Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection With Ciadoor And Smithfraud


  • Please log in to reply
8 replies to this topic

#1 Hydro56

Hydro56

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 11 February 2007 - 02:37 AM

Logfile of HijackThis v1.99.1
Scan saved at 2:26:44 AM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analyze\Anal.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Sid Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170131836437
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



My CPU Usage is through the roof ive gone through all the steps listed before posting and i would just like to have my computer working as usual please help =)

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 11 February 2007 - 08:48 AM

Welcome to Bleeping Computer Hydro56 :thumbsup:

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.zip
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:
C:\WINDOWS\system32\scvhost.exe
Then press the red button with the white cross.
It will then provide a window for your to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

=======================

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

Viewpoint
Viewpoint Manager
Viewpoint Media Player


Then reboot.

=======================

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

=======================

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a log.
Post the C:\ComboFix.txt in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Reboot,post the DrWeb.cvs report,the C:\ComboFix.txt,and a new Hijackthis log in your next reply.

Edited by RichieUK, 13 February 2007 - 11:30 AM.

Posted Image
Posted Image

#3 Hydro56

Hydro56
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 11 February 2007 - 01:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:21:01 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Program Files\Analyze\Anal.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Sid Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170131836437
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe



"Administrator" - 07-02-11 13:06:18 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-11 to 2007-02-11 ))))))))))))))))))))))))))))))))))


