Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"privacy Danger" Infection - 5 Days Work But Still Infected


  • Please log in to reply
14 replies to this topic

#1 Kittykat69

Kittykat69

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 02 July 2007 - 01:50 PM

I'm infected with some horrible hijacker/malware crap.
for 5 days I have been following directions from other sites/ downloading every anti spyware i can find / antivirus etc etc - for 2 days i couldnt even get a program to FIND the infection..

here are the programs i've been using to try and remove this:

spybot S&D
lavasoft adaware
webroot spysweeper
superantispyware
spywareblaster
avast home edition antivirus
smitfraud
vundofix
OT moveit
PC Bugdoctor
SDfix
hijack this
combofix
killbox


I finally figured out I have "PRIVACY_DANGER" ... so i've been taking steps i found on the topics on THIS site ... finally I've been finding some of the problems and fixing them

BUT
'I still have traces of infection such as homepage hijacker and my computer is still ATTEMPTING to launch pop-ups, however now that I have removed some infected files - i now get an ADDITIONAL pop-up saying "unable to locate file [with file location]"

here's my hijack this logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:48:39 AM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\DrvMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CLCL\CLCL.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gregory\Desktop\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [eRecoveryService] "C:\Program Files\Acer\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: KEYLOGGER.lnk = ?
O4 - Global Startup: CLCL.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe




---------

Here's my SD FIx report:

SDFix: Version 1.88

Run by Gregory on Mon 07/02/2007 at 10:26 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\ULTRA.DLL - Deleted
C:\Documents and Settings\Gregory\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Gregory\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Gregory\Desktop\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\system32\setup.exe.tmp - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\DOCUME~1\Gregory\LOCALS~1\Temp\hd-log.txt - Deleted
C:\DOCUME~1\Gregory\LOCALS~1\Temp\temp.bat - Deleted
C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\expro.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\system32\setup.exe.tmp - Deleted
C:\WINDOWS\vpssup.dll - Deleted


Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1142539276\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1142539276\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1142539276\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1142539276\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Gregory\\Local Settings\\Temp\\~os29C.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Gregory\\Local Settings\\Temp\\~os29C.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Gregory\\Local Settings\\Temp\\~os3DB.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Gregory\\Local Settings\\Temp\\~os3DB.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\WINDOWS\system32\NTICDMK7.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\WINDOWS\system32\NTIMP3.dll
C:\WINDOWS\system32\NTIFCD3.dll
C:\WINDOWS\system32\NTIBUN4.dll
C:\Program Files\Microsoft Money 2007\mnysvc07.dll
C:\Program Files\Microsoft Money 2007\utlsrf07.dll
C:\Program Files\Microsoft Money 2007\mnysl07.dll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money 2007\mnyupdate!@#@.exe
C:\megapolitanmoney\PACKAGE\~WRL0004.tmp

Listing User Accounts:


Administrator ASPNET Gregory
Guest HelpAssistant SUPPORT_388945a0


Finished

BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:14 AM

Posted 02 July 2007 - 09:45 PM

Welcome to BC :thumbsup:

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Microsoft MVP Consumer Security--2007-2010

#3 Kittykat69

Kittykat69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 03 July 2007 - 04:44 PM

Thankyou for hlping here are the logs you requested

COMBOFIX:

"Gregory" - 2007-07-03 14:40:25 - ComboFix 07-07-03.9 - Service Pack 2 FAT32


((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))


2007-07-02 19:18 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-02 19:04 <DIR> d-------- C:\Program Files\RogueRemover
2007-07-02 11:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-02 11:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-02 10:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 20:35 <DIR> d-------- C:\!KillBox
2007-06-26 18:39 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-26 18:39 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-26 18:39 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-26 18:39 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-26 18:39 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-26 18:39 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-26 18:38 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-26 17:47 <DIR> d-------- C:\DOCUME~1\Gregory\APPLIC~1\SUPERAntiSpyware.com
2007-06-26 17:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-26 17:10 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-06-26 16:56 <DIR> d-------- C:\HJT
2007-06-26 12:47 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-26 12:47 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-26 12:47 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-06-26 12:47 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-26 12:47 <DIR> d-------- C:\Program Files\Webroot
2007-06-26 12:47 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-06-26 12:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-06-26 12:46 <DIR> d-------- C:\DOCUME~1\Gregory\APPLIC~1\Webroot
2007-06-26 11:33 164 --a------ C:\install.dat
2007-06-26 11:18 <DIR> d-------- C:\VundoFix Backups
2007-06-25 08:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-24 11:20 <DIR> d-------- C:\COZY
2007-06-21 12:10 <DIR> d-------- C:\Program Files\Microsoft Money 2007
2007-06-18 15:58 <DIR> d-------- C:\Program Files\Easy Cash Manager
2007-06-15 07:36 <DIR> d-------- C:\DOCUME~1\Gregory\APPLIC~1\PC-FAX TX
2007-06-12 01:26 <DIR> d-------- C:\Program Files\Bug Doctor
2007-06-12 00:44 <DIR> d-------- C:\Program Files\Trillian
2007-06-05 13:42 <DIR> d-------- C:\DOCUME~1\Gregory\APPLIC~1\ICQ
2007-06-03 23:06 <DIR> d-------- C:\WINDOWS\aod
2007-06-03 23:05 <DIR> d-------- C:\Program Files\ICQ


