We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
hijackthis please check
Comments
-
had some problems trying to do this. hope its ok will try again if wrong.
ComboFix 09-05-14.03 - CHAMP---LOUISE 16/05/2009 14:22.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.895 [GMT 1:00]
Running from: c:\users\CHAMP---LOUISE\Downloads\ComboFix.exe
Command switches used :: c:\users\CHAMP---LOUISE\AppData\Roaming\Microsoft\Windows\Recent\CFScript.lnk
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: PCguard Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.
2009-05-15 19:18 . 2009-05-15 19:18
d
w c:\users\CHAMP---LOUISE\AppData\Local\Adobe
2009-05-15 12:24 . 2009-05-15 12:24
d
w c:\programdata\WindowsSearch
2009-05-15 12:24 . 2009-05-15 12:24
d
w c:\users\All Users\WindowsSearch
2009-05-15 09:33 . 2009-05-15 09:33
d
w c:\windows\system32\config\systemprofile\Downloads
2009-05-15 09:11 . 2009-03-24 15:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-15 09:11 . 2009-05-15 09:11
d
w c:\program files\Avira
2009-05-15 09:11 . 2009-05-15 09:11
d
w c:\programdata\Avira
2009-05-15 09:11 . 2009-05-15 09:11
d
w c:\users\All Users\Avira
2009-05-14 22:16 . 2009-05-14 22:16
d
w c:\windows\Sun
2009-05-14 16:21 . 2009-05-16 13:04
d
w c:\programdata\Spybot - Search & Destroy
2009-05-14 16:21 . 2009-05-16 13:04
d
w c:\users\All Users\Spybot - Search & Destroy
2009-05-14 16:21 . 2009-05-14 16:21
d
w c:\program files\Spybot - Search & Destroy
2009-05-14 13:57 . 2009-05-14 13:57
d
w c:\users\CHAMP---LOUISE\AppData\Local\Apple Computer
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\CHAMP---LOUISE\AppData\Roaming\Intel
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\Public\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\Default\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\CHAMP---LOUISE\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\programdata\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\All Users\Roaming
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\program files\Cisco
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\program files\Common Files\Intel
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\programdata\Intel
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\users\All Users\Intel
2009-05-14 12:26 . 2009-05-14 12:26
d
w c:\users\CHAMP---LOUISE\AppData\Local\Microsoft Help
2009-05-14 10:05 . 2009-05-14 10:05
d
w c:\program files\VS Revo Group
2009-05-14 09:24 . 2009-05-14 09:24
d
w c:\programdata\NortonInstaller
2009-05-14 09:24 . 2009-05-14 09:24
d
w c:\users\All Users\NortonInstaller
2009-05-14 08:52 . 2009-05-14 08:52
d
w c:\program files\Bonjour
2009-05-14 08:51 . 2009-05-14 08:52
d
w c:\program files\QuickTime
2009-05-12 19:23 . 2009-05-12 19:23
d
w c:\program files\Trend Micro
2009-05-12 17:21 . 2009-05-12 17:21
d
w C:\Malwarebytes' Anti-Malware
2009-05-12 16:44 . 2007-05-30 12:10 10872 ----a-w c:\windows\system32\drivers\AvgAsCln.sys
2009-05-12 16:44 . 2009-05-12 16:44
d
w c:\programdata\Grisoft
2009-05-12 16:44 . 2009-05-12 16:44
d
w c:\users\All Users\Grisoft
2009-04-19 18:30 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-19 18:30 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-19 18:30 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-19 18:30 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 23:27 . 2008-01-19 15:38
d
w c:\program files\GamesBar
2009-05-14 13:57 . 2008-01-17 18:27 70104 ----a-w c:\users\CHAMP---LOUISE\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-14 12:30 . 2007-08-13 23:08
d
w c:\program files\Intel
2009-05-14 12:24 . 2007-08-14 00:18
d
w c:\program files\Microsoft Works
2009-05-14 09:25 . 2007-08-14 00:25
d
w c:\program files\Common Files\Symantec Shared
2009-05-14 08:50 . 2008-02-21 22:19
d
w c:\program files\Common Files\Apple
2009-05-13 17:24 . 2008-12-12 14:41 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-13 17:24 . 2008-01-29 17:45
d
w c:\program files\Java
2009-05-13 16:12 . 2006-11-02 11:18
d
w c:\program files\Windows Mail
2009-04-06 21:57 . 2009-04-06 21:57
d
w c:\program files\CCleaner
2009-04-06 14:32 . 2009-04-06 12:14 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-04-06 12:14 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 12:14 . 2009-04-06 12:14
d
w c:\program files\Malwarebytes' Anti-Malware
2009-03-19 22:58 . 2008-01-18 19:56 344 ----a-w c:\users\CHAMP---LOUISE\AppData\Roaming\wklnhst.dat
2009-03-13 18:32 . 2009-03-13 18:32 680 ----a-w c:\users\CHAMP---LOUISE\AppData\Local\d3d9caps.dat
2009-03-11 19:03 . 2008-04-08 13:13 47360 ----a-w c:\users\CHAMP---LOUISE\AppData\Roaming\pcouffin.sys
2009-03-11 18:34 . 2009-03-11 17:41 94208 ----a-w c:\users\CHAMP---LOUISE\AppData\Roaming\ezplay.sys
2009-03-11 17:41 . 2009-03-11 17:41 94208 ----a-w c:\windows\system32\drivers\ezplay.sys
2009-03-08 11:34 . 2009-04-02 12:07 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-02 12:07 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-02 12:07 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-02 12:07 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-02 12:07 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-02 12:07 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-02 12:07 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-02 12:07 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-02 12:07 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-02 12:07 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-02 12:08 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-02 12:07 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-02 12:07 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-02 12:07 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-02 12:07 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-02 12:08 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-02 12:07 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-02 12:07 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-19 18:31 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-19 18:31 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-19 18:31 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-19 18:31 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-19 18:31 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-19 18:31 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-19 18:31 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-19 18:31 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-19 18:31 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-19 18:31 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-25 13:50 . 2009-02-25 13:00 53192 ----a-w c:\windows\system32\drivers\rp_skt32.sys
2009-02-25 13:44 . 2009-02-25 13:16 6921812 ----a-w C:\PPCleanDeleteAtReboot.bat