2007-02-11 11:35 <DIR> d-------- C:\DOCUME~1\Hydro56\DoctorWeb
2007-02-11 11:32 <DIR> d-------- C:\!KillBox
2007-02-11 01:39 3,786 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-11 01:23 <DIR> d-------- C:\Program Files\LIUtilities
2007-02-11 01:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-02-10 02:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-08 12:45 <DIR> d-------- C:\Program Files\Turbine
2007-02-07 19:32 <DIR> d-------- C:\Program Files\Analyze
2007-02-07 16:43 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-02-07 16:43 200,652 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-02-07 16:42 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2007-02-07 16:42 9,216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2007-02-07 16:42 57,344 --a------ C:\WINDOWS\system32\pavipc.dll
2007-02-07 16:42 45,056 --a------ C:\WINDOWS\system32\avldr.dll
2007-02-07 16:42 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2007-02-07 16:42 44,544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2007-02-07 16:42 36,864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2007-02-07 16:42 245,760 --a------ C:\WINDOWS\system32\PavSHook.dll
2007-02-07 16:42 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-02-07 16:42 23,296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2007-02-07 16:42 185,472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2007-02-07 16:42 16,640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-02-07 16:42 16,256 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2007-02-07 16:42 141,312 --a------ C:\WINDOWS\system32\drivers\netflt.sys
2007-02-07 16:42 139,264 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-02-07 16:42 103,936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys
2007-02-07 16:42 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2007-02-07 16:42 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-02-07 16:42 <DIR> d-------- C:\Program Files\Panda Software
2007-02-07 16:41 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-02-07 16:41 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-02-07 16:41 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-02-07 16:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
2007-02-07 16:24 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-07 15:58 <DIR> d-------- C:\Program Files\Windows Defender
2007-02-07 15:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-02-07 15:55 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Lavasoft
2007-02-07 15:45 <DIR> d-------- C:\Program Files\Gamescampus
2007-02-07 14:21 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-02-07 14:21 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-02-07 14:21 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-02-07 14:21 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-02-07 14:21 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-02-07 14:21 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-02-07 14:21 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-02-07 14:21 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-02-07 14:21 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-02-07 14:21 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-02-07 14:21 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-02-07 14:21 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-02-07 14:21 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-02-07 14:20 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-02-07 14:20 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-02-07 14:20 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-02-07 14:20 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-02-07 14:20 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-02-07 14:20 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-02-05 15:52 <DIR> d-------- C:\WINDOWS\ShellNew
2007-02-05 15:47 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Microsoft Web Folders
2007-02-05 10:18 159,366 --a------ C:\WINDOWS\system32\ckl009.dat
2007-02-05 10:17 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-02-05 10:17 196 --a------ C:\WINDOWS\system32\del32.bat
2007-02-05 10:11 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-02-04 23:58 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-02-04 23:58 <DIR> d-------- C:\Program Files\Windows Media Components
2007-02-04 23:57 <DIR> d-------- C:\Program Files\MSN Webcam Recorder
2007-02-04 17:55 <DIR> d-------- C:\Media
2007-02-04 17:55 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Creative ASR2
2007-02-04 17:48 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-02-04 17:48 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-04 14:02 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\My Battle for Middle-earth™ II Files
2007-02-04 13:57 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2007-02-04 13:09 <DIR> d-------- C:\Program Files\Electronic Arts
2007-02-01 13:49 <DIR> d-------- C:\Program Files\QuickTime
2007-02-01 13:49 <DIR> d-------- C:\Program Files\iTunes
2007-02-01 13:49 <DIR> d-------- C:\Program Files\iPod
2007-02-01 13:49 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Apple Computer
2007-01-31 19:33 <DIR> d-------- C:\Program Files\Apple Software Update
2007-01-31 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer
2007-01-31 13:39 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Leadertech
2007-01-31 13:19 <DIR> d-------- C:\Program Files\Firaxis Games
2007-01-31 11:14 <DIR> d-------- C:\WINDOWS\Sun
2007-01-31 11:14 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Sun
2007-01-31 00:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2007-01-30 23:38 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-01-30 23:38 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-01-30 23:38 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-01-30 23:38 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-01-30 23:38 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-01-30 23:38 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-01-30 23:38 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-01-30 23:38 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-01-30 23:37 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-01-30 23:36 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-01-30 23:30 <DIR> d-------- C:\Program Files\Google
2007-01-30 23:30 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Google
2007-01-30 23:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-30 23:22 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-30 23:21 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-30 23:20 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-30 23:20 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-30 23:12 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-01-30 23:12 <DIR> d-------- C:\NVIDIA
2007-01-30 12:28 <DIR> d-------- C:\Program Files\Azureus
2007-01-30 12:28 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Azureus
2007-01-30 12:27 <DIR> d-------- C:\Program Files\Java
2007-01-30 12:26 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-30 12:20 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-30 12:20 <DIR> d-------- C:\69f07ca7b3e554ea33be
2007-01-30 12:03 <DIR> d-------- C:\Program Files\World of Warcraft
2007-01-30 11:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-01-30 11:43 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-01-30 11:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-30 11:35 <DIR> d-------- C:\Program Files\Ubisoft
2007-01-30 11:29 28 --a------ C:\WINDOWS\system32\vfw_32.reg
2007-01-30 11:29 <DIR> d-------- C:\WINDOWS\system32\drivex
2007-01-30 11:24 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Roxio
2007-01-30 11:24 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Roxio
2007-01-30 11:23 <DIR> d-------- C:\Program Files\InterActual
2007-01-30 11:22 92,920 --a------ C:\WINDOWS\DLA.EXE
2007-01-30 11:22 56,056 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2007-01-30 11:22 51,800 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-01-30 11:22 28,216 --a------ C:\WINDOWS\system32\drivers\DLARTL_M.SYS
2007-01-30 11:22 12,952 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-01-30 11:22 <DIR> d-------- C:\WINDOWS\system32\DLA
2007-01-30 11:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield
2007-01-30 11:21 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-01-30 11:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sonic
2007-01-30 11:20 <DIR> d-------- C:\Program Files\Xingtone
2007-01-30 11:19 <DIR> d-------- C:\Program Files\SightSpeed
2007-01-30 11:17 <DIR> d-------- C:\Program Files\Roxio
2007-01-30 11:17 <DIR> d-------- C:\Program Files\DivX
2007-01-30 11:17 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-01-30 11:17 <DIR> d-------- C:\Program Files\Common Files\SightSpeed
2007-01-30 11:17 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-01-30 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Roxio
2007-01-30 11:09 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Viewpoint
2007-01-30 11:03 <DIR> d-------- C:\Program Files\PowerISO
2007-01-30 01:31 1,407 --a------ C:\WINDOWS\mozver.dat