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-15 14:37:32 0 ----a-w C:\WINDOWS\brdfxspd.dat
2007-05-27 23:02:58 -------- d-----w C:\DOCUME~1\Gregory\APPLIC~1\VoipStunt
2007-05-18 23:38:30 -------- d-----w C:\Program Files\Microsoft Works
2007-05-18 15:43:06 50 ----a-w C:\WINDOWS\system32\bridf06a.dat
2007-05-17 16:53:28 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 20:52:40 -------- d-----w C:\Program Files\Streamload
2007-05-06 06:09:24 -------- d-----w C:\Program Files\bobyte
2007-05-05 22:22:46 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2007-05-05 22:17:28 -------- d-----w C:\Program Files\AviSynth 2.5
2007-05-05 22:15:36 -------- d-----w C:\Program Files\Gabest
2007-05-05 22:15:08 -------- d-----w C:\Program Files\AutoGK
2007-05-05 19:47:36 -------- d-----w C:\Program Files\DVD Decrypter
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 22:41:46 38,672 ----a-w C:\DOCUME~1\Gregory\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 09:38]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2006-06-14 21:11]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 12:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{321145b6-c113-11db-98e5-0013ceaaf0a3}]
AutoRun\command- F:\Loaderw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39b9e17a-d0d5-11db-9905-00163608d718}]
AutoRun\command- F:\Loaderw.exe

*Newly Created Service* - INT15.SYS

Contents of the 'Scheduled Tasks' folder
2007-06-30 20:17:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 14:41:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-03 14:41:57
C:\ComboFix2.txt ... 2007-07-02 11:02
C:\ComboFix-quarantined-files.txt ... 2007-07-03 14:41

--- E O F ---






####################################################################################

HIJACK THIS:

Logfile of HijackThis v1.99.1
Scan saved at 2:43:35 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\DrvMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CLCL\CLCL.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Gregory\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [eRecoveryService] "C:\Program Files\Acer\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: KEYLOGGER.lnk = ?
O4 - Global Startup: CLCL.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#4 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:14 AM

Posted 03 July 2007 - 07:07 PM

Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...
Microsoft MVP Consumer Security--2007-2010

#5 Kittykat69

Kittykat69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 04 July 2007 - 09:05 PM

Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...



i did what you said 4 times... 3 times with system restore on.. the final time with system restore off.

its not working at all


any other suggestion?
i'm almost at the point of doing a format C .... my computer is slow and this is so annoying!

#6 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:14 AM

Posted 04 July 2007 - 11:21 PM

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
    • In the Drivers Services group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in
Microsoft MVP Consumer Security--2007-2010

#7 Kittykat69

Kittykat69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 05 July 2007 - 04:29 PM

