July 2008 - 10:00 AM

Thats another problem, I have no idea how to uninstall AVG.. It was installed when I first rec'd my computer, and then when I used SSA, i uninstalled it but for some reason it wouldnt go away. It was never running, but it was still found in my progrm files under GRISOFT...

avgse.dll was finally deleted with HiJack this, and nothing is found in my Add or Remove Programs.. but as you can see... the files still remain.

How do I uninstall it>>

Thanks.

Aaron.

p.s.


+ Norton Security Online - Run Full System Scan - Sun Junky.job File not found: C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
+ Uniblue SpeedUpMyPC Nag.job File not found: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
HKLM\System\CurrentControlSet\Services

THese are two others I do not want on my computer as well... But I thought that I deleted them/uninstalled them.

Why does it say "File not found:?"

Edited by snjnky, 26 July 2008 - 10:03 AM.


#10 snjnky

snjnky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 26 July 2008 - 10:07 AM

Here is an updated AUTORUNS now that my anti-virus is installed.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ -FreedomNeedsReboot Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\zkrunoncer.exe
+ DLA Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlactrlw.exe
+ LVCOMSX LVCom Server (Not verified) Logitech Inc. c:\windows\system32\lvcomsx.exe
+ NDSTray.exe ConfigFree™ Tray (Not verified) TOSHIBA CORPORATION C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
+ nwiz NVIDIA nView Wizard, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe
+ SmoothView SmoothView (Not verified) TOSHIBA Corporation c:\program files\toshiba\toshiba zooming utility\smoothview.exe
+ SSA.exe Sympatico Security Advisor (Verified) Radialpoint c:\program files\bell\sympatico security advisor\ssa.exe
+ SunJavaUpdateSched Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_05\bin\jusched.exe
+ Sympatico Security Manager Sympatico Security Manager Main Application (Verified) Radialpoint c:\program files\bell\security manager\rps.exe
+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ Toshiba Hotkey Utility TOSHIBA Hotkey Filter Application (Not verified) TOSHIBA Inc. c:\program files\toshiba\windows utilities\hotkey.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ IndexCleaner Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\idxclnr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ RAMASST.lnk CD Burning of Windows XP disabling tool for DVD MULTI Drive (Not verified) Matsubleepa Electric Industrial Co., Ltd. c:\windows\system32\ramasst.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ TOSCDSPD CD/DVD Drive Acoustic Silencer (Not verified) TOSHIBA c:\program files\toshiba\toscdspd\toscdspd.exe
+ updateMgr Adobe Update Manager (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe
+ Yahoo! Pager Yahoo! Messenger (Verified) Yahoo! Inc. c:\program files\yahoo!\messenger\yahoomessenger.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
+ IndexCleaner Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\idxclnr.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Address Book 6 File not found: %ProgramW6432%\Outlook Express\setup50.exe
+ Microsoft Outlook Express 6 File not found: %ProgramW6432%\Outlook Express\setup50.exe
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ AVG7 Shell Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ AVMenu Class Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\avcntxtr.dll
+ MediaFaceShellExtension Shell Extensions (Not verified) Fellowes, Inc. c:\program files\fellowes\mediaface 5.0\mfshlext.dll
+ WinRAR c:\program files\winrar\rarext.dll
+ Yahoo! Mail Yahoo! Mail (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ AVMenu Class Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\avcntxtr.dll
+ MediaFaceShellExtension Shell Extensions (Not verified) Fellowes, Inc. c:\program files\fellowes\mediaface 5.0\mfshlext.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ NeroDigitalColumnHandler Class File not found: C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
+ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ AVG7 Shell Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ AVMenu Class Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\avcntxtr.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ 00nView NVIDIA Desktop Explorer, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ AVG7 Find Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ AVG7 Shell Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Display CPL Extension TouchED CPL Property Page (Not verified) TOSHIBA Inc. c:\program files\toshiba\touched\touched.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ DriveLetterAccess Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlashx_w.dll
+ iTunes iTunes Mini Player DLL (Verified) Apple Inc. c:\program files\itunes\itunesminiplayer.dll
+ KodakShellExtension Shell Extension Resource DLL (Not verified) Eastman Kodak Company c:\program files\common files\kodak\ifscore\kodakshx.dll
+ MediaFace Shell Extension Shell Extensions (Not verified) Fellowes, Inc. c:\program files\fellowes\mediaface 5.0\mfshlext.dll
+ My Logitech Pictures Logitech Namespace2 (Not verified) Logitech Inc. c:\program files\logitech\video\namespc2.dll
+ NeroDigitalIconHandler File not found: C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