2007-01-30 01:27 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-01-30 01:19 <DIR> d--hs---- C:\RECYCLER
2007-01-30 01:16 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-01-30 01:15 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-01-30 01:15 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2007-01-30 01:15 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2007-01-30 01:15 77,824 --------- C:\WINDOWS\system32\ctdvda32.dll
2007-01-30 01:15 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
2007-01-30 01:15 53,552 --------- C:\WINDOWS\CTCCW.DLL
2007-01-30 01:15 277,200 --a------ C:\WINDOWS\system32\CTAA1.DAT
2007-01-30 01:15 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
2007-01-30 01:15 24,976 --------- C:\WINDOWS\CTRES.DLL
2007-01-30 01:15 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
2007-01-30 01:15 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
2007-01-30 01:15 1,048,576 --------- C:\WINDOWS\system32\SFMAN.DAT
2007-01-30 01:14 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2007-01-30 01:13 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll
2007-01-30 01:13 331,776 --------- C:\WINDOWS\system32\CTMEDENG.DLL
2007-01-30 01:13 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL
2007-01-30 01:12 10,194 --------- C:\WINDOWS\system32\PFMODNT.SYS
2007-01-30 01:08 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-01-30 01:08 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\acccore
2007-01-30 01:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Viewpoint
2007-01-30 01:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2007-01-30 01:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-01-30 01:07 335 --a------ C:\WINDOWS\nsreg.dat
2007-01-30 01:07 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-01-30 01:07 <DIR> d-------- C:\Program Files\AIM6
2007-01-30 01:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2007-01-30 00:52 <DIR> d-------- C:\Program Files\MSBuild
2007-01-30 00:50 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-01-30 00:49 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-01-30 00:49 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-01-30 00:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-30 00:48 <DIR> d-------- C:\d41ed5c80c6d298de5fd5e3245
2007-01-30 00:47 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-30 00:47 <DIR> d-------- C:\WINDOWS\system32\en-us
2007-01-30 00:47 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-30 00:42 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-30 00:42 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-01-30 00:42 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-01-30 00:41 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-01-30 00:41 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-01-30 00:41 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-01-30 00:23 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-30 00:13 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-30 00:13 <DIR> d-------- C:\WINDOWS\peernet
2007-01-30 00:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-30 00:10 <DIR> d-------- C:\WINDOWS\EHome
2007-01-30 00:08 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-01-30 00:08 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-01-30 00:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-29 23:59 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-01-29 23:59 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-01-29 23:59 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-01-29 23:58 991,744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-01-29 23:58 96,768 --a------ C:\WINDOWS\system32\drmstor.dll
2007-01-29 23:58 937,984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2007-01-29 23:58 757,248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2007-01-29 23:58 603,648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2007-01-29 23:58 542,720 --a------ C:\WINDOWS\system32\blackbox.dll
2007-01-29 23:58 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-01-29 23:58 4,096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-01-29 23:58 4,096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-01-29 23:58 4,096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-01-29 23:58 4,096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-01-29 23:58 4,096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2007-01-29 23:58 4,096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2007-01-29 23:58 4,096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2007-01-29 23:58 258,296 --a------ C:\WINDOWS\system32\drmclien.dll
2007-01-29 23:58 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-01-29 23:58 222,208 --a------ C:\WINDOWS\system32\WMASF.dll
2007-01-29 23:58 211,456 --a------ C:\WINDOWS\system32\qasf.dll
2007-01-29 23:58 2,450,944 --a------ C:\WINDOWS\system32\wmvcore.dll
2007-01-29 23:58 179,712 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-01-29 23:58 157,184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-01-29 23:58 11,264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2007-01-29 23:58 100,864 --a------ C:\WINDOWS\system32\logagent.exe
2007-01-29 23:58 1,329,152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2007-01-29 23:58 1,117,696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2007-01-29 23:58 <DIR> d--h----- C:\Program Files\Creative Installation Information
2007-01-29 23:58 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-01-29 23:54 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-01-29 23:50 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-29 23:47 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-01-29 23:47 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-29 23:47 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-29 23:47 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-29 23:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-29 23:47 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-29 23:47 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-01-29 23:47 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-01-29 23:47 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2007-01-29 23:47 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-29 23:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-29 23:47 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-01-29 23:47 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-29 23:47 11,776 --a------ C:\WINDOWS\INRES.DLL
2007-01-29 23:47 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-01-29 23:47 <DIR> d-------- C:\WINDOWS\system32\Defaults
2007-01-29 23:47 <DIR> d-------- C:\WINDOWS\system32\Data
2007-01-29 23:47 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Creative
2007-01-29 23:46 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-01-29 23:44 <DIR> d-------- C:\Program Files\Creative
2007-01-29 23:43 <DIR> d-------- C:\Downloaded Driver
2007-01-29 23:40 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-29 23:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-29 23:40 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-29 23:40 <DIR> d-------- C:\WINDOWS\system32\bits
2007-01-29 23:39 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-01-29 23:39 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-01-29 23:39 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-01-29 23:39 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-01-29 23:37 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-01-29 23:37 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-01-29 23:37 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-01-29 23:37 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-01-29 23:37 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-01-29 23:37 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-01-29 23:37 <DIR> d--hs---- C:\DOCUME~1\Hydro56\UserData
2007-01-29 23:37 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-29 23:34 71,168 -ra------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2007-01-29 23:33 9,919 --a------ C:\WINDOWS\system32\AONMDI.SYS
2007-01-29 23:33 21,640 --a------ C:\WINDOWS\system32\CCDEVIO.sys
2007-01-29 23:33 106,496 --a------ C:\WINDOWS\system32\AONMDI.DLL
2007-01-29 23:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-29 23:33 <DIR> d-------- C:\Program Files\AOpen
2007-01-29 23:32 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-29 23:32 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-01-29 23:32 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-01-29 23:32 <DIR> d-------- C:\WINDOWS\Profiles
2007-01-29 23:32 <DIR> d-------- C:\WINDOWS\nview
2007-01-29 23:32 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-01-29 23:32 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-29 23:32 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\InterTrust
2007-01-29 23:32 <DIR> d-------- C:\DOCUME~1\Hydro56\Application Data\Adobe
2007-01-29 23:29 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-01-29 23:29 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-01-29 23:29 2,621,440 --ah----- C:\DOCUME~1\Hydro56\NTUSER.DAT
2007-01-29 23:29 <DIR> d--hs---- C:\WINDOWS\Installer
2007-01-29 23:29 <DIR> d--hs---- C:\System Volume Information