2008-08-30 00:28 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-05-14_23.32.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-15 09:08 . 2009-05-15 09:08 54272 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39\vcomp90.dll
+ 2009-05-15 09:08 . 2009-05-15 09:08 62976 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90RUS.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 46080 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90KOR.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 46592 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90JPN.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 64512 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ITA.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 66048 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90FRA.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESP.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESN.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 56832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 66560 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90DEU.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 39936 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHT.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 38912 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHS.DLL
+ 2009-05-15 09:08 . 2009-05-15 09:08 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90u.dll
+ 2009-05-15 09:08 . 2009-05-15 09:08 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 51712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 83968 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wmiutils.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 30208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemprox.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 35328 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mspatcha.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 22016 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsMsg.dll
+ 2007-08-13 23:14 . 2009-05-16 12:35 87974 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-16 12:35 80650 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-17 18:28 . 2009-05-16 12:35 17196 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1471947038-1734257963-2722028270-1000_UserData.bin
+ 2009-05-15 09:11 . 2009-02-13 11:50 28376 c:\windows\System32\drivers\ssmdrv.sys
+ 2009-05-15 09:11 . 2009-03-30 09:33 96104 c:\windows\System32\drivers\avipbb.sys
- 2007-09-12 09:35 . 2009-05-14 19:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-12 09:35 . 2009-05-16 12:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-12 09:35 . 2009-05-14 19:28 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-12 09:35 . 2009-05-16 12:39 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-15 09:33 . 2009-05-15 09:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009051520090516\index.dat
+ 2007-09-12 09:35 . 2009-05-16 12:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-15 09:33 . 2009-05-15 09:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-05-16 12:33 . 2009-05-16 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 19:26 . 2009-05-14 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-16 12:33 . 2009-05-16 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-14 19:26 . 2009-05-14 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-15 09:08 . 2009-05-15 09:08 655872 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
+ 2009-05-15 09:08 . 2009-05-15 09:08 572928 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcp90.dll
+ 2009-05-15 09:08 . 2009-05-15 09:08 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcm90.dll
+ 2009-05-15 09:08 . 2009-05-15 09:08 161784 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e\ATL90.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 182784 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\xmllite.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 218624 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wdscore.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 744448 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcore.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 357888 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcomn.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 116736 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smipi.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 139264 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\SmiInstaller.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 705536 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smiengine.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 126464 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\rescinst.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\repdrvfs.dll
+ 2009-05-15 22:00 . 2009-04-11 06:27 119296 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe
+ 2009-05-15 22:00 . 2009-04-11 06:27 130560 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\PkgMgr.exe
+ 2009-05-15 22:00 . 2009-04-11 06:28 146432 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\OEMHelpIns.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 305152 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\msdelta.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 102400 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofinstall.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 189440 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofd.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 222720 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\locdrv.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\helpcins.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 614912 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\fastprox.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\esscli.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 247808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\drvstore.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 258048 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\dpx.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 243712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CntrtextInstaller.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 271360 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmitrust.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 119808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiadapter.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 535040 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsCore.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 199168 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apss.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 222208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apircl.dll
