|
Windows Vista Problem solving for the Windows Vista Operating System. Please remember to state which edition of Vista you are using - Home Basic, Home Premium, Business, Ultimate etc. and whether you are using the 32-bit or 64-bit version if you know. |
|
Topic Tools |
#16
|
|||
|
|||
Again, it looks like it's downloaded ok but when I click on it I get:
'Archive auto-extractible WinRAR Extraire App-Prog.lsd Extraire AuDoss.lsd Extraire AutrInf.cmd Extraire AWF.cmd Extraire Back.cmd Extraire Boo.reg Extraire BooFix.cmd Extraire catchme.exe Extraire Changelog Lop SD.txt Extraire DirectFix.cmd Extraire Discl_en.vbs Extraire Discl_fr.vbs Extraire Discl_ne.vbs Extraire Discl_sp.vbs Extraire Discl_su.vbs Extraire Doss.lsd Extraire Icon_Lop.ico Extraire iNv.exe Extraire KILL.cmd Extraire Langues.cmd Extraire LopScript.cmd Extraire LopSD.cmd Extraire lsTasks.exe Le CRC a échoué dans lsTasks.exe Fin de l'archive incorrecte' I don't get any offer to press e for English or 1 for search. Sorry for the slow reply, the notification email went to my junk mail when all the previous ones had gone to my inbox |
#17
|
||||
|
||||
Time to look a little earlier in the bootup process there.
1 - Go to Start > Run, type in msconfig (and OK) In msconfig go to the Boot.ini tab, and place a check next to the following entry: /Bootlog Then Apply/OK and allow the restart. Don't make any other changes in msconfig throughout the remaining procedures. 2 - After the reboot navigate to and delete the following file: C:\Windows\ntbtlog.txt Then restart the computer again. 3 - As the system boots up tap the F8 key about once per second to access the startup menu, and on that list select the following, and allow the computer to complete the bootup. Enable Boot Logging 4 - After Windows has loaded again locate the C:\Windows\ntbtlog.txt file and copy/paste those contents back here please. |
#18
|
|||
|
|||
ntbtlog.txt:
Service Pack 1 1 6 2009 21:49:02.375 Loaded driver \SystemRoot\system32\ntkrnlpa.exe Loaded driver \SystemRoot\system32\hal.dll Loaded driver \SystemRoot\system32\kdcom.dll Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll Loaded driver \SystemRoot\system32\PSHED.dll Loaded driver \SystemRoot\system32\BOOTVID.dll Loaded driver \SystemRoot\system32\CLFS.SYS Loaded driver \SystemRoot\system32\CI.dll Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS Loaded driver \SystemRoot\system32\drivers\acpi.sys Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS Loaded driver \SystemRoot\system32\drivers\msisadrv.sys Loaded driver \SystemRoot\system32\drivers\pci.sys Loaded driver \SystemRoot\System32\drivers\partmgr.sys Loaded driver \SystemRoot\system32\DRIVERS\compbatt.sys Loaded driver \SystemRoot\system32\DRIVERS\BATTC.SYS Loaded driver \SystemRoot\system32\drivers\volmgr.sys Loaded driver \SystemRoot\System32\drivers\volmgrx.sys Loaded driver \SystemRoot\system32\drivers\intelide.sys Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS Loaded driver \SystemRoot\system32\DRIVERS\pcmcia.sys Loaded driver \SystemRoot\System32\drivers\mountmgr.sys Loaded driver \SystemRoot\system32\drivers\atapi.sys Loaded driver \SystemRoot\system32\drivers\ataport.SYS Loaded driver \SystemRoot\System32\Drivers\AFS.sys Loaded driver \SystemRoot\system32\drivers\fltmgr.sys Loaded driver \SystemRoot\system32\drivers\fileinfo.sys Loaded driver \SystemRoot\system32\DRIVERS\psdfilter.sys Loaded driver \SystemRoot\System32\Drivers\PxHelp20.sys Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys Loaded driver \SystemRoot\system32\drivers\ndis.sys Loaded driver \SystemRoot\system32\drivers\msrpc.sys Loaded driver \SystemRoot\system32\drivers\NETIO.SYS Loaded driver \SystemRoot\System32\drivers\tcpip.sys Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys Loaded driver \SystemRoot\system32\drivers\volsnap.sys Loaded driver \SystemRoot\System32\Drivers\spldr.sys Loaded driver \SystemRoot\system32\drivers\psdvdisk.sys Loaded driver \SystemRoot\system32\drivers\PSDNServ.sys Loaded driver \SystemRoot\System32\Drivers\mup.sys Loaded driver \SystemRoot\System32\drivers\ecache.sys Loaded driver \SystemRoot\system32\drivers\disk.sys Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS Loaded driver \SystemRoot\system32\drivers\crcdisk.sys Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys Loaded driver \SystemRoot\system32\DRIVERS\tunmp.