+ NeroDigitalPropSheetHandler File not found: C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.15 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ OpenOffice.org Column Handler (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ OpenOffice.org Infotip Handler (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ OpenOffice.org Property Sheet Handler (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ OpenOffice.org Thumbnail Viewer (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ RecordNow! ContextMenuExt Shell Extensions c:\program files\sonic\recordnow!\shlext.dll
+ RecordNow! SendToExt Shell Extensions c:\program files\sonic\recordnow!\shlext.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ Yahoo! Mail Yahoo! Mail (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
+ DriveLetterAccess Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlashx_w.dll
+ PopKill Class Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\pkr.dll
+ SSVHelper Class Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_05\bin\ssv.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ Veoh Video Finder Veoh Browser Plug-in (Not verified) Veoh Networks Inc c:\program files\veoh networks\veoh\plugins\reg\veohtoolbar.dll
Task Scheduler
+ AppleSoftwareUpdate.job Apple Software Update (Verified) Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe
+ Norton Security Online - Run Full System Scan - Sun Junky.job File not found: C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
+ Uniblue SpeedUpMyPC Nag.job File not found: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
HKLM\System\CurrentControlSet\Services
+ CFSvcs Service of ConfigFree. (Not verified) TOSHIBA CORPORATION c:\program files\toshiba\configfree\cfsvcs.exe
+ DVD-RAM_Service DVD-RAM Utility Helper Service (Not verified) Matsubleepa Electric Industrial Co., Ltd. c:\windows\system32\dvdramsv.exe
+ dvpapi Dynamic Virus Protection (Verified) Authentium inc c:\program files\common files\authentium\antivirus\dvpapi.exe
+ ITMRTSVC Service component for CA Pest Patrol Realtime Protection (Verified) CA c:\program files\ca\pprt\bin\itmrtsvc.exe
+ PDAgent This service controls PerfectDisk's scheduling and remote communication. (Verified) Raxco Software, Inc. c:\program files\raxco\perfectdisk\pdagent.exe
+ RP_FWS Radialpoint 6.0.2 (Verified) Radialpoint c:\program files\bell\security manager\fws.exe
+ VaultClientUpgrade Backup Manager Module (Not verified) BELL c:\program files\personal vault\vaultclientupgrade.exe
HKLM\System\CurrentControlSet\Services
+ Aspi32 ASPI for WIN32 Kernel Driver (Not verified) Adaptec c:\windows\system32\drivers\aspi32.sys
+ Avg7Core AVG Scanning Engine (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7core.sys
+ Avg7RsW AVG Resident Shield Unload Helper (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsw.sys
+ Avg7RsXP AVG Resident Anti-Virus Shield (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsxp.sys
+ AvgTdi AVG Network connection watcher (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgtdi.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ CSS DVP CSS-DVP (Verified) Authentium inc c:\windows\system32\drivers\css-dvp.sys
+ DefragFS Defragmentation Support Driver (Verified) Raxco Software, Inc. c:\windows\system32\drivers\defragfs.sys
+ DLABOIOM Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaboiom.sys
+ DLACDBHM Shared Driver Component (Not verified) Sonic Solutions c:\windows\system32\drivers\dlacdbhm.sys
+ DLADResN Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dladresn.sys
+ DLAIFS_M Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaifs_m.sys
+ DLAOPIOM Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaopiom.sys
+ DLAPoolM Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlapoolm.sys
+ DLARTL_N Shared Driver Component (Not verified) Sonic Solutions c:\windows\system32\drivers\dlartl_n.sys
+ DLAUDF_M Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaudf_m.sys
+ DLAUDFAM Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\dlaudfam.sys
+ DRVMCDB Device Driver (Not verified) Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys
+ DRVNDDM Device Driver Manager (Not verified) Sonic Solutions c:\windows\system32\drivers\drvnddm.sys
+ GEARAspiWDM CD/DVD Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ Iviaspi InterVideo ASPI Shell (Not verified) InterVideo, Inc. c:\windows\system32\drivers\iviaspi.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ meiudf DVD-RAM UDF File System Driver (Not verified) Matsubleepa Electric Industrial Co.,Ltd. c:\windows\system32\drivers\meiudf.sys
+ Netdevio TOSHIBA Network Device Usermode I/O Protocol (Not verified) TOSHIBA Corporation. c:\windows\system32\drivers\netdevio.sys
+ obbn13rt File not found: C:\WINDOWS\system32\obbn13rt.sys
+ p76xxsks File not found: C:\WINDOWS\system32\p76xxsks.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ Pfc Padus® ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ qkbfiltr qkbfiltr.sys (Not verified) Quanta Computer, Inc. c:\windows\system32\drivers\qkbfiltr.sys
+ qmofiltr qmofiltr.sys (Not verified) Quanta Computer, Inc. c:\windows\system32\drivers\qmofiltr.sys
+ RPSKT Radialpoint Filter (Verified) Radialpoint c:\windows\system32\drivers\rp_skt32.sys
+ StarOpen c:\windows\system32\drivers\staropen.sys
+ symlcbrd Symantec Core Component (Verified) Symantec Corporation c:\windows\system32\drivers\symlcbrd.sys
+ TBiosDrv c:\windows\system32\drivers\tbiosdrv.sys
+ tmcomm TrendMicro Common Module (Verified) Trend Micro, Inc. c:\windows\system32\drivers\tmcomm.sys
+ UIUSys File not found: system32\DRIVERS\UIUSYS.SYS
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ WinDriver6 WinDriver Device Driver 6.03 (Not verified) Jungo c:\windows\system32\drivers\windrvr6.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ PDBoot.exe PerfectDisk Boot Time Defragmentation (Verified) Raxco Software, Inc. c:\windows\system32\pdboot.exe