+ 2008-08-30 13:42 . 2009-05-15 16:18 263246 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-05-14 19:32 600378 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-16 12:38 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-14 19:32 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-16 12:38 105852 c:\windows\System32\perfc009.dat
- 2009-01-29 13:01 . 2009-05-14 15:39 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-01-29 13:01 . 2009-05-16 12:39 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-15 09:08 . 2009-05-15 09:08 3783672 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll
+ 2009-05-15 09:08 . 2009-05-15 09:08 3768312 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 1835520 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 2032640 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiv2.dll
+ 2009-05-15 22:00 . 2009-04-11 06:28 1744384 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apds.dll
+ 2006-11-02 10:22 . 2009-05-16 02:18 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-05-14 22:14 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-02-14 17:41 . 2009-05-15 09:08 193784486 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.slowly going nuts at the world:T0 -
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^CHAMP---LOUISE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\CHAMP---LOUISE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8451B11E-A98D-4AA1-93C4-2A77CA5275F7}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4327829C-53E2-4708-B1F6-50A583BF5E6F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB57721A-FAFE-4224-8FE6-1202ADE9551F}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{B7781F29-D92A-4D7F-9F1D-46E06BFD4728}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4A1AEB95-DD02-4F65-B38D-D311A5CF3166}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1B217417-4619-4B4B-8A4B-4934A24FEDC8}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{8F88980E-C9D4-4CE5-8688-A1D503FF4B7A}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{7996CFA7-66B2-4DA7-9C29-6986BB117FDD}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{9CE7AD0D-1122-49B6-B8DE-50B017B2EB97}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{FF5B2291-C0FC-4D96-98B8-DCC982E3078B}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{2CCDE5CD-260A-4B5D-A1DD-FEC70D70AC1C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DFDBF8D4-9CD9-4CEF-92AE-F1069C62D0B8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{56057D38-6568-421D-AB5E-65476BDBFE1B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A4B95A4C-C05B-4E08-B0D3-82DAB80197B2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{4B37F756-BC14-4F56-8E80-96B6573FC68C}c:\\program files\\babelgum\\babelgum.exe"= UDP:c:\program files\babelgum\babelgum.exe:Babelgum
"UDP Query User{083EA5A4-7FB0-4A74-A19E-D171881450DA}c:\\program files\\babelgum\\babelgum.exe"= TCP:c:\program files\babelgum\babelgum.exe:Babelgum
"TCP Query User{5CA3A54A-F93E-4D56-8B65-EBECE1D7D566}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{868B9A53-436E-4337-95D0-4E01CE133692}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:File Transfer Program
"{16B15D1C-C6E2-47A0-8029-6146B7A20D01}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{0E6A1F25-9E15-4F3A-AE6B-B8D4F615B244}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6115F0A0-362E-47A0-8A1C-BEFC5E35BCB3}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{495ADD24-0978-4448-96F6-885CF5C92188}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{82724138-BDDE-4B84-9562-93589CC24F0E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{653E5C6E-2534-4F44-9843-CED629CCE080}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{436424C4-9589-49CD-B73A-A38031F29102}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1C38C3D0-8F8F-438E-8350-2B252B711D3F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F7236B29-33A0-4593-BDB5-52783883C842}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{AF9B5226-9726-43FD-A4E5-AE01E30307E7}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{9BACAE6D-3986-4254-8048-772AE9AA93C0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{70BBD265-53A7-45B6-850F-985B7CB3205B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{BA30015B-5E69-4E93-AD3D-0B0F2420AA46}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BAE34D23-165B-4504-B4D6-A36ACCD92299}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [09/03/2008 23:19 41456]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [14/08/2007 01:54 50688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/05/2009 10:11 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14/05/2009 17:21 1153368]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 07:40 3668480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [13/08/2007 23:49 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [13/08/2007 23:49 179712]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [12/11/2007 11:03 468480]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\System32\dllhost.exe [02/11/2006 09:50 7168]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [27/02/2008 00:31 80744]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db46cb42-c5fb-11dc-986d-f50d6083582f}]
\shell\AutoRun\command - E:\setupSNK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{6C928055-B837-47B3-B111-ECF4D40A487C}.job
- c:\windows\system32\msfeedssync.exe [2009-04-02 11:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.virginmedia.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\CHAMP---LOUISE\AppData\Roaming\Mozilla\Firefox\Profiles\gtxa5f2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 14:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP000000846C2E6D61F60A808C 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(4764)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2009-05-16 14:29
ComboFix-quarantined-files.txt 2009-05-16 13:29
Pre-Run: 9,967,497,216 bytes free
Post-Run: 9,787,404,288 bytes free
354 --- E O F --- 2009-05-16 02:01slowly going nuts at the world:T0 -
Nope
Dont know what you did there but its not what you needed to do. Simply open NOTEPAD
COPY and PASTE the text in red into it. SAVE it as "CFScript" (Making the complete filename 'CFScript.exe')
DRAG the notepad file (CFScript.exe) INTO the combofix.exe. It should auto run (do NOT double click combofix or click to open it or whatever. The notepad needs to be dragged and dropped ONTO it to get it to work to remove the files):idea:0 -
still looks the same to me but i know nothing:rotfl: Please say this is right i can see the files we wanted this time on it!