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys Loaded driver \SystemRoot\system32\DRIVERS\igdkmd32.sys Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys Loaded driver \SystemRoot\system32\DRIVERS\NETw4v32.sys Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\bcm4sbxp.sys Loaded driver \SystemRoot\system32\DRIVERS\EMS7SK.sys Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys Loaded driver \SystemRoot\system32\DRIVERS\ESM7SK.sys Loaded driver \SystemRoot\system32\DRIVERS\ESD7SK.sys Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\DKbFltr.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\msiscsi.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\drivers\RTKVHDA.sys Loaded driver \SystemRoot\system32\DRIVERS\HSXHWAZL.sys Loaded driver \SystemRoot\system32\DRIVERS\HSX_DPV.sys Loaded driver \SystemRoot\system32\DRIVERS\HSX_CNXT.sys Loaded driver \SystemRoot\system32\drivers\modem.sys Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys Loaded driver \SystemRoot\system32\DRIVERS\smb.sys Loaded driver \SystemRoot\system32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \??\C:\Windows\system32\Drivers\SYMEVENT.SYS Loaded driver \SystemRoot\System32\Drivers\SYMTDI.SYS Loaded driver \SystemRoot\System32\Drivers\SRTSPX.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys Loaded driver \SystemRoot\System32\Drivers\dfsc.sys Loaded driver \SystemRoot\system32\DRIVERS\udfs.sys Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys Loaded driver \SystemRoot\system32\drivers\luafv.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\system32\DRIVERS\RMCAST.sys Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys Loaded driver \SystemRoot\system32\drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys Loaded driver \SystemRoot\system32\drivers\mrxdav.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Did not load driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \SystemRoot\System32\Drivers\Aspi32.SYS Loaded driver \??\C:\Acer\Empowering Technology\eRecovery\int15.sys Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys Loaded driver \SystemRoot\system32\drivers\peauth.sys Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys Loaded driver \SystemRoot\system32\DRIVERS\xaudio.sys Loaded driver \SystemRoot\System32\Drivers\SYMREDRV.SYS Did not load driver \SystemRoot\System32\Drivers\SRTSPX.SYS Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\2006110 6.064\NAVEX15.SYS Loaded driver \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\2006110 6.064\NAVENG.SYS Loaded driver \SystemRoot\system32\drivers\tdtcp.sys Loaded driver \SystemRoot\System32\DRIVERS\tssecsrv.sys Loaded driver \SystemRoot\System32\Drivers\RDPWD.SYS Loaded driver \SystemRoot\System32\Drivers\SRTSP.SYS Loaded driver \SystemRoot\system32\DRIVERS\asyncmac.sys |
#19
|
||||
|
||||
Yes, that shows at least a part of the malware it is allowing us to see.
Download The Avenger by Swandog from here. Then unzip that, so it will create an avenger folder and an avenger.exe file. Rename the avenger.exe file avvy.com Once you have done that click on the avvy.com file (still on the USB drive) to start Avenger. Okay the warning. When the Avenger display opens place a check in the box that says "Automatically disable any rootkits found". Then copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system. Code:
Begin copying here: Drivers to delete: tdssserv.sys tssecsrv.sys ---------------------------- Then Download Malwarebytes' Anti-Malware from Here or Here. Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. --------------------- Run a new RSIT scan and post that main log along with the C:\avenger.txt log and the Malwarebytes log please. |
#20
|
|||
|
|||
This is the Avvy.com logfile
Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\tdssserv.sys" not found! Deletion of driver "tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\tssecsrv.sys" not found! Deletion of driver "tssecsrv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
#21
|
||||
|
||||
Actually those items not being found and SDFix not working right is right non course, at least on this Vista system. My fault - I get so few Vista requests and these steps are truly with XP in mind. But the Avenger rename worked, so back to our original plan now.