Can I delete programs with AUTORUN like i can with HIJACK THIS??



ALSO, look at the picture I uploaded.. Why does that happen??

Attached Files


Edited by snjnky, 26 July 2008 - 10:11 AM.


#11 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 27 July 2008 - 01:56 PM

I've been taking another look through this topis, and I've noticed that you said

I have gone through regedit & HJT


This may well be responsible for some of your problems. I need to know exactly what you fixed, deleted or modified.

#12 snjnky

snjnky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 27 July 2008 - 05:19 PM

The problems were at thier worst prior to me going into REGEDIT and HJT delete.

When I figured that AUTHENTIUM was a secondary antivirus i went into regedt, and did CTRL+F on deleted all dvpapi.exe, authentium relate files

I also tried to do the same to all AVG related files.

I tried deleting it as well with HJT, but it would allow me, after restart they would just pop back up.

avgse.dll was the file that refused to delete, but couldnt find it runnin any where.

Other then that, I have not removed any other sort of files.

My computer has gotten somewhat better since yesterday, but I am still concerned with the lagging.
hope this helps/

Attached Files


Edited by snjnky, 27 July 2008 - 06:27 PM.


#13 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 28 July 2008 - 08:29 AM

Run autoruns again and delete these entries with it:


+ AVG7 Shell Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ AVG7 Shell Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ AVG7 Find Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ AVG7 Shell Extension File not found: C:\Program Files\Grisoft\AVG Free\avgse.dll
+ Avg7Core AVG Scanning Engine (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7core.sys
+ Avg7RsW AVG Resident Shield Unload Helper (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsw.sys
+ Avg7RsXP AVG Resident Anti-Virus Shield (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsxp.sys
+ AvgTdi AVG Network connection watcher (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgtdi.sys
+ Norton Security Online - Run Full System Scan - Sun Junky.job File not found: C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
+ Uniblue SpeedUpMyPC Nag.job File not found: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
+ symlcbrd Symantec Core Component (Verified) Symantec Corporation c:\windows\system32\drivers\symlcbrd.sys

Use Windows Explorer to find and delete these files:

c:\windows\system32\drivers\avg7core.sys
c:\windows\system32\drivers\avg7rsw.sys
c:\windows\system32\drivers\avg7rsxp.sys
c:\windows\system32\drivers\avgtdi.sys
c:\windows\system32\drivers\symlcbrd.sys

And this folder:

C:\Program Files\Uniblue\SpeedUpMyPC 3

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply


#14 snjnky

snjnky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 29 July 2008 - 09:52 PM

Found this: c:\windows\system32\drivers\avgmfrs.sys (should I delete)

Looked, was not found in C:\Program Files\Uniblue\SpeedUpMyPC 3 (Not found)