ComboFix 09-05-15.06 - CHAMP---LOUISE 16/05/2009 15:34.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.1002 [GMT 1:00]
Running from: c:\users\CHAMP---LOUISE\Downloads\ComboFix.exe
Command switches used :: c:\users\CHAMP---LOUISE\Documents\CFScript.txt
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: PCguard Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
c:\users\CHAMP---LOUISE\AppData\LocalLow\Sun\Java\Deployment\cache\ 6.0\29\320245dd-6d06dfaa
c:\users\CHAMP---LOUISE\AppData\LocalLow\Sun\Java\Deployment\cache\ 6.0\8\590ac148-7de49348
.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.
2009-05-15 19:18 . 2009-05-15 19:18
d
w c:\users\CHAMP---LOUISE\AppData\Local\Adobe
2009-05-15 12:24 . 2009-05-15 12:24
d
w c:\programdata\WindowsSearch
2009-05-15 12:24 . 2009-05-15 12:24
d
w c:\users\All Users\WindowsSearch
2009-05-15 09:33 . 2009-05-15 09:33
d
w c:\windows\system32\config\systemprofile\Downloads
2009-05-15 09:11 . 2009-03-24 15:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-15 09:11 . 2009-05-15 09:11
d
w c:\program files\Avira
2009-05-15 09:11 . 2009-05-15 09:11
d
w c:\programdata\Avira
2009-05-15 09:11 . 2009-05-15 09:11
d
w c:\users\All Users\Avira
2009-05-14 22:16 . 2009-05-14 22:16
d
w c:\windows\Sun
2009-05-14 16:21 . 2009-05-16 13:04
d
w c:\programdata\Spybot - Search & Destroy
2009-05-14 16:21 . 2009-05-16 13:04
d
w c:\users\All Users\Spybot - Search & Destroy
2009-05-14 16:21 . 2009-05-14 16:21
d
w c:\program files\Spybot - Search & Destroy
2009-05-14 13:57 . 2009-05-14 13:57
d
w c:\users\CHAMP---LOUISE\AppData\Local\Apple Computer
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\CHAMP---LOUISE\AppData\Roaming\Intel
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\Public\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\Default\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\CHAMP---LOUISE\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\programdata\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\All Users\Roaming
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\program files\Cisco
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\program files\Common Files\Intel
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\programdata\Intel
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\users\All Users\Intel
2009-05-14 12:26 . 2009-05-14 12:26
d
w c:\users\CHAMP---LOUISE\AppData\Local\Microsoft Help
2009-05-14 10:05 . 2009-05-14 10:05
d
w c:\program files\VS Revo Group
2009-05-14 09:24 . 2009-05-14 09:24
d
w c:\programdata\NortonInstaller
2009-05-14 09:24 . 2009-05-14 09:24
d
w c:\users\All Users\NortonInstaller
2009-05-14 08:52 . 2009-05-14 08:52
d
w c:\program files\Bonjour
2009-05-14 08:51 . 2009-05-14 08:52
d
w c:\program files\QuickTime
2009-05-12 19:23 . 2009-05-12 19:23
d
w c:\program files\Trend Micro
2009-05-12 17:21 . 2009-05-12 17:21
d
w C:\Malwarebytes' Anti-Malware
2009-05-12 16:44 . 2007-05-30 12:10 10872 ----a-w c:\windows\system32\drivers\AvgAsCln.sys
2009-05-12 16:44 . 2009-05-12 16:44
d
w c:\programdata\Grisoft
2009-05-12 16:44 . 2009-05-12 16:44
d
w c:\users\All Users\Grisoft
2009-04-19 18:30 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-19 18:30 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-19 18:30 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-19 18:30 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 23:27 . 2008-01-19 15:38
d
w c:\program files\GamesBar
2009-05-14 13:57 . 2008-01-17 18:27 70104 ----a-w c:\users\CHAMP---LOUISE\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-14 12:30 . 2007-08-13 23:08
d
w c:\program files\Intel
2009-05-14 12:24 . 2007-08-14 00:18
d
w c:\program files\Microsoft Works
2009-05-14 09:25 . 2007-08-14 00:25
d
w c:\program files\Common Files\Symantec Shared
2009-05-14 08:50 . 2008-02-21 22:19
d
w c:\program files\Common Files\Apple
2009-05-13 17:24 . 2008-12-12 14:41 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-13 17:24 . 2008-01-29 17:45
d
w c:\program files\Java
2009-05-13 16:12 . 2006-11-02 11:18
d
w c:\program files\Windows Mail
2009-04-06 21:57 . 2009-04-06 21:57
d
w c:\program files\CCleaner
2009-04-06 14:32 . 2009-04-06 12:14 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-04-06 12:14 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 12:14 . 2009-04-06 12:14
d
w c:\program files\Malwarebytes' Anti-Malware
2009-03-19 22:58 . 2008-01-18 19:56 344 ----a-w c:\users\CHAMP---LOUISE\AppData\Roaming\wklnhst.dat
2009-03-13 18:32 . 2009-03-13 18:32 680 ----a-w c:\users\CHAMP---LOUISE\AppData\Local\d3d9caps.dat
2009-03-11 19:03 . 2008-04-08 13:13 47360 ----a-w c:\users\CHAMP---LOUISE\AppData\Roaming\pcouffin.sys
2009-03-11 18:34 . 2009-03-11 17:41 94208 ----a-w c:\users\CHAMP---LOUISE\AppData\Roaming\ezplay.sys
2009-03-11 17:41 . 2009-03-11 17:41 94208 ----a-w c:\windows\system32\drivers\ezplay.sys