2007-01-29 23:27 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-01-29 23:27 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-01-29 23:27 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-01-29 23:27 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2007-01-29 23:27 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-01-29 23:27 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-01-29 23:27 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-01-29 23:27 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2007-01-29 23:27 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-01-29 23:27 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-01-29 23:27 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-01-29 23:27 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-01-29 23:27 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll
2007-01-29 23:27 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2007-01-29 23:27 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-01-29 23:27 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2007-01-29 23:27 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-01-29 23:27 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-01-29 23:27 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-01-29 23:27 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-01-29 23:27 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-01-29 23:27 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll
2007-01-29 23:27 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll
2007-01-29 23:27 44,544 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-01-29 23:27 44,032 --a------ C:\WINDOWS\system32\dimap.dll
2007-01-29 23:27 436,224 --a------ C:\WINDOWS\system32\d3dim.dll
2007-01-29 23:27 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-01-29 23:27 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-01-29 23:27 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-29 23:27 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2007-01-29 23:27 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2007-01-29 23:27 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2007-01-29 23:27 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-01-29 23:27 350,208 --a------ C:\WINDOWS\system32\d3drm.dll
2007-01-29 23:27 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2007-01-29 23:27 35,328 --a------ C:\WINDOWS\system32\pid.dll
2007-01-29 23:27 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-01-29 23:27 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-01-29 23:27 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2007-01-29 23:27 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-01-29 23:27 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-01-29 23:27 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-01-29 23:27 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2007-01-29 23:27 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2007-01-29 23:27 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-01-29 23:27 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2007-01-29 23:27 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-01-29 23:27 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2007-01-29 23:27 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-01-29 23:27 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2007-01-29 23:27 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-01-29 23:27 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-01-29 23:27 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-01-29 23:27 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2007-01-29 23:27 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-01-29 23:27 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2007-01-29 23:27 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2007-01-29 23:27 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-01-29 23:27 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-01-29 23:27 181,760 --a------ C:\WINDOWS\system32\dinput8.dll
2007-01-29 23:27 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-01-29 23:27 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-01-29 23:27 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-01-29 23:27 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-01-29 23:27 159,232 --a------ C:\WINDOWS\system32\dinput.dll
2007-01-29 23:27 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-01-29 23:27 15,360 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-01-29 23:27 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-01-29 23:27 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2007-01-29 23:27 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-01-29 23:27 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-01-29 23:27 11,776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-01-29 23:27 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-01-29 23:27 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-01-29 23:27 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-01-29 23:27 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-01-29 23:27 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-01-29 23:27 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2007-01-29 23:27 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-01-29 23:27 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-01-29 23:27 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-01-29 23:27 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-01-29 23:27 1,287,168 --a------ C:\WINDOWS\system32\quartz.dll
2007-01-29 23:27 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-01-29 23:27 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2007-01-29 23:27 0 -rahs---- C:\MSDOS.SYS
2007-01-29 23:27 0 -rahs---- C:\IO.SYS
2007-01-29 23:27 0 --a------ C:\CONFIG.SYS
2007-01-29 23:27 0 --a------ C:\AUTOEXEC.BAT
2007-01-29 23:27 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-01-29 23:27 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-29 23:27 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-01-29 23:26 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-01-29 23:26 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-01-29 23:26 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-01-29 23:26 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-01-29 23:26 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-01-29 23:26 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-01-29 23:26 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-01-29 23:26 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-01-29 23:26 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-01-29 23:26 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-01-29 23:26 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-01-29 23:26 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-01-29 23:26 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-29 23:26 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-01-29 23:25 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-01-29 23:25 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-01-29 23:25 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-01-29 23:25 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-01-29 23:25 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-01-29 23:25 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-01-29 23:25 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-01-29 23:25 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-01-29 23:25 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-01-29 23:25 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-01-29 23:25 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-01-29 23:25 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-01-29 23:25 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-01-29 23:25 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-01-29 23:25 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-01-29 23:25 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-01-29 23:25 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-01-29 23:25 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-01-29 23:25 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-01-29 23:25 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-01-29 23:25 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-01-29 23:25 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-01-29 23:25 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-01-29 23:25 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-01-29 23:25 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-01-29 23:25 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-01-29 23:25 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-01-29 23:25 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-01-29 23:25 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-01-29 23:25 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-01-29 23:25 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-01-29 23:25 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-01-29 23:25 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-01-29 23:25 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-01-29 23:25 