MAIN

Deckard's System Scanner v20071014.68
Run by Sun Junky on 2008-07-29 22:35:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-07-30 02:35:33 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2008-07-29 02:13:40 UTC - RP8 - System Checkpoint
7: 2008-07-28 02:00:36 UTC - RP7 - System Checkpoint
6: 2008-07-27 01:30:56 UTC - RP6 - System Checkpoint
5: 2008-07-25 21:16:18 UTC - RP5 - System Checkpoint


-- First Restore Point --
1: 2008-07-21 04:27:44 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sun Junky.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:54 PM, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Documents and Settings\Sun Junky\My Documents\06. Downloaded Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sun Junky.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 7234 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080704-003235-461 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20080704-003235-635 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20080704-003235-681 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080704-003235-909 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
backup-20080704-003236-174 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
backup-20080704-003236-352 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20080704-003236-441 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
backup-20080704-003236-478 O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
backup-20080704-003236-633 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sunjunky.spaces.live.com//PhotoUpload/MsnPUpld.cab
backup-20080704-003236-728 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sun Junky\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
backup-20080704-003237-398 O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?
backup-20080707-141926-163 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080707-141926-259 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080707-141926-361 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
backup-20080707-141926-863 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080707-141926-895 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080707-141926-917 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080707-141927-789 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080707-141927-796 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080708-031256-617 O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
backup-20080711-134624-444 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
backup-20080711-134624-548 O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
backup-20080711-134624-577 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
backup-20080711-134624-972 O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
backup-20080711-134625-926 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
backup-20080711-134626-261 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
backup-20080711-134626-764 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080711-134626-897 O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
backup-20080711-135619-588 O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver>
R3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c:\windows\system32\drivers\qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>
R4 Avg7RsW (AVG7 Wrap Driver) - c:\windows\system32\drivers\avg7rsw.sys (file missing)
R4 AvgTdi (AVG Network Redirector) - c:\windows\system32\drivers\avgtdi.sys (file missing)
R4 symlcbrd - c:\windows\system32\drivers\symlcbrd.sys (file missing)

S1 obbn13rt (Windows Objects manager) - c:\windows\system32\obbn13rt.sys (file missing)
S1 p76xxsks (USB p76xxsks) - c:\windows\system32\p76xxsks.sys (file missing)
S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S4 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 VaultClientUpgrade (Personal Vault Upgrade Service) - c:\program files\personal vault\vaultclientupgrade.exe <Not Verified; BELL; Backup Manager>

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Avg7Alrt (AVG7 Alert Manager Server) - c:\progra~1\grisoft\avgfre~1\avgamsvr.exe (file missing)
S4 Avg7UpdSvc (AVG7 Update Service) - c:\progra~1\grisoft\avgfre~1\avgupsvc.exe (file missing)
S4 AVGEMS (AVG E-mail Scanner) - c:\progra~1\grisoft\avgfre~1\avgemc.exe (file missing)
S4 KodakCCS (Kodak Camera Connection Software) - c:\windows\system32\drivers\kodakccs.exe (file missing)
S4 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-29 14:51:03 262 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-22 10:25:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-07 14:23:51 400 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2008-07-07 12:33:08 268 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-26 17:45:15 0 d-------- C:\Program Files\Crossword Weaver
2008-07-25 14:39:37 0 d-------- C:\Program Files\Personal Vault
2008-07-25 14:38:46 0 d-------- C:\Program Files\Common Files\Authentium
2008-07-25 14:38:33 0 d-------- C:\Program Files\Raxco
2008-07-25 14:38:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-25 14:38:25 0 d-------- C:\Program Files\CA
2008-07-25 14:38:20 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-25 14:34:09 0 d-------- C:\Program Files\Bell
2008-07-08 00:48:07 0 d-------- C:\Documents and Settings\Sun Junky\Application Data\Sony Corporation
2008-07-06 23:30:38 0 d-------- C:\Program Files\Windows Live Toolbar
2008-07-06 23:30:31 0 d-------- C:\Program Files\Windows Live Favorites
2008-07-05 03:02:37 0 d-------- C:\WINDOWS\ie8updates
2008-07-04 16:08:30 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-04 16:00:48 0 d--h---c- C:\WINDOWS\ie8
2008-07-04 15:47:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Bell
2008-07-04 15:41:10 0 d-------- C:\Program Files\Windows Live
2008-07-04 00:38:33 335 --a------ C:\WINDOWS\mozregistry.dat