Open Avenger again as you just did in the previous step. Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system. Code:
Begin copying here: Begin copying here: Drivers to delete: "DHCP Client (Dhcp) " DHCP Client (Dhcp) Folders to delete: C:\Program Files\tinyproxy ------------------------ Download Malwarebytes' Anti-Malware from Here or Here. Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. --------------------- Run a new RSIT scan and post that main log along with the C:\avenger.txt and the Malwarebytes log please. |
#22
|
|||
|
|||
Sorry I didn't finish posting the logs yesterday. I did run Malwarebytes yesterday and got the following results:
Malwarebytes' Anti-Malware 1.32 Database version: 1632 Windows 6.0.6001 Service Pack 1 08/01/2009 18:17:49 mbam-log-2009-01-08 (18-17-49).txt Scan type: Quick Scan Objects scanned: 61294 Time elapsed: 9 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\d hcp client (dhcp) (Trojan.Proxy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d hcp client (dhcp) (Trojan.Proxy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\dhcp client (dhcp) (Trojan.Proxy) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\TinyProxy (Trojan.Proxy) -> Delete on reboot. Files Infected: C:\Program Files\TinyProxy\tinyproxy.exe (Trojan.Proxy) -> Delete on reboot. C:\Windows\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully. |
#23
|
|||
|
|||
However, my intenet is now not functioning at all. When trying to access my homepages or favourites the message is "Internet Explorer Cannot Display the webpage". If I type in an address it appears as though I'd done a goole search for the web address and says "The address is not valid" leaving http:/// in the address bar. My pc appears to be connecting successfully to the internet, and other pcs on the network are not having trouble with internet access.
This is my new Avenger log: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\"DHCP Client (Dhcp) "" not found! Deletion of driver ""DHCP Client (Dhcp) "" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\DHCP Client (Dhcp)" not found! Deletion of driver "DHCP Client (Dhcp)" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "C:\Program Files\tinyproxy" not found! Deletion of folder "C:\Program Files\tinyproxy" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
#24
|
|||
|
|||
Today's MBAM log:
Malwarebytes' Anti-Malware 1.32 Database version: 1632 Windows 6.0.6001 Service Pack 1 09/01/2009 18:11:04 mbam-log-2009-01-09 (18-11-04).txt Scan type: Quick Scan Objects scanned: 61000 Time elapsed: 9 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
#25
|
|||
|
|||
And the RSIT log (pt1):
Logfile of random's system information tool 1.05 (written by random/random) Run by Brid at 2009-01-09 18:14:32 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 2 GB (3%) free of 52 GB Total RAM: 2037 MB (46% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:14:36, on 09/01/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Launch Manager\LManager.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Users\Brid\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\igfxext.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Windows\system32\wermgr.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Users\Brid\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Brid.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [lovefilm DLM Manager] C:\Program Files\LOVEFiLM International\LOVEFiLM Download Manager\Download Manager.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL eNetHook.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14850 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Check Updates for Windows Live Toolbar.job C:\Windows\tasks\Norton Security Scan for Brid.job C:\Windows\tasks\Norton Security Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-11-21 96984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-30 308856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-02-07 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-14 2549368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll [2008-10-22 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] |