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-01-29 23:25 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-01-29 23:25 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-01-29 23:25 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-01-29 23:25 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-01-29 23:25 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-01-29 23:25 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-01-29 23:25 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-29 23:25 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-29 23:25 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-01-29 23:25 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-01-29 23:25 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-01-29 23:25 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-01-29 23:25 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-01-29 23:25 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-01-29 23:25 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-01-29 23:25 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-01-29 23:25 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-01-29 23:25 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-01-29 23:25 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-01-29 23:25 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-01-29 23:25 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-01-29 23:25 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-01-29 23:25 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-01-29 23:25 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-01-29 23:25 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-01-29 23:25 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-01-29 23:25 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-01-29 23:25 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-01-29 23:25 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-01-29 23:25 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-01-29 23:25 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-01-29 23:25 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-01-29 23:25 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-01-29 23:25 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-29 23:25 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-01-29 23:25 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-01-29 23:25 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-01-29 23:25 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-01-29 23:25 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-01-29 23:25 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-01-29 23:25 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-01-29 23:25 <DIR> d---s---- C:\WINDOWS\Tasks
2007-01-29 23:25 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-01-29 23:25 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-01-29 23:25 <DIR> d-------- C:\WINDOWS\srchasst
2007-01-29 23:25 <DIR> d-------- C:\WINDOWS\Registration
2007-01-29 23:25 <DIR> d-------- C:\WINDOWS\PCHealth
2007-01-29 23:25 <DIR> d-------- C:\Program Files\Online Services
2007-01-29 23:25 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-01-29 23:25 <DIR> d-------- C:\Program Files\Movie Maker
2007-01-29 23:25 <DIR> d-------- C:\Program Files\Messenger
2007-01-29 23:25 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-01-29 23:24 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-01-29 23:24 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-01-29 23:24 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-01-29 23:24 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-01-29 23:24 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-01-29 23:24 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-01-29 23:24 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-01-29 23:24 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-01-29 23:24 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-01-29 23:24 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-01-29 23:24 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-01-29 23:24 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-01-29 23:24 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-01-29 23:24 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-01-29 23:24 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-29 23:24 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-01-29 23:24 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-01-29 23:24 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-01-29 23:24 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-29 23:24 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-01-29 23:24 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-01-29 23:24 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-01-29 23:24 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-01-29 23:24 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-01-29 23:24 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-01-29 23:24 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-01-29 23:24 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-01-29 23:24 <DIR> d-------- C:\WINDOWS\system32\Com
2007-01-29 23:24 <DIR> d-------- C:\Program Files\Windows NT
2007-01-29 18:22 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-01-29 18:22 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-01-29 18:22 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-01-29 18:22 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-01-29 18:21 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-01-29 18:21 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-01-29 18:21 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-01-29 18:21 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-01-29 18:21 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-01-29 18:21 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-01-29 18:21 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-01-29 18:21 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-01-29 18:21 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-01-29 18:21 69,120 --a------ C:\WINDOWS\notepad.exe
2007-01-29 18:21 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-01-29 18:21 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-01-29 18:21 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-01-29 18:21 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-01-29 18:21 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-01-29 18:21 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-01-29 18:21 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-01-29 18:21 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-01-29 18:21 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-01-29 18:21 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-01-29 18:21 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-01-29 18:21 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-01-29 18:21 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-01-29 18:21 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-01-29 18:21 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-01-29 18:21 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-01-29 18:21 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-01-29 18:21 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-01-29 18:21 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-01-29 18:21 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-01-29 18:21 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-01-29 18:21 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-01-29 18:21 <DIR> dr------- C:\Program Files
2007-01-29 18:21 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-01-29 18:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-01-29 18:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-01-29 18:21 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-01-29 18:21 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-01-29 18:20 <DIR> d-------- C:\Documents and Settings
2007-01-29 18:17 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-01-29 18:17 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-01-29 18:17 <DIR> dr------- C:\WINDOWS\Web
2007-01-29 18:17 <DIR> d--h----- C:\WINDOWS\inf
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\WinSxS
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\twain_32
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\wins
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\spool
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\ras
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\npp
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\mui
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\IME
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\ias
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\export
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\config
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\3076
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\2052
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\1054
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\1042
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS&#