-- Find3M Report ---------------------------------------------------------------

2008-07-29 12:18:39 0 d-------- C:\Program Files\LimeWirePro
2008-07-26 17:21:03 0 d-------- C:\Documents and Settings\Sun Junky\Application Data\OpenOffice.org2
2008-07-26 11:52:09 0 d-------- C:\Documents and Settings\Sun Junky\Application Data\Mozilla
2008-07-25 14:38:46 0 d-------- C:\Program Files\Common Files
2008-07-25 14:36:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-25 14:27:47 0 d-------- C:\Documents and Settings\Sun Junky\Application Data\Bell
2008-07-18 16:52:55 0 d-------- C:\Documents and Settings\Sun Junky\Application Data\Canon
2008-07-11 13:52:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-08 03:04:16 0 d-------- C:\Documents and Settings\Sun Junky\Application Data\AdobeUM
2008-07-07 14:32:44 0 d-------- C:\Documents and Settings\Sun Junky\Application Data\Uniblue
2008-07-06 23:27:36 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-04 16:03:49 0 d-------- C:\Program Files\DivX
2008-07-04 15:29:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-26 20:21:16 0 d-------- C:\Program Files\Common Files\PDFView
2008-06-24 13:35:22 0 d-------- C:\Documents and Settings\Sun Junky\Application Data\InstallShield
2008-06-17 23:18:40 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-30 13:22:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-30 13:18:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-30 13:18:56 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-30 13:18:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 13:18:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 13:18:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 13:18:48 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 13:18:48 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 13:18:00 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-04 18:29:09 1421 --a----c- C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [04/01/2006 07:00 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/12/2005 09:32 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/07/2006 06:35 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/01/2007 08:41 PM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [28/12/2005 07:21 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [30/12/2004 04:32 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 05:45 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/09/2007 03:04 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [06/01/2006 6:51:57 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sun Junky^Start Menu^Programs^Startup^Microgarden Themebar.lnk]
path=C:\Documents and Settings\Sun Junky\Start Menu\Programs\Startup\Microgarden Themebar.lnk
backup=C:\WINDOWS\pss\Microgarden Themebar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sun Junky^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\Sun Junky\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sun Junky^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Sun Junky\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sun Junky^Start Menu^Programs^Startup^VirtuaGuy2.lnk]
path=C:\Documents and Settings\Sun Junky\Start Menu\Programs\Startup\VirtuaGuy2.lnk
backup=C:\WINDOWS\pss\VirtuaGuy2.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
"C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KillAndClean]
"C:\Program Files\KillAndClean\KillAndClean.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
launchapp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp]
"C:\Program Files\Thomson\Lyra Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmssyaeged]
c:\windows\system32\mmssyaeged.exe mmssyaeged

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rogers SHS]
C:\Program Files\Rogers\SelfHealing\shs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]
"C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
C:\Program Files\Weather Watcher\ww.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"RogersUpdateManager"=2 (0x2)
"RogersSelfHelpService"=2 (0x2)
"KodakCCS"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-07-29 22:37:28 ------------



EXTRA

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2558.11 MiB / 2064.16 MiB
Pagefile Memory (total/avail): 3173.39 MiB / 2854.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.45 MiB