#26
|
|||
|
|||
(pt 2)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-07 151552] {90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-11-21 565960] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-14 2549368] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "ALaunch"=C:\Acer\ALaunch\AlaunchClient.exe [] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-06 98304] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-06 106496] "Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-06 81920] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104] "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168] "Acer Tour"= [] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 107112] "IS CfgWiz"=C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe [2006-11-21 46728] "osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2006-11-21 22696] "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-08 614400] "eRecoveryService"= [] "eDSMSNfix"=C:\Acer\Empowering Technology\eDSMSNfix.exe [2007-02-08 13312] "Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-01-17 151552] "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.e xe [2006-11-05 57344] "SetPanel"=C:\Acer\APanel\APanel.cmd [] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-14 29744] "NWEReboot"= [] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "kdx"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-30 185896] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2007-12-28 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "Acer Tour Reminder"= [] "kdx"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "lovefilm DLM Manager"=C:\Program Files\LOVEFiLM International\LOVEFiLM Download Manager\Download Manager.exe [] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Users\Brid\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62 ~1.DLL eNetHook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2006-11-06 212992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{12dc724c-0dca-11dc-b199-806e6f6e6963}] shell\AutoRun\command - E:\autorun.exe ======List of files/folders created in the last 3 months====== 2009-01-09 17:58:00 ----D---- C:\Avenger 2009-01-09 17:57:59 ----A---- C:\avenger.txt 2009-01-08 18:06:48 ----D---- C:\Users\Brid\AppData\Roaming\Malwarebytes 2009-01-08 18:06:39 ----D---- C:\ProgramData\Malwarebytes 2009-01-08 18:06:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-08 17:46:29 ----A---- C:\Windows\system32\javaws.exe 2009-01-08 17:46:29 ----A---- C:\Windows\system32\javaw.exe 2009-01-08 17:46:29 ----A---- C:\Windows\system32\java.exe 2009-01-06 21:49:27 ----A---- C:\Windows\ntbtlog.txt 2009-01-06 21:34:26 ----D---- C:\Windows\pss 2008-12-31 18:19:29 ----D---- C:\Lop SD 2008-12-23 16:43:00 ----D---- C:\SDFix 2008-12-21 19:41:01 ----D---- C:\Users\Brid\AppData\Roaming\skypePM 2008-12-21 12:05:51 ----D---- C:\rsit 2008-12-21 11:47:41 ----D---- C:\Users\Brid\AppData\Roaming\Skype 2008-12-20 22:59:00 ----D---- C:\Program Files\Trend Micro 2008-12-20 20:03:43 ----D---- C:\Program Files\Skype 2008-12-20 20:03:43 ----D---- C:\Program Files\Common Files\Skype 2008-12-20 20:03:31 ----D---- C:\ProgramData\Skype 2008-12-20 12:52:35 ----A---- C:\Windows\system32\mshtml.dll 2008-12-13 00:32:46 ----A---- C:\Windows\system32\tzres.dll 2008-12-12 21:04:01 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-12-12 21:04:00 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-12-12 21:03:56 ----A---- C:\Windows\system32\gdi32.dll 2008-12-12 21:03:47 ----A---- C:\Windows\system32\shell32.dll 2008-12-12 21:03:04 ----A---- C:\Windows\explorer.exe 2008-12-12 21:02:11 ----A---- C:\Windows\system32\urlmon.dll 2008-12-12 21:02:11 ----A---- C:\Windows\system32\ieframe.dll 2008-12-12 21:02:10 ----A---- C:\Windows\system32\wininet.dll 2008-12-12 21:02:10 ----A---- C:\Windows\system32\mstime.dll 2008-12-12 21:02:08 ----A---- C:\Windows\system32\iertutil.dll 2008-12-12 21:02:07 ----A---- C:\Windows\system32\jsproxy.dll 2008-12-12 21:01:57 ----A---- C:\Windows\system32\WMVCORE.DLL 