2009-03-08 11:34 . 2009-04-02 12:07 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-02 12:07 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-02 12:07 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-02 12:07 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-02 12:07 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-02 12:07 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-02 12:07 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-02 12:07 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-02 12:07 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-02 12:07 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-02 12:08 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-02 12:07 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-02 12:07 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-02 12:07 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-02 12:07 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-02 12:08 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-02 12:07 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-02 12:07 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-19 18:31 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-19 18:31 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-19 18:31 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-19 18:31 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-19 18:31 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-19 18:31 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-19 18:31 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-19 18:31 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-19 18:31 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-19 18:31 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-25 13:50 . 2009-02-25 13:00 53192 ----a-w c:\windows\system32\drivers\rp_skt32.sys
2009-02-25 13:44 . 2009-02-25 13:16 6921812 ----a-w C:\PPCleanDeleteAtReboot.bat
2008-08-30 00:28 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^CHAMP---LOUISE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\CHAMP---LOUISE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8451B11E-A98D-4AA1-93C4-2A77CA5275F7}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4327829C-53E2-4708-B1F6-50A583BF5E6F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB57721A-FAFE-4224-8FE6-1202ADE9551F}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{B7781F29-D92A-4D7F-9F1D-46E06BFD4728}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4A1AEB95-DD02-4F65-B38D-D311A5CF3166}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1B217417-4619-4B4B-8A4B-4934A24FEDC8}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{8F88980E-C9D4-4CE5-8688-A1D503FF4B7A}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{7996CFA7-66B2-4DA7-9C29-6986BB117FDD}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{9CE7AD0D-1122-49B6-B8DE-50B017B2EB97}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{FF5B2291-C0FC-4D96-98B8-DCC982E3078B}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{2CCDE5CD-260A-4B5D-A1DD-FEC70D70AC1C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DFDBF8D4-9CD9-4CEF-92AE-F1069C62D0B8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{56057D38-6568-421D-AB5E-65476BDBFE1B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A4B95A4C-C05B-4E08-B0D3-82DAB80197B2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{4B37F756-BC14-4F56-8E80-96B6573FC68C}c:\\program files\\babelgum\\babelgum.exe"= UDP:c:\program files\babelgum\babelgum.exe:Babelgum
"UDP Query User{083EA5A4-7FB0-4A74-A19E-D171881450DA}c:\\program files\\babelgum\\babelgum.exe"= TCP:c:\program files\babelgum\babelgum.exe:Babelgum
"TCP Query User{5CA3A54A-F93E-4D56-8B65-EBECE1D7D566}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{868B9A53-436E-4337-95D0-4E01CE133692}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:File Transfer Program
"{16B15D1C-C6E2-47A0-8029-6146B7A20D01}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{0E6A1F25-9E15-4F3A-AE6B-B8D4F615B244}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6115F0A0-362E-47A0-8A1C-BEFC5E35BCB3}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{495ADD24-0978-4448-96F6-885CF5C92188}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{82724138-BDDE-4B84-9562-93589CC24F0E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{653E5C6E-2534-4F44-9843-CED629CCE080}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{436424C4-9589-49CD-B73A-A38031F29102}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1C38C3D0-8F8F-438E-8350-2B252B711D3F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F7236B29-33A0-4593-BDB5-52783883C842}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{AF9B5226-9726-43FD-A4E5-AE01E30307E7}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{9BACAE6D-3986-4254-8048-772AE9AA93C0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{70BBD265-53A7-45B6-850F-985B7CB3205B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{BA30015B-5E69-4E93-AD3D-0B0F2420AA46}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BAE34D23-165B-4504-B4D6-A36ACCD92299}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [09/03/2008 