C: is Fixed (NTFS) - 92.91 GiB total, 48.98 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2100BH PL - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 92.91 GiB - C:
\PARTITION1 - Unknown - 251.02 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus 7.1.405 v7.1.405 (GRISOFT)
AV: Sympatico Security Manager Anti-Virus v6.0.2 (Bell Sympatico (b1xxxxxx)) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\DOCUME~1\\SUNJUN~1\\LOCALS~1\\Temp\\a.exe"="C:\\DOCUME~1\\SUNJUN~1\\LOCALS~1\\Temp\\a.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\winldra.exe"="C:\\WINDOWS\\system32\\winldra.exe:*:Enabled:Internet Explorer"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Xolox\\XoloxEXE.exe"="C:\\Program Files\\Xolox\\XoloxEXE.exe:*:Enabled:Xolox"
"C:\\Program Files\\Xolox\\mldonkey\\mlnet.exe"="C:\\Program Files\\Xolox\\mldonkey\\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"="C:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe:*:Disabled:Intel 802.1x Server"
"C:\\Program Files\\LimeWirePro\\LimeWire.exe"="C:\\Program Files\\LimeWirePro\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Sun Junky\\Desktop\\slsk.exe"="C:\\Documents and Settings\\Sun Junky\\Desktop\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Logitech\\VideoCall\\VideoCall.exe"="C:\\Program Files\\Logitech\\VideoCall\\VideoCall.exe:*:Enabled:videocall.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sun Junky\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SUNJUNKY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sun Junky
LOGONSERVER=\\SUNJUNKY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\CA\PPRT\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SUNJUN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SUNJUN~1\LOCALS~1\Temp
USERDOMAIN=SUNJUNKY
USERNAME=Sun Junky
USERPROFILE=C:\Documents and Settings\Sun Junky
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sun Junky (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3 Decoder --> C:\Program Files\Mediatwins software\AC3 Decoder\uninstall.exe
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Acoustica CD/DVD Label Maker --> C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL
Acoustica MP3 Audio Mixer 2.13 --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP470 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series /L0x0009
Canon MX300 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series /L0x0009
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IBD1HDAa.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31\HXFSETUP.EXE -U -IBD1HDAm.inf
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 6.0 --> C:\Program Files\HP\Digital Imaging\{641A0243-5DD5-4442-B7C1-5994ECAF0977}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0007_cf372e\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire PRO 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic Image Resizer 1.2 (remove only) --> "C:\Program Files\Magic Image Resizer\uninst.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MediaFACE 5.0 --> "C:\Documents and Settings\Sun Junky\Application Data\InstallShield Installation Information\{70A3C0E1-1953-4A95-9C66-99FDCDD5E357}\setup.exe" -runfromtemp -l0x0409 -removeonly
MediaFACE 5.0 --> MsiExec.exe /I{70A3C0E1-1953-4A95-9C66-99FDCDD5E357}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.0 --> MsiExec.exe /I{75852F49-2CAF-443F-B7C2-53DE5847DE56}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDADDIN --> MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP --> MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
Pixcavator 2.2 --> "C:\Program Files\Pixcavator 2.2\unins000.exe"
PPSDKRedistributables --> MsiExec.exe /I{C144C566-21EF-4F8C-9667-40CF19E6AED0}
Presto! PageManager 7.15.16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rogers Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
RPS Ad Blocker --> MsiExec.exe /I{05D0A02F-616D-4F2F-B143-1EDFD4954117}
RPS AntiFraud --> MsiExec.exe /I{33E42E0F-DE63-4527-80F6-C54F749D4F72}
RPS AntiSpyware --> MsiExec.exe /I{3A4EA99A-9CFB-4F21-8DBC-B55318791346}
RPS AntiVirus --> MsiExec.exe /I{2F645B95-2EE3-4D12-B1F1-92792A5A0475}
RPS App Detector --> MsiExec.exe /I{16F44008-A0B2-4F1D-8077-4EF3CECCF2A8}
RPS AsRealtime --> MsiExec.exe /I{D919664A-4246-4FC1-A781-84631737EBF3}
RPS Backup --> MsiExec.exe /I{A1A3D151-0707-4F6D-9DC1-8FAA6B8B152B}
RPS Burn --> MsiExec.exe /I{9ED8C15D-35E7-4A4B-B103-C234A9600CCB}
RPS Diagnostic Utility --> MsiExec.exe /I{17E8D1B6-A3B0-4F86-9D4B-B5B74FCE6CF8}
RPS Firewall --> MsiExec.exe /I{FF50571F-15FF-4435-97E1-7BB70EAA53A0}
RPS ParentalControl --> MsiExec.exe /I{EBCA18FC-A574-4EE1-B86B-87AB483C628C}
RPS Performance Tool --> MsiExec.exe /I{ED2E9BCD-B68A-40F7-AE60-A530F3D30370}
RPS PopupBlocker --> MsiExec.exe /I{B12897AC-1B80-41EE-B9A2-B965F766D157}
RPS Privacy Manager --> MsiExec.exe /I{2403195D-95B9-42ED-BE2E-EB2A5A6E1648}
RPS RpsCore --> MsiExec.exe /I{77A490DB-BBB8-4809-A0D5-37B592D76CED}
RPS Security Cleanup --> MsiExec.exe /I{E39707C3-A285-467E-BEDE-E63A1AFF32FC}
RPS Zip --> MsiExec.exe /I{AFE925E3-AEB4-4BBB-B97D-022135B50ED6}
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 8 (KB951804) --> "C:\WINDOWS\ie8updates\KB951804-IE8\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sympatico Security Advisor 1.5.11 --> "C:\Program Files\Bell\Sympatico Security Advisor\unins000.exe"
Sympatico Security Manager --> C:\Program Files\InstallShield Installation Information\{76AA8F37-51BD-445F-B355-293A72D6A291}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
Toshiba Controls Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{ACA1086B-9B62-4F80-B4B9-5659395E4F25} /l1033
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Tbiosdrv Driver --> C:\PROGRA~1\TOSHIBA\TOSHIB~3\UNWISE.EXE C:\PROGRA~1\TOSHIBA\TOSHIB~3\INSTALL.LOG
Toshiba Touchpad Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA} /l1033
Toshiba Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{099D12EC-0321-4CAC-A0CC-33D020156FCD} /l1033
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 1 --> "C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type11612 / Warning
Event Submitted/Written: 07/26/2008 00:37:10 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type11611 / Warning
Event Submitted/Written: 07/26/2008 00:37:10 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type11572 / Warning
Event Submitted/Written: 07/25/2008 02:38:40 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, PDProvider, has been registered in the WMI namespace, root\default, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type11571 / Warning
Event Submitted/Written: 07/25/2008 02:38:40 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, PDProvider, has been registered in the WMI namespace, root\default, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type11570 / Error
Event Submitted/Written: 07/25/2008 02:38:40 PM
Event ID/Source: 24 / WinMgmt
Event Description:
Event provider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent"
does not exist.
The query will be ignored.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2849 / Error
Event Submitted/Written: 07/29/2008 10:34:22 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type2848 / Error
Event Submitted/Written: 07/29/2008 10:34:22 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: Manifest Parse Error : An Invalid character was found in text content.
.