WinPFind3 logfile created on: 7/5/2007 2:13:52 PM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Gregory\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1014.05 Mb Total Physical Memory | 447.98 Mb Available Physical Memory | 44.18% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.12 Gb Total Space | 26.67 Gb Free Space | 49.27% Space Free
Drive D: | 54.70 Gb Total Space | 54.70 Gb Free Space | 100.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: NARADAMUNI
Current User Name: Gregory
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
anbmserv.exe -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.6.9 | Size = 1273344 bytes | Modified Date = 6/6/2005 7:08:58 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 4/30/2007 8:42:48 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 4/30/2007 9:04:38 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 4/30/2007 8:42:40 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 4/30/2007 8:41:28 AM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 4/30/2007 8:29:56 AM | Attr = ]
brccmctl.exe -> %ProgramFiles%\Brother\ControlCenter3\BrccMCtl.exe -> Brother Industries, Ltd. [Ver = 3, 0, 89, 89 | Size = 339968 bytes | Modified Date = 6/27/2006 10:30:30 AM | Attr = ]
brmfcwnd.exe -> %ProgramFiles%\Brother\Brmfcmon\BrMfcWnd.exe -> [Ver = 2, 0, 0, 13 | Size = 622592 bytes | Modified Date = 6/28/2006 7:46:30 AM | Attr = ]
brmfimon.exe -> %ProgramFiles%\Brother\Brmfcmon\BrMfimon.exe -> Brother Industries, Ltd. [Ver = 2, 0, 0, 2 | Size = 204800 bytes | Modified Date = 5/8/2006 6:52:04 PM | Attr = ]
clcapsvc.exe -> %ProgramFiles%\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -> [Ver = 4.01.1915 | Size = 249954 bytes | Modified Date = 8/11/2005 11:49:30 AM | Attr = ]
clcl.exe -> %ProgramFiles%\CLCL\CLCL.exe -> [Ver = | Size = 180224 bytes | Modified Date = 2/11/2005 6:58:10 PM | Attr = ]
clmlserver.exe -> %ProgramFiles%\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 2, 1, 0, 1815 | Size = 61440 bytes | Modified Date = 8/11/2005 11:48:36 AM | Attr = ]
clmlservice.exe -> %ProgramFiles%\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe -> Cyberlink [Ver = 2, 1, 0, 1815 | Size = 1077376 bytes | Modified Date = 8/11/2005 11:48:36 AM | Attr = ]
clsched.exe -> %ProgramFiles%\Acer\Acer Arcade\Kernel\TV\CLSched.exe -> [Ver = 4.01.1928 | Size = 114772 bytes | Modified Date = 8/11/2005 11:49:32 AM | Attr = ]
drvmon.exe -> %System32%\DrvMon.exe -> Alcor Micro, Corp. [Ver = 1, 0, 1, 2 | Size = 53248 bytes | Modified Date = 6/14/2006 9:11:10 PM | Attr = ]
epm-dm.exe -> %SystemDrive%\Acer\ePM\epm-dm.exe -> Acer Inc [Ver = 2.71 | Size = 200704 bytes | Modified Date = 8/11/2005 7:21:00 PM | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 10/15/2004 11:22:14 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.4: 2007051502 | Size = 7637104 bytes | Modified Date = 5/31/2007 10:03:06 AM | Attr = ]
icq.exe -> %ProgramFiles%\ICQ\Icq.exe -> ICQ Inc. [Ver = 5,5,6,3916 | Size = 1880639 bytes | Modified Date = 10/14/2003 10:03:50 AM | Attr = ]
monitor.exe -> %ProgramFiles%\Acer\eRecovery\Monitor.exe -> acer Inc. [Ver = 1, 2, 11, 3 | Size = 352256 bytes | Modified Date = 8/18/2005 7:38:46 PM | Attr = ]
pcmservice.exe -> %ProgramFiles%\Acer\Acer Arcade\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 143360 bytes | Modified Date = 8/11/2005 11:48:58 AM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 10/15/2004 11:21:38 AM | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.0.1321 | Size = 143360 bytes | Modified Date = 1/21/2005 7:37:16 PM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 10/15/2004 11:24:48 AM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 3/1/2007 7:55:50 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 10/8/2004 2:43:12 PM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 10/8/2004 2:44:24 PM | Attr = ]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 11/21/2006 9:38:22 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
yahoom~1.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,239 | Size = 4670968 bytes | Modified Date = 1/19/2007 12:49:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 5/17/2007 9:53:30 AM | Attr = ]
(anbmService) Notebook Manager Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.6.9 | Size = 1273344 bytes | Modified Date = 6/6/2005 7:08:58 PM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 4/30/2007 8:29:56 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 4/30/2007 8:42:40 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 4/30/2007 9:04:38 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 4/30/2007 8:41:28 AM | Attr = ]
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> %ProgramFiles%\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -> [Ver = 4.01.1915 | Size = 249954 bytes | Modified Date = 8/11/2005 11:49:30 AM | Attr = ]
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> %ProgramFiles%\Acer\Acer Arcade\Kernel\TV\CLSched.exe -> [Ver = 4.01.1928 | Size = 114772 bytes | Modified Date = 8/11/2005 11:49:32 AM | Attr = ]
(CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 2, 1, 0, 1815 | Size = 61440 bytes | Modified Date = 8/11/2005 11:48:36 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 10/15/2004 11:22:14 AM | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 10/15/2004 11:21:38 AM | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.0.1321 | Size = 143360 bytes | Modified Date = 1/21/2005 7:37:16 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 10/15/2004 11:24:48 AM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 3/1/2007 7:55:50 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Modified Date = 4/30/2007 8:37:24 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 4/20/2007 8:51:18 PM | Attr = ]
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Modified Date = 4/30/2007 8:41:42 AM | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Modified Date = 4/30/2007 8:39:42 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Modified Date = 4/30/2007 8:38:52 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BLKWGN) Belkin Wireless G Notebook Card Service [Kernel | On_Demand | Stopped] -> system32\DRIVERS\BLKWGN.sys -> File not found
(CCCP106) CIF USB Camera (2110A) [Kernel | On_Demand | Stopped] -> %System32%\drivers\cccp106.sys -> [Ver = 0, 9, 5, 9 | Size = 227200 bytes | Modified Date = 6/24/2003 11:22:44 AM | Attr = R ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\DKbFltr.SYS -> Dritek System Inc. [Ver = 1, 3, 0, 0 | Size = 16896 bytes | Modified Date = 12/8/2004 2:10:00 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(EpmPsd) Acer EPM Power Scheme Driver [Kernel | Auto | Running] -> %System32%\drivers\epm-psd.sys -> Acer Value Labs, USA [Ver = 1.02 | Size = 4096 bytes | Modified Date = 7/19/2004 1:10:00 PM | Attr = ]
(EpmShd) Acer EPM System Hardware Driver [Kernel | Auto | Running] -> %System32%\drivers\epm-shd.sys -> Acer Value Labs, USA [Ver = 1.24 | Size = 78208 bytes | Modified Date = 4/7/2005 6:08:46 PM | Attr = ]