#4 Hydro56

Hydro56
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 11 February 2007 - 01:27 PM

2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\1041
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\1037
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\1033
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\1031
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\1028
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32\1025
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system32
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\system
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\security
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\Resources
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\repair
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\mui
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\msapps
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\msagent
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\Media
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\java
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\ime
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\Help
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\Debug
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\Cursors
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\Config
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\AppPatch
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS\addins
2007-01-29 18:17 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-07 16:24 -------- d---s---- C:\DOCUME~1\ADMINI~1\Application Data\microsoft
2007-01-29 18:21 62 --ahs---- C:\DOCUME~1\ADMINI~1\Application Data\desktop.ini
2006-12-19 08:02 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-11-27 03:45 60416 --------- C:\WINDOWS\system32\tzchange.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDET.EXE\""
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
@=""
"RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\""
"DMXLauncher"="\"C:\\Program Files\\Roxio\\Media Experience\\DMXLauncher.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RemoteCenter"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\Inicio.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-11 13:09:19


thats the rest of it, thanks again for your help

#5 Hydro56

Hydro56
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 13 February 2007 - 11:07 AM

Now that i used killbox on the SCVHost i now get an error upon start up saying it was unable to run it is that a file i need to actually have is there some way to put it back or just make it stop giving me the error?

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 13 February 2007 - 11:42 AM

Copy and paste the following bold blue text below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then reboot.
==============================================
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Generic Host Process"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Generic Host Process"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Generic Host Process"=-

==============================================

Reboot,post a new Hijackthis log into your next reply.
Posted Image
Posted Image

#7 Hydro56

Hydro56
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 13 February 2007 - 10:08 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:05:31 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analyze\Anal.exe
C:\WINDOWS\system32\wscntfy.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Sid Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170131836437
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe





Thanks again =) i really appreciate that there are people like you out there to help put our computers back in the condition we like em to be.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 19 February 2007 - 08:30 PM

Could you reboot and post a new Hijackthis log into your next reply please.
Let me know how your pc is running now.
Posted Image
Posted Image

#9 Hydro56

Hydro56
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 20 February 2007 - 12:43 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:40:04 AM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analyze\Anal.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170131836437
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v7.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe




My computer seems to be running as normal, but i still get the error message about the scvhost thing even though i did the notepad registry edit thing you had me do earlier. thanks !




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users