23:19 41456]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [14/08/2007 01:54 50688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/05/2009 10:11 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14/05/2009 17:21 1153368]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 07:40 3668480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [13/08/2007 23:49 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [13/08/2007 23:49 179712]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [12/11/2007 11:03 468480]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\System32\dllhost.exe [02/11/2006 09:50 7168]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [27/02/2008 00:31 80744]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{6C928055-B837-47B3-B111-ECF4D40A487C}.job
- c:\windows\system32\msfeedssync.exe [2009-04-02 11:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.virginmedia.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\CHAMP---LOUISE\AppData\Roaming\Mozilla\Firefox\Profiles\gtxa5f2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 15:37
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(4388)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2009-05-16 15:39
ComboFix-quarantined-files.txt 2009-05-16 14:39
ComboFix2.txt 2009-05-16 13:29
Pre-Run: 9,824,342,016 bytes free
Post-Run: 9,774,993,408 bytes free
268 --- E O F --- 2009-05-16 02:01slowly going nuts at the world:T0 -
Well youve done as I asked but it hasnt removed them
I thought they were odd filenames but now im not sure what they are (I cant see them being folders as kasperskys only supposed to flag up actual files)
Id suggest removing the cr*p anti virus programs your using now and replace with AVIRA and scan with that (Which WILL remove whatever it finds):idea:0 -
Is this right? I am determind to get it lol
ComboFix 09-05-15.06 - CHAMP---LOUISE 16/05/2009 16:38.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.947 [GMT 1:00]
Running from: c:\users\CHAMP---LOUISE\Downloads\ComboFix.exe
Command switches used :: c:\users\CHAMP---LOUISE\Documents\CFScript.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: PCguard Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
c:\users\CHAMP---LOUISE\AppData\LocalLow\Sun\Java\Deployment\cache\ 6.0\29\320245dd-6d06dfaa
c:\users\CHAMP---LOUISE\AppData\LocalLow\Sun\Java\Deployment\cache\ 6.0\8\590ac148-7de49348
.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.
2009-05-15 19:18 . 2009-05-15 19:18
d
w c:\users\CHAMP---LOUISE\AppData\Local\Adobe
2009-05-15 12:24 . 2009-05-15 12:24
d
w c:\programdata\WindowsSearch
2009-05-15 12:24 . 2009-05-15 12:24
d
w c:\users\All Users\WindowsSearch
2009-05-15 09:33 . 2009-05-15 09:33
d
w c:\windows\system32\config\systemprofile\Downloads
2009-05-15 09:11 . 2009-03-24 15:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-15 09:11 . 2009-05-15 09:11
d
w c:\program files\Avira
2009-05-15 09:11 . 2009-05-15 09:11
d
w c:\programdata\Avira
2009-05-15 09:11 . 2009-05-15 09:11
d
w c:\users\All Users\Avira
2009-05-14 22:16 . 2009-05-14 22:16
d
w c:\windows\Sun
2009-05-14 16:21 . 2009-05-16 13:04
d
w c:\programdata\Spybot - Search & Destroy
2009-05-14 16:21 . 2009-05-16 13:04
d
w c:\users\All Users\Spybot - Search & Destroy
2009-05-14 16:21 . 2009-05-14 16:21
d
w c:\program files\Spybot - Search & Destroy
2009-05-14 13:57 . 2009-05-14 13:57
d
w c:\users\CHAMP---LOUISE\AppData\Local\Apple Computer
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\CHAMP---LOUISE\AppData\Roaming\Intel
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\Public\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\Default\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\CHAMP---LOUISE\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\programdata\Roaming
2009-05-14 12:32 . 2009-05-14 12:32
d
w c:\users\All Users\Roaming
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\program files\Cisco
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\program files\Common Files\Intel
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\programdata\Intel
2009-05-14 12:30 . 2009-05-14 12:30
d
w c:\users\All Users\Intel
2009-05-14 12:26 . 2009-05-14 12:26
d
w c:\users\CHAMP---LOUISE\AppData\Local\Microsoft Help
2009-05-14 10:05 . 2009-05-14 10:05
d
w c:\program files\VS Revo Group
2009-05-14 09:24 . 2009-05-14 09:24
d
w c:\programdata\NortonInstaller
2009-05-14 09:24 . 2009-05-14 09:24
d
w c:\users\All Users\NortonInstaller
2009-05-14 08:52 . 2009-05-14 08:52
d
w c:\program files\Bonjour
2009-05-14 08:51 . 2009-05-14 08:52
d
w c:\program files\QuickTime
2009-05-12 19:23 . 2009-05-12 19:23
d
w c:\program files\Trend Micro
2009-05-12 17:21 . 2009-05-12 17:21
d