2008-12-12 21:01:57 ----A---- C:\Windows\system32\mf.dll 2008-12-12 21:01:54 ----A---- C:\Windows\system32\WMNetMgr.dll 2008-12-12 21:01:54 ----A---- C:\Windows\system32\logagent.exe 2008-12-04 19:34:30 ----A---- C:\Windows\system32\wups2.dll 2008-12-04 19:34:29 ----A---- C:\Windows\system32\wucltux.dll 2008-12-04 19:34:29 ----A---- C:\Windows\system32\wuaueng.dll 2008-12-04 19:34:29 ----A---- C:\Windows\system32\wuauclt.exe 2008-12-04 19:33:43 ----A---- C:\Windows\system32\wups.dll 2008-12-04 19:33:43 ----A---- C:\Windows\system32\wudriver.dll 2008-12-04 19:33:43 ----A---- C:\Windows\system32\wuapi.dll 2008-12-04 19:32:58 ----A---- C:\Windows\system32\wuwebv.dll 2008-12-04 19:32:58 ----A---- C:\Windows\system32\wuapp.exe 2008-11-28 15:40:12 ----A---- C:\Windows\system32\deploytk.dll 2008-11-26 08:46:39 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2008-11-26 08:46:39 ----A---- C:\Windows\system32\WindowsCodecs.dll 2008-11-26 08:46:39 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2008-11-26 08:46:35 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2008-11-26 08:46:32 ----A---- C:\Windows\system32\connect.dll 2008-11-15 20:54:18 ----D---- C:\ProgramData\WindowsSearch 2008-11-15 15:48:33 ----D---- C:\ProgramData\Downloaded Installations 2008-11-11 18:43:35 ----A---- C:\Windows\system32\msxml3.dll 2008-11-11 18:43:33 ----A---- C:\Windows\system32\msxml6.dll 2008-10-31 05:06:07 ----A---- C:\Windows\system32\EncDec.dll 2008-10-31 05:06:04 ----A---- C:\Windows\system32\psisdecd.dll 2008-10-30 15:33:20 ----D---- C:\Program Files\Common Files\xing shared 2008-10-28 22:25:08 ----A---- C:\Windows\system32\wersvc.dll 2008-10-28 22:25:08 ----A---- C:\Windows\system32\Faultrep.dll 2008-10-28 22:25:07 ----A---- C:\Windows\system32\win32spl.dll 2008-10-24 06:35:54 ----A---- C:\Windows\system32\netapi32.dll 2008-10-15 06:59:47 ----A---- C:\Windows\system32\msshooks.dll 2008-10-15 06:59:47 ----A---- C:\Windows\system32\msscb.dll 2008-10-15 06:59:44 ----A---- C:\Windows\system32\SearchFilterHost.exe 2008-10-15 06:59:44 ----A---- C:\Windows\system32\mssitlb.dll 2008-10-15 06:59:43 ----A---- C:\Windows\system32\thawbrkr.dll 2008-10-15 06:59:43 ----A---- C:\Windows\system32\srchadmin.dll 2008-10-15 06:59:43 ----A---- C:\Windows\system32\propsys.dll 2008-10-15 06:59:43 ----A---- C:\Windows\system32\propdefs.dll 2008-10-15 06:59:43 ----A---- C:\Windows\system32\msstrc.dll 2008-10-15 06:59:43 ----A---- C:\Windows\system32\mssprxy.dll 2008-10-15 06:59:43 ----A---- C:\Windows\system32\msshsq.dll 2008-10-15 06:59:43 ----A---- C:\Windows\system32\korwbrkr.dll 2008-10-15 06:59:42 ----A---- C:\Windows\system32\xmlfilter.dll 2008-10-15 06:59:42 ----A---- C:\Windows\system32\wsepno.dll 2008-10-15 06:59:42 ----A---- C:\Windows\system32\rtffilt.dll 2008-10-15 06:59:42 ----A---- C:\Windows\system32\offfilt.dll 2008-10-15 06:59:42 ----A---- C:\Windows\system32\nlhtml.dll 2008-10-15 06:59:42 ----A---- C:\Windows\system32\msscntrs.dll 2008-10-15 06:59:42 ----A---- C:\Windows\system32\mimefilt.dll 2008-10-15 06:59:42 ----A---- C:\Windows\system32\chtbrkr.dll 2008-10-15 06:59:42 ----A---- C:\Windows\system32\chsbrkr.dll 2008-10-15 06:59:41 ----A---- C:\Windows\system32\tquery.dll 2008-10-15 06:59:41 ----A---- C:\Windows\system32\SearchProtocolHost.exe 2008-10-15 06:59:41 ----A---- C:\Windows\system32\SearchIndexer.exe 2008-10-15 06:59:41 ----A---- C:\Windows\system32\mssvp.dll 2008-10-15 06:59:41 ----A---- C:\Windows\system32\mssrch.dll 2008-10-15 06:59:41 ----A---- C:\Windows\system32\mssphtb.dll 2008-10-15 06:59:41 ----A---- C:\Windows\system32\mssph.dll 2008-10-15 06:49:13 ----A---- C:\Windows\system32\rpcrt4.dll 2008-10-15 06:49:12 ----A---- C:\Windows\system32\pacerprf.dll 2008-10-15 06:48:57 ----A---- C:\Windows\system32\emdmgmt.dll 2008-10-15 06:48:56 ----A---- C:\Windows\system32\dataclen.dll 2008-10-15 06:48:56 ----A---- C:\Windows\system32\cdd.dll 2008-10-15 06:48:54 ----A---- C:\Windows\system32\vbscript.dll 2008-10-15 06:48:54 ----A---- C:\Windows\system32\jscript.dll 2008-10-15 06:48:53 ----A---- C:\Windows\system32\wshext.dll 2008-10-15 06:48:53 ----A---- C:\Windows\system32\wscript.exe 2008-10-15 06:48:53 ----A---- C:\Windows\system32\scrrun.dll 2008-10-15 06:48:53 ----A---- C:\Windows\system32\scrobj.dll 2008-10-15 06:48:53 ----A---- C:\Windows\system32\cscript.exe 2008-10-15 06:48:49 ----A---- C:\Windows\system32\ntoskrnl.exe 2008-10-15 06:48:49 ----A---- C:\Windows\system32\ntkrnlpa.exe 2008-10-14 21:26:47 ----D---- C:\PerfLogs 2008-10-14 18:38:23 ----D---- C:\Program Files\Common Files\Adobe AIR 2008-10-14 18:28:37 ----D---- C:\ProgramData\NOS 2008-10-14 18:28:36 ----D---- C:\Program Files\NOS |