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\Hdaudio.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 145920 bytes | Modified Date = 1/7/2005 5:07:16 PM | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr = ]
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.31.00 built by: WinDDK | Size = 200704 bytes | Modified Date = 6/30/2005 3:16:06 PM | Attr = ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.31.00 built by: WinDDK | Size = 1034752 bytes | Modified Date = 6/30/2005 3:16:58 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4332 | Size = 1050140 bytes | Modified Date = 6/7/2005 8:27:00 PM | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5148 built by: WinDDK | Size = 3855360 bytes | Modified Date = 8/9/2005 4:43:00 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %System32%\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 8/26/2006 12:28:00 PM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 12:04:14 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(NCHSSVAD) SoundTap Recorder [Kernel | On_Demand | Stopped] -> %System32%\drivers\nchssvad.sys -> NCH Swift Sound [Ver = 1.0.0.0 | Size = 21120 bytes | Modified Date = 3/31/2007 2:46:58 PM | Attr = ]
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 6 | Size = 6144 bytes | Modified Date = 8/17/2005 5:45:20 PM | Attr = ]
(osaio) osaio [Kernel | Auto | Running] -> %System32%\drivers\osaio.sys -> OSA Technologies, An Avocent Company [Ver = 5.00.2195.5438 | Size = 7296 bytes | Modified Date = 6/30/2005 4:58:24 PM | Attr = ]
(osanbm) osanbm [Kernel | Auto | Running] -> %System32%\drivers\osanbm.sys -> Windows ® 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 4010 bytes | Modified Date = 1/14/2005 3:57:16 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 2/22/2007 9:29:54 PM | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5.621.0304.2005 built by: WinDDK | Size = 74496 bytes | Modified Date = 3/4/2005 11:10:26 AM | Attr = ]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 9, 0, 1, 3 | Size = 11354 bytes | Modified Date = 10/15/2004 11:20:04 AM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(SSFS0509) Spy Sweeper File System Filer Driver: 0509 [Kernel | Boot | Running] -> %System32%\drivers\SSFS0509.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 20544 bytes | Modified Date = 3/1/2007 7:54:16 PM | Attr = ]
(SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 22080 bytes | Modified Date = 3/1/2007 7:54:16 PM | Attr = ]
(SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 144960 bytes | Modified Date = 3/1/2007 7:54:18 PM | Attr = ]
(SSKBFD) Webroot Spy Sweeper Keylogger Shield Keyboard Filter [Kernel | On_Demand | Running] -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 21056 bytes | Modified Date = 3/1/2007 7:54:22 PM | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 185824 bytes | Modified Date = 10/8/2004 2:33:46 PM | Attr = ]
(UBHelper) UBHelper [Kernel | Boot | Running] -> %System32%\drivers\UBHelper.sys -> [Ver = | Size = 13952 bytes | Modified Date = 12/17/2004 5:14:44 PM | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(w29n51) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %System32%\drivers\w29n51.sys -> IntelŽ Corporation [Ver = 9001-9 Driver | Size = 3222784 bytes | Modified Date = 10/29/2004 6:48:10 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.31.00 built by: WinDDK | Size = 716416 bytes | Modified Date = 6/30/2005 3:16:02 PM | Attr = ]
(wlanndi5) wlanndi5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %System32%\wlanndi5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.56 built by: WinDDK | Size = 16384 bytes | Modified Date = 4/21/2004 5:51:34 PM | Attr = ]
(int15.sys) int15.sys [Kernel | Auto | Running] -> %ProgramFiles%\Acer\eRecovery\int15.sys -> [Ver = | Size = 69632 bytes | Modified Date = 1/13/2005 2:46:16 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 4/30/2007 8:42:48 AM | Attr = ]
BrMfcWnd -> %ProgramFiles%\Brother\Brmfcmon\BrMfcWnd.exe -> [Ver = 2, 0, 0, 13 | Size = 622592 bytes | Modified Date = 6/28/2006 7:46:30 AM | Attr = ]
ControlCenter3 -> %ProgramFiles%\Brother\ControlCenter3\BrCtrCen.exe -> Brother Industries, Ltd. [Ver = 3, 0, 9, 3 | Size = 77824 bytes | Modified Date = 6/29/2006 12:18:06 PM | Attr = ]
epm-dm -> %SystemDrive%\Acer\ePM\epm-dm.exe -> Acer Inc [Ver = 2.71 | Size = 200704 bytes | Modified Date = 8/11/2005 7:21:00 PM | Attr = ]
ePowerManagement -> %SystemDrive%\Acer\ePM\ePM.exe -> Acer Value Labs, Taiwan [Ver = 1.5.6.0 | Size = 2893824 bytes | Modified Date = 3/15/2005 10:03:06 AM | Attr = ]
eRecoveryService -> %ProgramFiles%\Acer\eRecovery\Monitor.exe -> acer Inc. [Ver = 1, 2, 11, 3 | Size = 352256 bytes | Modified Date = 8/18/2005 7:38:46 PM | Attr = ]
PCMService -> %ProgramFiles%\Acer\Acer Arcade\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 143360 bytes | Modified Date = 8/11/2005 11:48:58 AM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 4865600 bytes | Modified Date = 3/1/2007 7:55:36 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 10/8/2004 2:43:12 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 10/8/2004 2:44:24 PM | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 11/21/2006 9:38:22 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DrvMon.exe -> %System32%\DrvMon.exe -> Alcor Micro, Corp. [Ver = 1, 0, 1, 2 | Size = 53248 bytes | Modified Date = 6/14/2006 9:11:10 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,239 | Size = 4670968 bytes | Modified Date = 1/19/2007 12:49:28 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 5/17/2007 9:53:20 AM | Attr = R ]
%AllUsersStartup%\CLCL.lnk -> %ProgramFiles%\CLCL\CLCL.exe -> [Ver = | Size = 180224 bytes | Modified Date = 2/11/2005 6:58:10 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4332 | Size = 131072 bytes | Modified Date = 6/7/2005 7:58:00 PM | Attr = ]
WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 233024 bytes | Modified Date = 3/1/2007 7:55:48 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ˙˙˙˙ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://gomyron.com/NjU2NA==/2/3560/homepage/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{6224f700-cba3-4071-b251-47cb894244cd} -> %ProgramFiles%\ICQ\Icq.exe [ButtonText: ICQ Pro] -> ICQ Inc. [Ver = 5,5,6,3916 | Size = 1880639 bytes | Modified Date = 10/14/2003 10:03:50 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1EFFCCD1-4A9C-450C-8C09-77BA94B4129B} -> () ->
{6BD54B9C-78BC-4989-8E43-2970127400F6} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{C738A48C-B4D4-4F0F-8D96-D2AB43205B39} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063374848 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
COZY -> %SystemDrive%\COZY -> [Folder | Created Date = 6/24/2007 10:20:03 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/26/2007 10:18:02 AM | Attr = ]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 6/26/2007 10:33:22 AM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 6/26/2007 4:06:41 PM | Attr = ]
PDOXUSRS.NET -> %SystemDrive%\PDOXUSRS.NET -> [Ver = | Size = 13030 bytes | Created Date = 7/5/2007 8:34:27 AM | Attr = ]