Event Record #/Type2847 / Error
Event Submitted/Written: 07/29/2008 10:34:22 PM
Event ID/Source: 58 / SideBySide
Event Description:
Syntax error in manifest or policy file "Manifest Parse Error : An Invalid character was found in text content.
1" on line Manifest Parse Error : An Invalid character was found in text content.
2.

Event Record #/Type2845 / Error
Event Submitted/Written: 07/29/2008 10:25:53 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type2844 / Error
Event Submitted/Written: 07/29/2008 10:25:53 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: Manifest Parse Error : An Invalid character was found in text content.
.



-- End of Deckard's System Scanner: finished at 2008-07-29 22:37:28 ------------

#15 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 31 July 2008 - 11:15 AM

Found this: c:\windows\system32\drivers\avgmfrs.sys (should I delete)


You can delete it.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 .
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
You are running a P2P filesharing programme.
  • Many of these programmes come with unwanted components bundled with them.
  • If you wish to find out whether the one you're using does click here.
Please note: Even if you are using a "safe" P2P programme, it is only the programme that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


Remember that no matter how clean the program you're using for Peer-to-Peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via Peer-to-Peer filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., pirated software and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

Here is some information that looks at the rates of infection:

http://www.benedelman.org/spyware/p2p/

My recommendation is you uninstall all P2P programs

Copy the contents of the following codebox to a notepad window

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KillAndClean]

Save it to the desktop as fix.reg, making sure save as type is set to all files

Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt
  • Open a new notepad window (Start>All Programs>Accessories>Notepad)
  • Copy & paste the contents of the following codebox into the notepad window
    sc delete Avg7RsW
    sc delete AvgTdi
    sc delete symlcbrd
    sc delete obbn13rt
    sc delete p76xxsks
    sc delete UIUSys
    sc delete s24trans
    sc delete Avg7Alrt
    sc delete Avg7UpdSvc
    sc delete AVGEMS
    sc delete KodakCCS
  • Click File > Save as
  • In the box labelled File name copy and paste cleanup.bat
  • Change Save as type to All Files
  • Save it to your desktop
  • Close the notepad window
  • Double click on cleanup.bat
  • A DOS window will come up briefly and then disappear, this is normal
Go to Start > Run... and copy/paste the text below into the Runbox:

"C:\Documents and Settings\Sun Junky\My Documents\06. Downloaded Files\dss.exe" /config

A window will open. Click on Check All, then click Scan!.

When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply

Also please tell me of any remaining problems.

Edited by random/random, 31 July 2008 - 11:15 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users