#27
|
|||
|
|||
(pt 3)
======List of files/folders modified in the last 3 months====== 2009-01-09 18:14:36 ----D---- C:\Windows\Temp 2009-01-09 18:14:36 ----D---- C:\Windows\Prefetch 2009-01-09 18:14:28 ----D---- C:\ProgramData\Kontiki 2009-01-09 18:04:52 ----D---- C:\Windows\System32 2009-01-09 18:04:52 ----D---- C:\Windows\inf 2009-01-09 18:04:52 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-01-09 17:58:00 ----RD---- C:\Program Files 2009-01-09 17:57:59 ----D---- C:\Windows\system32\drivers 2009-01-08 21:26:37 ----D---- C:\ProgramData\Google Updater 2009-01-08 18:24:49 ----D---- C:\Windows 2009-01-08 18:14:42 ----SHD---- C:\System Volume Information 2009-01-08 18:06:39 ----HD---- C:\ProgramData 2009-01-08 18:02:15 ----D---- C:\ProgramData\Symantec 2009-01-08 17:46:39 ----SHD---- C:\Windows\Installer 2009-01-08 17:46:39 ----SHD---- C:\Config.Msi 2009-01-08 17:46:28 ----D---- C:\Program Files\Java 2009-01-08 17:44:25 ----D---- C:\Windows\system32\catroot2 2009-01-02 15:00:02 ----D---- C:\Program Files\Norton Security Scan 2008-12-24 12:19:57 ----D---- C:\Windows\system32\Tasks 2008-12-24 10:29:48 ----AD---- C:\ProgramData\TEMP 2008-12-23 12:15:37 ----D---- C:\Program Files\Spyware Doctor 2008-12-21 10:57:36 ----D---- C:\Windows\Minidump 2008-12-20 20:03:43 ----D---- C:\Program Files\Common Files 2008-12-20 12:53:20 ----D---- C:\Windows\winsxs 2008-12-20 12:53:02 ----D---- C:\Windows\system32\catroot 2008-12-13 14:22:51 ----D---- C:\Windows\rescache 2008-12-13 14:02:27 ----D---- C:\Windows\system32\en-US 2008-12-13 14:02:26 ----D---- C:\Windows\AppPatch 2008-12-13 14:02:26 ----D---- C:\Program Files\Windows Mail 2008-12-13 00:38:07 ----D---- C:\ProgramData\Microsoft Help 2008-12-09 23:24:37 ----A---- C:\Windows\system32\mrt.exe 2008-11-15 20:15:53 ----SD---- C:\Users\Brid\AppData\Roaming\Microsoft 2008-11-08 23:45:48 ----RSD---- C:\Windows\Fonts 2008-11-01 03:22:34 ----D---- C:\Windows\Microsoft.NET 2008-11-01 03:22:29 ----RSD---- C:\Windows\assembly 2008-11-01 03:11:58 ----D---- C:\Windows\ehome 2008-10-30 15:33:13 ----D---- C:\Program Files\Common Files\Real 2008-10-30 15:33:06 ----A---- C:\Windows\system32\rmoc3260.dll 2008-10-30 15:32:48 ----A---- C:\Windows\system32\pndx5032.dll 2008-10-30 15:32:48 ----A---- C:\Windows\system32\pndx5016.dll 2008-10-30 15:32:38 ----A---- C:\Windows\system32\pncrt.dll 2008-10-25 03:24:17 ----D---- C:\Windows\Logs 2008-10-15 17:52:09 ----D---- C:\Windows\PolicyDefinitions 2008-10-15 17:52:04 ----D---- C:\Windows\system32\migration 2008-10-14 21:49:34 ----D---- C:\Program Files\Google 2008-10-14 21:44:50 ----SD---- C:\Windows\Downloaded Program Files 2008-10-14 21:44:03 ----SHD---- C:\Boot 2008-10-14 21:43:39 ----ASH---- C:\Program Files\desktop.ini 2008-10-14 21:36:02 ----D---- C:\Windows\system32\Macromed 2008-10-14 21:32:01 ----D---- C:\Program Files\Windows Calendar 2008-10-14 21:32:00 ----D---- C:\Program Files\Windows Sidebar 2008-10-14 21:32:00 ----D---- C:\Program Files\Movie Maker 2008-10-14 21:31:57 ----D---- C:\Program Files\Internet Explorer 2008-10-14 21:31:56 ----D---- C:\Program Files\Windows Media Player 2008-10-14 21:31:53 ----D---- C:\Program Files\Windows Collaboration 2008-10-14 21:31:52 ----D---- C:\Program Files\Windows Journal 2008-10-14 21:31:50 ----D---- C:\Program Files\Windows Photo Gallery 2008-10-14 21:31:41 ----D---- C:\Program Files\Common Files\System 2008-10-14 21:31:40 ----D---- C:\Program Files\Windows Defender 2008-10-14 21:31:39 ----D---- C:\Windows\servicing 2008-10-14 21:31:13 ----D---- C:\Windows\MSAgent 2008-10-14 21:31:09 ----D---- C:\Windows\L2Schemas 2008-10-14 21:31:09 ----D---- C:\Windows\IME 2008-10-14 21:31:09 ----D---- C:\Windows\DigitalLocker 2008-10-14 21:31:06 ----D---- C:\Windows\system32\XPSViewer 2008-10-14 21:31:06 ----D---- C:\Windows\system32\com 2008-10-14 21:31:05 ----D---- C:\Windows\system32\ko-KR 2008-10-14 21:31:05 ----D---- C:\Windows\system32\da-DK 2008-10-14 21:30:44 ----D---- C:\Windows\system32\it-IT 2008-10-14 21:30:44 ----D---- C:\Windows\system32\de-DE 2008-10-14 21:30:43 ----D---- C:\Windows\system32\oobe 2008-10-14 21:30:43 ----D---- C:\Windows\system32\el-GR 2008-10-14 21:30:41 ----D---- C:\Windows\system32\sysprep 2008-10-14 21:30:28 ----D---- C:\Windows\system32\AdvancedInstallers 2008-10-14 21:30:27 ----D---- C:\Windows\system32\sv-SE 2008-10-14 21:30:27 ----D---- C:\Windows\system32\setup 2008-10-14 21:30:27 ----D---- C:\Windows\system32\ru-RU 2008-10-14 21:30:27 ----D---- C:\Windows\system32\ias 2008-10-14 21:30:27 ----D---- C:\Windows\system32\he-IL 2008-10-14 21:30:27 ----D---- C:\Windows\system32\fr-FR 2008-10-14 21:30:26 ----D---- C:\Windows\system32\hu-HU 2008-10-14 21:30:26 ----D---- C:\Windows\system32\fi-FI 2008-10-14 21:30:26 ----D---- C:\Windows\system32\cs-CZ 2008-10-14 21:30:25 ----D---- C:\Windows\system32\SLUI 2008-10-14 21:30:25 ----D---- C:\Windows\system32\pt-PT 2008-10-14 21:30:18 ----D---- C:\Windows\system32\zh-CN 2008-10-14 21:30:18 ----D---- C:\Windows\system32\manifeststore 2008-10-14 21:30:18 ----D---- C:\Windows\system32\en 2008-10-14 21:30:17 ----D---- C:\Windows\system32\zh-TW 2008-10-14 21:30:17 ----D---- C:\Windows\system32\pl-PL 2008-10-14 21:30:17 ----D---- C:\Windows\system32\ja-JP 2008-10-14 21:30:17 ----D---- C:\Windows\system32\es-ES 2008-10-14 21:30:16 ----D---- C:\Windows\system32\ro-RO 2008-10-14 21:30:08 ----D---- C:\Windows\system32\tr-TR 2008-10-14 21:30:07 ----D---- C:\Windows\system32\wbem 2008-10-14 21:30:02 ----D---- C:\Windows\system32\nb-NO 2008-10-14 21:30:01 ----D---- C:\Windows\system32\nl-NL 2008-10-14 21:30:01 ----D---- C:\Windows\system32\ar-SA 2008-10-14 21:29:58 ----D---- C:\Windows\system32\migwiz 2008-10-14 21:29:57 ----D---- C:\Windows\system32\pt-BR 2008-10-14 21:27:00 ----D---- C:\Windows\Boot 2008-10-14 21:26:52 ----D---- C:\Windows\system32\Boot 2008-10-14 21:13:06 ----D---- C:\Windows\system32\RTCOM 2008-10-14 20:50:50 ----A---- C:\Windows\system32\ifxcardm.dll 2008-10-14 20:50:49 ----A---- C:\Windows\system32\axaltocm.dll 2008-10-14 18:38:44 ----D---- C:\Program Files\Adobe 2008-10-14 18:38:07 ----D---- C:\ProgramData\Adobe 2008-10-14 18:34:52 ----D---- C:\Program Files\Common Files\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-22 385072] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-21 24184] R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-11-21 185744] R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244] R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-08 76584] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264] R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-01-22 109616] R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240] R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-08 206848] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-01-04 38496] R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\2006110 6.064\NAVENG.SYS [2006-11-21 79240] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\2006110 6.064\NAVEX15.SYS [2006-11-21 831880] R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-24 2216448] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-21 245880] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-03-22 109744] R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-11-21 26384] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016] S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024] S3 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs \20061025.029\IDSvix86.sys [2006-11-21 202872] S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2008-10-31 40840] S3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-10-31 66952] S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-10-31 