HJT -> %SystemDrive%\HJT -> [Folder | Created Date = 6/26/2007 3:56:54 PM | Attr = ]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Created Date = 6/26/2007 7:35:45 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 7/2/2007 9:52:07 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 7/2/2007 9:53:31 AM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
Brfaxrx.ini -> %SystemRoot%\Brfaxrx.ini -> [Ver = | Size = 62 bytes | Created Date = 6/14/2007 7:16:19 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 104960 bytes | Created Date = 7/2/2007 9:52:11 AM | Attr = ]
Desktop -> %SystemRoot%\Desktop -> [Folder | Created Date = 6/22/2007 9:37:36 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 7/2/2007 9:53:39 AM | Attr = ]
kidphon.ini -> %SystemRoot%\kidphon.ini -> [Ver = | Size = 69 bytes | Created Date = 6/22/2007 9:37:36 AM | Attr = ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 6/13/2007 2:01:10 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 6/13/2007 2:01:56 AM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 6/13/2007 2:02:00 AM | Attr = H ]
WRUninstall.dll -> %SystemRoot%\WRUninstall.dll -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 271936 bytes | Created Date = 6/26/2007 11:47:00 AM | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 6/26/2007 5:38:55 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
ssiefr.EXE -> %System32%\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 10240 bytes | Created Date = 6/26/2007 11:47:00 AM | Attr = ]
wrlzma.dll -> %System32%\wrlzma.dll -> [Ver = | Size = 26688 bytes | Created Date = 6/26/2007 11:47:00 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 6/25/2007 7:12:43 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Created Date = 6/26/2007 5:38:55 PM | Attr = ]
WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 233024 bytes | Created Date = 6/26/2007 11:47:13 AM | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 95872 bytes | Created Date = 6/26/2007 5:39:03 PM | Attr = ]
sshrmd.sys -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 22080 bytes | Created Date = 6/26/2007 11:47:17 AM | Attr = ]
sskbfd.sys -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 21056 bytes | Created Date = 6/26/2007 11:47:17 AM | Attr = ]
ssidrv.sys -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 144960 bytes | Created Date = 6/26/2007 11:47:17 AM | Attr = ]
SSFS0509.sys -> %System32%\drivers\SSFS0509.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 20544 bytes | Created Date = 6/26/2007 11:47:17 AM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 85952 bytes | Created Date = 6/26/2007 5:39:02 PM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Created Date = 6/26/2007 5:39:02 PM | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Created Date = 6/26/2007 5:39:05 PM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Created Date = 6/26/2007 5:39:06 PM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Created Date = 6/26/2007 5:39:06 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063374848 bytes | Modified Date = 7/4/2007 7:01:44 PM | Attr = HS]
COZY -> %SystemDrive%\COZY -> [Folder | Modified Date = 6/24/2007 11:20:04 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/26/2007 11:18:04 AM | Attr = ]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 6/26/2007 11:33:24 AM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 6/26/2007 12:47:22 AM | Attr = ]
PDOXUSRS.NET -> %SystemDrive%\PDOXUSRS.NET -> [Ver = | Size = 13030 bytes | Modified Date = 7/5/2007 2:07:42 PM | Attr = ]
HJT -> %SystemDrive%\HJT -> [Folder | Modified Date = 6/26/2007 4:56:56 PM | Attr = ]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 6/26/2007 8:35:46 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 7/2/2007 10:52:08 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 7/2/2007 10:53:32 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 779 bytes | Modified Date = 6/26/2007 11:34:32 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/13/2007 3:02:06 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/4/2007 7:01:46 PM | Attr = S]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 6/17/2007 12:11:58 AM | Attr = ]
brdfxspd.dat -> %SystemRoot%\brdfxspd.dat -> [Ver = | Size = 0 bytes | Modified Date = 6/15/2007 7:37:32 AM | Attr = ]
brpcfx.ini -> %SystemRoot%\brpcfx.ini -> [Ver = | Size = 153 bytes | Modified Date = 6/15/2007 7:36:42 AM | Attr = ]
Brpfx04a.ini -> %SystemRoot%\Brpfx04a.ini -> [Ver = | Size = 393 bytes | Modified Date = 6/15/2007 7:37:32 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/26/2007 12:34:58 AM | Attr = H ]
Brfaxrx.ini -> %SystemRoot%\Brfaxrx.ini -> [Ver = | Size = 62 bytes | Modified Date = 6/14/2007 8:16:20 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 104960 bytes | Modified Date = 7/2/2007 5:18:24 PM | Attr = ]
Desktop -> %SystemRoot%\Desktop -> [Folder | Modified Date = 6/22/2007 10:37:38 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 7/2/2007 10:53:40 AM | Attr = ]
kidphon.ini -> %SystemRoot%\kidphon.ini -> [Ver = | Size = 69 bytes | Modified Date = 6/22/2007 10:37:38 AM | Attr = ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 6/13/2007 3:01:12 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 6/13/2007 3:01:58 AM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 6/13/2007 3:02:02 AM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/4/2007 7:01:50 PM | Attr = H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/30/2007 1:17:02 PM | Attr = ]
eRLog.ini -> %System32%\eRLog.ini -> [Ver = | Size = 0 bytes | Modified Date = 7/4/2007 7:02:12 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 7/4/2007 7:02:38 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 61186 bytes | Modified Date = 6/26/2007 5:25:58 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 396688 bytes | Modified Date = 6/26/2007 5:25:58 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 464524 bytes | Modified Date = 6/26/2007 5:25:58 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 6/26/2007 6:39:06 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 7/4/2007 7:02:04 PM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 436 bytes | Modified Date = 7/4/2007 7:02:18 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
aspack , -> %SystemRoot%\Uninstall.exe -> ZbSoft [Ver = 2.0.85.156 | Size = 46080 bytes | Modified Date = 7/26/2001 9:16:16 AM | Attr = ]
aspack , -> %SystemRoot%\Acer.scr -> [Ver = | Size = 187392 bytes | Modified Date = 7/1/2004 11:09:46 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedSco.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.104.0 | Size = 266952 bytes | Modified Date = 5/19/2003 11:37:20 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 3/15/2007 12:19:58 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 2/22/2007 9:25:20 PM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 10/28/2005 9:44:12 AM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 3/15/2007 12:22:38 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 3/15/2007 12:23:16 PM | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 4/30/2007 8:46:10 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]

< End of report >

#8 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:14 AM

Posted 05 July 2007 - 10:16 PM

Please close all open programs because this could affect the fix. Thanks.

Start WinPFind3U. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.





[Kill Explorer]
[Registry - Non-Microsoft Only]
< Internet Explorer Settings > ->
YN -> HKCU: Start Page -> http://gomyron.com/NjU2NA==/2/3560/homepage/
[Empty Temp Folders]
[Start Explorer]
[Reboot]






The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan and a Hijackthis log, separately (the Hijackthis can be pasted on the reply).



I will review the information when it comes back in.



Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
Microsoft MVP Consumer Security--2007-2010

#9 Kittykat69

Kittykat69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 06 July 2007 - 11:35 AM

I ran the fix - it WAS very fast...
but as soon as the fix finished - up came that annoying "cannot find file..." box
when the system rebooted - i entered my password on the login screen but before the desktop even loaded i heard the "error" sound and sure enough - when desktop finally came up (its getting slower to do this everytime i restart) there was the annoying box
the computer is frustratingly slow.




Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
[Empty Temp Folders]
C:\DOCUME~1\Gregory\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Gregory\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 07/05/2007 22:54:18

#10 Kittykat69

Kittykat69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 06 July 2007 - 11:42 AM

WinPFind3 logfile created on: 7/6/2007 9:36:33 AM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Gregory\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1014.05 Mb Total Physical Memory | 577.29 Mb Available Physical Memory | 56.93% Memory free
2.38 Gb Paging File | 2.06 Gb Available in Paging File | 86.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.12 Gb Total Space | 26.81 Gb Free Space | 49.54% Space Free
Drive D: | 54.70 Gb Total Space | 54.70 Gb Free Space | 100.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: NARADAMUNI
Current User Name: Gregory
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
anbmserv.exe -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.6.9 | Size = 1273344 bytes | Modified Date = 6/6/2005 7:08:58 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 4/30/2007 8:42:48 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 4/30/2007 9:04:38 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 4/30/2007 8:42:40 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 4/30/2007 8:41:28 AM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 4/30/2007 8:29:56 AM | Attr = ]
brccmctl.exe -> %ProgramFiles%\Brother\ControlCenter3\BrccMCtl.exe -> Brother Industries, Ltd. [Ver = 3, 0, 89, 89 | Size = 339968 bytes | Modified Date = 6/27/2006 10:30:30 AM | Attr = ]
brmfcwnd.exe -> %ProgramFiles%\Brother\Brmfcmon\BrMfcWnd.exe -> [Ver = 2, 0, 0, 13 | Size = 622592 bytes | Modified Date = 6/28/2006 7:46:30 AM | Attr = ]
brmfimon.exe -> %ProgramFiles%\Brother\Brmfcmon\BrMfimon.exe -> Brother Industries, Ltd. [Ver = 2, 0, 0, 2 | Size = 204800 bytes | Modified Date = 5/8/2006 6:52:04 PM | Attr = ]
clcapsvc.exe -> %ProgramFiles%\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -> [Ver = 4.01.1915 | Size = 249954 bytes | Modified Date = 8/11/2005 11:49:30 AM | Attr = ]
clcl.exe -> %ProgramFiles%\CLCL\CLCL.exe -> [Ver = | Size = 180224 bytes | Modified Date = 2/11/2005 6:58:10 PM | Attr = ]
clmlserver.exe -> %ProgramFiles%\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 2, 1, 0, 1815 | Size = 61440 bytes | Modified Date = 8/11/2005 11:48:36 AM | Attr = ]
clmlservice.exe -> %ProgramFiles%\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe -> Cyberlink [Ver = 2, 1, 0, 1815 | Size = 1077376 bytes | Modified Date = 8/11/2005 11:48:36 AM | Attr = ]
clsched.exe -> %ProgramFiles%\Acer\Acer Arcade\Kernel\TV\CLSched.exe -> [Ver = 4.01.1928 | Size = 114772 bytes | Modified Date = 8/11/2005 11:49:32 AM | Attr = ]
drvmon.exe -> %System32%\DrvMon.exe -> Alcor Micro, Corp. [Ver = 1, 0, 1, 2 | Size = 53248 bytes | Modified Date = 6/14/2006 9:11:10 PM | Attr = ]
epm-dm.exe -> %SystemDrive%\Acer\ePM\epm-dm.exe -> Acer Inc [Ver = 2.71 | Size = 200704 bytes | Modified Date = 8/11/2005 7:21:00 PM | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 10/15/2004 11:22:14 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.4: 2007051502 | Size = 7637104 bytes | Modified Date = 5/31/2007 10:03:06 AM | Attr = ]
monitor.exe -> %ProgramFiles%\Acer\eRecovery\Monitor.exe -> acer Inc. [Ver = 1, 2, 11, 3 | Size = 352256 bytes | Modified Date = 8/18/2005 7:38:46 PM | Attr = ]
pcmservice.exe -> %ProgramFiles%\Acer\Acer Arcade\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 143360 bytes | Modified Date = 8/11/2005 11:48:58 AM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 10/15/2004 11:21:38 AM | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.0.1321 | Size = 143360 bytes | Modified Date = 1/21/2005 7:37:16 PM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 10/15/2004 11:24:48 AM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 10/8/2004 2:43:12 PM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 10/8/2004 2:44:24 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 1/19/2007 12:49:30 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 5/17/2007 9:53:30 AM | Attr = ]
(anbmService) Notebook Manager Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.6.9 | Size = 1273344 bytes | Modified Date = 6/6/2005 7:08:58 PM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 4/30/2007 8:29:56 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 4/30/2007 8:42:40 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 4/30/2007 9:04:38 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 4/30/2007 8:41:28 AM | Attr = ]
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> %ProgramFiles%\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -> [Ver = 4.01.1915 | Size = 249954 bytes | Modified Date = 8/11/2005 11:49:30 AM | Attr = ]
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> %ProgramFiles%\Acer\Acer Arcade\Kernel\TV\CLSched.exe -> [Ver = 4.01.1928 | Size = 114772 bytes | Modified Date = 8/11/2005 11:49:32 AM | Attr = ]
(CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 2, 1, 0, 1815 | Size = 61440 bytes | Modified Date = 8/11/2005 11:48:36 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 10/15/2004 11:22:14 AM | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 10/15/2004 11:21:38 AM | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.0.1321 | Size = 143360 bytes | Modified Date = 1/21/2005 7:37:16 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 10/15/2004 11:24:48 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 4/30/2007 8:42:48 AM | Attr = ]
BrMfcWnd -> %ProgramFiles%\Brother\Brmfcmon\BrMfcWnd.exe -> [Ver = 2, 0, 0, 13 | Size = 622592 bytes | Modified Date = 6/28/2006 7:46:30 AM | Attr = ]
ControlCenter3 -> %ProgramFiles%\Brother\ControlCenter3\BrCtrCen.exe -> Brother Industries, Ltd. [Ver = 3, 0, 9, 3 | Size = 77824 bytes | Modified Date = 6/29/2006 12:18:06 PM | Attr = ]
epm-dm -> %SystemDrive%\Acer\ePM\epm-dm.exe -> Acer Inc [Ver = 2.71 | Size = 200704 bytes | Modified Date = 8/11/2005 7:21:00 PM | Attr = ]
ePowerManagement -> %SystemDrive%\Acer\ePM\ePM.exe -> Acer Value Labs, Taiwan [Ver = 1.5.6.0 | Size = 2893824 bytes | Modified Date = 3/15/2005 10:03:06 AM | Attr = ]
eRecoveryService -> %ProgramFiles%\Acer\eRecovery\Monitor.exe -> acer Inc. [Ver = 1, 2, 11, 3 | Size = 352256 bytes | Modified Date = 8/18/2005 7:38:46 PM | Attr = ]
PCMService -> %ProgramFiles%\Acer\Acer Arcade\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 143360 bytes | Modified Date = 8/11/2005 11:48:58 AM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 10/8/2004 2:43:12 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 10/8/2004 2:44:24 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DrvMon.exe -> %System32%\DrvMon.exe -> Alcor Micro, Corp. [Ver = 1, 0, 1, 2 | Size = 53248 bytes | Modified Date = 6/14/2006 9:11:10 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,239 | Size = 4670968 bytes | Modified Date = 1/19/2007 12:49:28 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 5/17/2007 9:53:20 AM | Attr = R ]
%AllUsersStartup%\CLCL.lnk -> %ProgramFiles%\CLCL\CLCL.exe -> [Ver = | Size = 180224 bytes | Modified Date = 2/11/2005 6:58:10 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4332 | Size = 131072 bytes | Modified Date = 6/7/2005 7:58:00 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ˙˙˙˙ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{6224f700-cba3-4071-b251-47cb894244cd} -> %ProgramFiles%\ICQ\Icq.exe [ButtonText: ICQ Pro] -> ICQ Inc. [Ver = 5,5,6,3916 | Size = 1880639 bytes | Modified Date = 10/14/2003 10:03:50 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1EFFCCD1-4A9C-450C-8C09-77BA94B4129B} -> () ->
{6BD54B9C-78BC-4989-8E43-2970127400F6} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{C738A48C-B4D4-4F0F-8D96-D2AB43205B39} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063374848 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
COZY -> %SystemDrive%\COZY -> [Folder | Created Date = 6/24/2007 10:20:03 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/26/2007 10:18:02 AM | Attr = ]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 6/26/2007 10:33:22 AM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 6/26/2007 4:06:41 PM | Attr = ]
PDOXUSRS.NET -> %SystemDrive%\PDOXUSRS.NET -> [Ver = | Size = 13030 bytes | Created Date = 7/5/2007 8:34:27 AM | Attr = ]
HJT -> %SystemDrive%\HJT -> [Folder | Created Date = 6/26/2007 3:56:54 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 7/5/2007 9:47:25 PM | Attr = HS]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Created Date = 6/26/2007 7:35:45 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 7/2/2007 9:52:07 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 7/2/2007 9:53:31 AM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
Brfaxrx.ini -> %SystemRoot%\Brfaxrx.ini -> [Ver = | Size = 62 bytes | Created Date = 6/14/2007 7:16:19 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 104960 bytes | Created Date = 7/2/2007 9:52:11 AM | Attr = ]
Desktop -> %SystemRoot%\Desktop -> [Folder | Created Date = 6/22/2007 9:37:36 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 7/2/2007 9:53:39 AM | Attr = ]
kidphon.ini -> %SystemRoot%\kidphon.ini -> [Ver = | Size = 69 bytes | Created Date = 6/22/2007 9:37:36 AM | Attr = ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 6/13/2007 2:01:10 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 6/13/2007 2:01:56 AM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 6/13/2007 2:02:00 AM | Attr = H ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 6/26/2007 5:38:55 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 6/25/2007 7:12:43 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 7/2/2007 9:52:10 AM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Created Date = 6/26/2007 5:38:55 PM | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 95872 bytes | Created Date = 6/26/2007 5:39:03 PM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 85952 bytes | Created Date = 6/26/2007 5:39:02 PM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Created Date = 6/26/2007 5:39:02 PM | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Created Date = 6/26/2007 5:39:05 PM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Created Date = 6/26/2007 5:39:06 PM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Created Date = 6/26/2007 5:39:06 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063374848 bytes | Modified Date = 7/5/2007 10:55:28 PM | Attr = HS]
COZY -> %SystemDrive%\COZY -> [Folder | Modified Date = 6/24/2007 11:20:04 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/26/2007 11:18:04 AM | Attr = ]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 6/26/2007 11:33:24 AM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 6/26/2007 12:47:22 AM | Attr = ]
PDOXUSRS.NET -> %SystemDrive%\PDOXUSRS.NET -> [Ver = | Size = 13030 bytes | Modified Date = 7/5/2007 2:07:42 PM | Attr = ]
HJT -> %SystemDrive%\HJT -> [Folder | Modified Date = 6/26/2007 4:56:56 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 7/5/2007 10:47:26 PM | Attr = HS]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 6/26/2007 8:35:46 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 7/2/2007 10:52:08 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 7/2/2007 10:53:32 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 779 bytes | Modified Date = 6/26/2007 11:34:32 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/13/2007 3:02:06 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/5/2007 10:55:28 PM | Attr = S]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 6/17/2007 12:11:58 AM | Attr = ]
brdfxspd.dat -> %SystemRoot%\brdfxspd.dat -> [Ver = | Size = 0 bytes | Modified Date = 6/15/2007 7:37:32 AM | Attr = ]
brpcfx.ini -> %SystemRoot%\brpcfx.ini -> [Ver = | Size = 153 bytes | Modified Date = 6/15/2007 7:36:42 AM | Attr = ]
Brpfx04a.ini -> %SystemRoot%\Brpfx04a.ini -> [Ver = | Size = 393 bytes | Modified Date = 6/15/2007 7:37:32 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/26/2007 12:34:58 AM | Attr = H ]
Brfaxrx.ini -> %SystemRoot%\Brfaxrx.ini -> [Ver = | Size = 62 bytes | Modified Date = 6/14/2007 8:16:20 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 104960 bytes | Modified Date = 7/2/2007 5:18:24 PM | Attr = ]
Desktop -> %SystemRoot%\Desktop -> [Folder | Modified Date = 6/22/2007 10:37:38 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 7/2/2007 10:53:40 AM | Attr = ]
kidphon.ini -> %SystemRoot%\kidphon.ini -> [Ver = | Size = 69 bytes | Modified Date = 6/22/2007 10:37:38 AM | Attr = ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 6/13/2007 3:01:12 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 6/13/2007 3:01:58 AM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 6/13/2007 3:02:02 AM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/5/2007 10:55:34 PM | Attr = H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/30/2007 1:17:02 PM | Attr = ]
eRLog.ini -> %System32%\eRLog.ini -> [Ver = | Size = 0 bytes | Modified Date = 7/5/2007 10:55:46 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 7/5/2007 10:56:12 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 61186 bytes | Modified Date = 6/26/2007 5:25:58 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 396688 bytes | Modified Date = 6/26/2007 5:25:58 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 464524 bytes | Modified Date = 6/26/2007 5:25:58 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 6/26/2007 6:39:06 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 7/5/2007 10:55:42 PM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 436 bytes | Modified Date = 7/5/2007 10:55:56 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
aspack , -> %SystemRoot%\Uninstall.exe -> ZbSoft [Ver = 2.0.85.156 | Size = 46080 bytes | Modified Date = 7/26/2001 9:16:16 AM | Attr = ]
aspack , -> %SystemRoot%\Acer.scr -> [Ver = | Size = 187392 bytes | Modified Date = 7/1/2004 11:09:46 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedSco.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.104.0 | Size = 266952 bytes | Modified Date = 5/19/2003 11:37:20 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 3/15/2007 12:19:58 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 2/22/2007 9:25:20 PM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 10/28/2005 9:44:12 AM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 3/15/2007 12:22:38 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 3/15/2007 12:23:16 PM | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 4/30/2007 8:46:10 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]