w C:\Malwarebytes' Anti-Malware
2009-05-12 16:44 . 2007-05-30 12:10 10872 ----a-w c:\windows\system32\drivers\AvgAsCln.sys
2009-05-12 16:44 . 2009-05-12 16:44
d
w c:\programdata\Grisoft
2009-05-12 16:44 . 2009-05-12 16:44
d
w c:\users\All Users\Grisoft
2009-04-19 18:30 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-19 18:30 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-19 18:30 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-19 18:30 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 23:27 . 2008-01-19 15:38
d
w c:\program files\GamesBar
2009-05-14 13:57 . 2008-01-17 18:27 70104 ----a-w c:\users\CHAMP---LOUISE\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-14 12:30 . 2007-08-13 23:08
d
w c:\program files\Intel
2009-05-14 12:24 . 2007-08-14 00:18
d
w c:\program files\Microsoft Works
2009-05-14 09:25 . 2007-08-14 00:25
d
w c:\program files\Common Files\Symantec Shared
2009-05-14 08:50 . 2008-02-21 22:19
d
w c:\program files\Common Files\Apple
2009-05-13 17:24 . 2008-12-12 14:41 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-13 17:24 . 2008-01-29 17:45
d
w c:\program files\Java
2009-05-13 16:12 . 2006-11-02 11:18
d
w c:\program files\Windows Mail
2009-04-06 21:57 . 2009-04-06 21:57
d
w c:\program files\CCleaner
2009-04-06 14:32 . 2009-04-06 12:14 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-04-06 12:14 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 12:14 . 2009-04-06 12:14
d
w c:\program files\Malwarebytes' Anti-Malware
2009-03-19 22:58 . 2008-01-18 19:56 344 ----a-w c:\users\CHAMP---LOUISE\AppData\Roaming\wklnhst.dat
2009-03-13 18:32 . 2009-03-13 18:32 680 ----a-w c:\users\CHAMP---LOUISE\AppData\Local\d3d9caps.dat
2009-03-11 19:03 . 2008-04-08 13:13 47360 ----a-w c:\users\CHAMP---LOUISE\AppData\Roaming\pcouffin.sys
2009-03-11 18:34 . 2009-03-11 17:41 94208 ----a-w c:\users\CHAMP---LOUISE\AppData\Roaming\ezplay.sys
2009-03-11 17:41 . 2009-03-11 17:41 94208 ----a-w c:\windows\system32\drivers\ezplay.sys
2009-03-08 11:34 . 2009-04-02 12:07 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-02 12:07 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-02 12:07 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-02 12:07 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-02 12:07 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-02 12:07 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-02 12:07 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-02 12:07 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-02 12:07 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-02 12:07 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-02 12:08 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-02 12:07 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-02 12:07 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-02 12:07 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-02 12:07 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-02 12:08 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-02 12:07 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-02 12:07 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-19 18:31 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-19 18:31 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-19 18:31 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-19 18:31 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-19 18:31 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-19 18:31 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-19 18:31 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-19 18:31 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-19 18:31 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-19 18:31 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-25 13:50 . 2009-02-25 13:00 53192 ----a-w c:\windows\system32\drivers\rp_skt32.sys
2009-02-25 13:44 . 2009-02-25 13:16 6921812 ----a-w C:\PPCleanDeleteAtReboot.bat
2008-08-30 00:28 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^CHAMP---LOUISE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\CHAMP---LOUISE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8451B11E-A98D-4AA1-93C4-2A77CA5275F7}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4327829C-53E2-4708-B1F6-50A583BF5E6F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB57721A-FAFE-4224-8FE6-1202ADE9551F}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{B7781F29-D92A-4D7F-9F1D-46E06BFD4728}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4A1AEB95-DD02-4F65-B38D-D311A5CF3166}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1B217417-4619-4B4B-8A4B-4934A24FEDC8}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{8F88980E-C9D4-4CE5-8688-A1D503FF4B7A}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{7996CFA7-66B2-4DA7-9C29-6986BB117FDD}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{9CE7AD0D-1122-49B6-B8DE-50B017B2EB97}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{FF5B2291-C0FC-4D96-98B8-DCC982E3078B}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{2CCDE5CD-260A-4B5D-A1DD-FEC70D70AC1C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DFDBF8D4-9CD9-4CEF-92AE-F1069C62D0B8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{56057D38-6568-421D-AB5E-65476BDBFE1B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A4B95A4C-C05B-4E08-B0D3-82DAB80197B2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{4B37F756-BC14-4F56-8E80-96B6573FC68C}c:\\program files\\babelgum\\babelgum.exe"= UDP:c:\program files\babelgum\babelgum.exe:Babelgum