81288] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-03-22 6144] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-21 275576] S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000] S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-11-21 194240] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-21 107624] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-21 107624] R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-21 107624] R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512] R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576] R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-29 126976] R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-01 53248] R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-25 24576] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 168432] R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-15 61440] R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247] R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-11-21 46736] R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264] S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2006-11-21 49296] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-14 29744] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2006-11-21 80552] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-11-21 2541248] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-31 1079176] S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632] S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320] S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-03-22 1174152] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- |
#28
|
||||
|
||||
Avenger didn't seem to locate the things Malwarebytes removed. This time that worked out, but if we do more removal steps be sure to do them in the sequence posted.
Missed a part of the repairs - the infection redirected your internet settings to a proxy on a specific port there. Let's see if correcting those returns normal access now that the active malware is removed. Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local> Reboot, and check your net connection and post back if that is improved. We will need it to get in an additional online scan to ensure all infection is removed. Last edited by Jintan; January 9th, 2009 at 10:48 PM. |
#29
|
|||
|
|||
Brilliant! Yes I'm back online, and a few test searches have let me go to all the links I click on!
My apologies for getting stuff wrong, I thought I had done things in the order you said. I just couldn't get back online to post the results of my Malwarebytes scan after I ran it. Thanks again! |
#30
|
|||
|
|||
Oh, and this is my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:14:36, on 09/01/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Launch Manager\LManager.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Users\Brid\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\igfxext.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Windows\system32\wermgr.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Users\Brid\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Brid.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [lovefilm DLM Manager] C:\Program Files\LOVEFiLM International\LOVEFiLM Download Manager\Download Manager.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL eNetHook.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14850 bytes |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Strange Connectivity Issue - moved by Jintan | HazMatt082 | Gaming | 1 | January 31st, 2013 01:11 AM |
Having the Same Problems - New request moved by Jintan | Patrick Lamothe | Malware Removal | 3 | January 23rd, 2012 12:15 AM |
Blue Screen with no previous problems. - moved by Jintan | Gr3g0ry | Windows Vista | 6 | February 21st, 2011 07:07 AM |
mouse problems - moved by Jintan | partsman845 | Malware Removal | 11 | October 31st, 2009 11:55 PM |
Help! - moved by Jintan | colleen178 | Internet / Browsers | 2 | March 21st, 2009 04:59 AM |
All times are GMT +1. The time now is 04:51 PM.