< End of report >


Logfile of HijackThis v1.99.1
Scan saved at 9:41:40 AM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CLCL\CLCL.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Documents and Settings\Gregory\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [eRecoveryService] "C:\Program Files\Acer\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: KEYLOGGER.lnk = ?
O4 - Global Startup: CLCL.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

#11 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:14 AM

Posted 06 July 2007 - 11:45 AM

Okay lets try this
  • Right-Click on your Desktop and click on Properties.
  • Click on the Desktop Tab.
  • Click on the Web Tab.
  • Under Web Pages:, look for this privacyprotector.html.
  • If found, click on it and click on Delete
  • Click on Ok to exit.

Microsoft MVP Consumer Security--2007-2010

#12 Kittykat69

Kittykat69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 07 July 2007 - 06:03 PM

Okay lets try this

  • Right-Click on your Desktop and click on Properties.
  • Click on the Desktop Tab.
  • Click on the Web Tab.
  • Under Web Pages:, look for this privacyprotector.html.
  • If found, click on it and click on Delete
  • Click on Ok to exit.



When I right click desktop nothing happens at all
im guessing right click for desktop has been disabled

#13 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:14 AM

Posted 07 July 2007 - 06:26 PM

Go to Control Panel[/b-->[b]Display--> and follow those directions.
Microsoft MVP Consumer Security--2007-2010

#14 Kittykat69

Kittykat69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 09 July 2007 - 06:44 PM

u did it!!!!!!!!!

thankyou

#15 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:14 AM

Posted 09 July 2007 - 09:47 PM

How is everything running???
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users