"UDP Query User{083EA5A4-7FB0-4A74-A19E-D171881450DA}c:\\program files\\babelgum\\babelgum.exe"= TCP:c:\program files\babelgum\babelgum.exe:Babelgum
"TCP Query User{5CA3A54A-F93E-4D56-8B65-EBECE1D7D566}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{868B9A53-436E-4337-95D0-4E01CE133692}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:File Transfer Program
"{16B15D1C-C6E2-47A0-8029-6146B7A20D01}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{0E6A1F25-9E15-4F3A-AE6B-B8D4F615B244}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6115F0A0-362E-47A0-8A1C-BEFC5E35BCB3}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{495ADD24-0978-4448-96F6-885CF5C92188}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{82724138-BDDE-4B84-9562-93589CC24F0E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{653E5C6E-2534-4F44-9843-CED629CCE080}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{436424C4-9589-49CD-B73A-A38031F29102}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1C38C3D0-8F8F-438E-8350-2B252B711D3F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F7236B29-33A0-4593-BDB5-52783883C842}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{AF9B5226-9726-43FD-A4E5-AE01E30307E7}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{9BACAE6D-3986-4254-8048-772AE9AA93C0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{70BBD265-53A7-45B6-850F-985B7CB3205B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{BA30015B-5E69-4E93-AD3D-0B0F2420AA46}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BAE34D23-165B-4504-B4D6-A36ACCD92299}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [09/03/2008 23:19 41456]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [14/08/2007 01:54 50688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/05/2009 10:11 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14/05/2009 17:21 1153368]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 07:40 3668480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [13/08/2007 23:49 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [13/08/2007 23:49 179712]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [12/11/2007 11:03 468480]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\System32\dllhost.exe [02/11/2006 09:50 7168]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [27/02/2008 00:31 80744]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{6C928055-B837-47B3-B111-ECF4D40A487C}.job
- c:\windows\system32\msfeedssync.exe [2009-04-02 11:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.virginmedia.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\CHAMP---LOUISE\AppData\Roaming\Mozilla\Firefox\Profiles\gtxa5f2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 16:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(4956)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2009-05-16 16:42
ComboFix-quarantined-files.txt 2009-05-16 15:42
ComboFix2.txt 2009-05-16 14:39
ComboFix3.txt 2009-05-16 13:29
Pre-Run: 9,818,710,016 bytes free
Post-Run: 9,777,426,432 bytes free
269 --- E O F --- 2009-05-16 02:01slowly going nuts at the world:T0 -
The files have something to do with older java products (i searched the internet) in them selfs they are not a virus but viruses use them to gain access or similar to info.
Avira has been installed and run but did not pick them up!slowly going nuts at the world:T0 -
Nothing to worry about then:idea:0
-
ok then. THANK YOU very much for your help computer is going great may be on in a few days when i tackle OH computer. at least i now know what to look for and where to get help.
Thanks againslowly going nuts at the world:T0 -
I've also been experiencing a little strange behavour on my laptop last few days. ran malware all fine. so i downloaded hijackthis. any advice please on my log below? Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:01, on 15/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneysavingexpert.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EasyStudio_L] "C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe" -tray
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S42.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212171233593
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 11256 bytes0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards