Jump to content

pk909

Members
 View Profile  See their activity

  • Posts

    18

  • Joined

  • Last visited

About pk909

  • Birthday 03/11/1974

Tech Info

  • Experience
    very_experienced
  • System: windows_xp

pk909's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. pk909
    Hi Advanced/wolfeymole, Just to let you know i've re-installed windows and everything is fine again now. Thanks for your help and assistance. P.
  2. pk909
    Part 4: -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0FDA7E2-BC07-442C-8DA3-6B5BCA15F832}\SETUP.EXE" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5633D266-6BAE-41CE-987F-0FE5F5F92D64}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 1st JavaScript Editor 3.8 --> "C:\WINDOWS\1st JavaScript Editor\uninstall.exe" "/U:C:\Program Files\Yaldex Software\1st JavaScript Editor\irunin.xml" a-squared Free 3.1 --> "C:\Program Files\a-squared Free\unins000.exe" ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2} Ableton Live v6.0.7 --> "C:\Program Files\Ableton\Live 6.0.7\unins000.exe" Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adabas D 13.01.00 --> MsiExec.exe /X{5C52CED3-D45C-4DA9-932F-B91BD44BB461} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Reader 8.1.2 Security Update 1 (KB403742) --> Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Age of Conan - Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe" Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Amazon MP3 Downloader 1.0.3 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe Antonymic v1.0 --> C:\Program Files\Antonymic v1.0\uninstall.exe Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9 ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF} Beat Shop One --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1193BC3A-318C-414B-8AE8-3121B0F8B3BF}\Setup.EXE" -l0x9 Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG Brian Lara International Cricket 2007 --> C:\Program Files\InstallShield Installation Information\{D7F6841C-26E9-4969-A5F4-DAEA81C4949A}\setup.exe -runfromtemp -l0x0009 -removeonly BT Broadband Talk Softphone 3.1 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe" BT Home Hub --> C:\Program Files\BT Home Hub\Uninstall.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe" Dual-Core Optimizer --> MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9} E-MU Audio Drivers --> "C:\Program Files\Creative Professional\Drivers\DrvInst\Setup.exe" /remove E-MU PatchMix DSP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5633D266-6BAE-41CE-987F-0FE5F5F92D64}\setup.exe" -l0x9 /remove EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\ffdshow\unins000.exe" FirstClass® Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -l0x9 -uninst FlashMenu --> C:\Program Files\InstallShield Installation Information\{047E5F60-5357-43FB-A080-1912EB0132A4}\setup.exe -runfromtemp -l0x0009 -removeonly Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe" Half-Life 2: Episode Two --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/420 Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA} HammerHead Rhythm Station --> C:\Program Files\HammerHead\Uninstall.exe High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Last.fm 1.5.1.29527 --> "C:\Program Files\Last.fm\unins000.exe" Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly M150 Block1 --> C:\M150\UNWISE.EXE C:\M150\INSTALL.LOG M150 Blocks 2 & 3 --> C:\M150\UNWISE.EXE C:\M150\INSTALL.LOG Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MWSnap 3 --> "C:\Program Files\MWSnap\uninstall.exe" Notepad++ --> C:\Program Files\Notepad++\uninstall.exe NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033 OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U Peggle Extreme --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/3483 PixiePack Codec Pack --> MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10} Portal --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/400 Proteus X --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0FDA7E2-BC07-442C-8DA3-6B5BCA15F832}\SETUP.EXE" -l0x9 /remove QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 SA22xx Device Manager --> C:\Program Files\InstallShield Installation Information\{300B1C71-93BD-4A8C-8A2C-AD39072F19EB}\DM_Setup.exe -runfromtemp -l0x0009 -removeonly SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall Sony Ericsson PC Suite --> MsiExec.exe /I{115DC143-58A1-4314-853D-FCA35D57EE8A} Sony Sound Forge 8.0 --> MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37} Spectaculator 6.30 --> MsiExec.exe /I{BE32461E-63C8-4418-BDC7-8FCA982E36D7} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe" Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe" StarOffice 8 --> MsiExec.exe /I{AB24FEBA-140D-4FAF-BC6F-4D34032EAADF} Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Steinberg Cubase SX v3.1.1.944 --> C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG Studio Grand --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D12A370-6826-40EA-8545-0FBAAB68E36A}\Setup.EXE" -l0x9 Sunbelt Personal Firewall --> MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870} SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe Team Fortress 2 --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/440 TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe" Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe USB-706 Vibration Joystick --> C:\PROGRA~1\USBVIB~1\UNWISE.EXE C:\PROGRA~1\USBVIB~1\INSTALL.LOG VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe Virtua Tennis 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B63540D-D942-4C38-B42E-A48AE0145970}\setup.exe" -l0x9 -removeonly Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe X Producer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03C2527C-202F-4791-B670-71E5E7DFD890}\Setup.EXE" -l0x9 Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe" Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll -- Application Event Log ------------------------------------------------------- Event Record #/Type5875 / Error Event Submitted/Written: 07/01/2008 07:22:42 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type5871 / Error Event Submitted/Written: 07/01/2008 06:32:25 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type5870 / Error Event Submitted/Written: 07/01/2008 06:29:50 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type5869 / Error Event Submitted/Written: 07/01/2008 06:23:01 PM Event ID/Source: 1001 / Application Hang Event Description: Fault bucket 126637809. Event Record #/Type5868 / Error Event Submitted/Written: 07/01/2008 06:22:58 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type37091 / Error Event Submitted/Written: 07/03/2008 09:34:33 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Event Record #/Type37063 / Error Event Submitted/Written: 07/02/2008 05:33:11 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Event Record #/Type37041 / Error Event Submitted/Written: 07/01/2008 08:07:39 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Event Record #/Type37033 / Error Event Submitted/Written: 07/01/2008 07:49:17 PM Event ID/Source: 10016 / DCOM Event Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. Event Record #/Type37032 / Error Event Submitted/Written: 07/01/2008 07:49:17 PM Event ID/Source: 10016 / DCOM Event Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. -- End of Deckard's System Scanner: finished at 2008-07-03 10:34:43 ------------
  3. pk909
    Part 3: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon 64 X2 Dual Core Processor 4600+ CPU 1: AMD Athlon 64 X2 Dual Core Processor 4600+ Percentage of Memory in Use: 22% Physical Memory (total/avail): 2047.48 MiB / 1581.4 MiB Pagefile Memory (total/avail): 3941.64 MiB / 3555.61 MiB Virtual Memory (total/avail): 2047.88 MiB / 1923.95 MiB A: is Removable (Unformatted) C: is Fixed (NTFS) - 232.88 GiB total, 91.86 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - SAMSUNG SP2504C - 232.88 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 232.88 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) FW: Sunbelt Personal Firewall v4.5.916 T (Sunbelt) Disabled AV: avast! antivirus 4.8.1201 [VPS 080702-0] v4.8.1201 (ALWIL Software) Disabled [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Valve\\Steam\\SteamApps\\pk909\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\pk909\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts" "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate" "C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Valve\\Steam\\SteamApps\\pk909\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\pk909\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Google\\Google Earth\\googleearth.exe"="C:\\Program Files\\Google\\Google Earth\\googleearth.exe:*:Enabled:Google Earth" "C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM" "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application" "C:\\Documents and Settings\\Administrator\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Administrator\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\F1 2002\\f1_2002.exe"="C:\\F1 2002\\f1_2002.exe:*:Enabled:F1 2002" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\UnrealTournament\\System\\UnrealTournament.exe"="C:\\UnrealTournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament" "C:\\Program Files\\Octoshape Streaming Services\\Administrator\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Administrator\\OctoshapeClient.exe:*:Enabled:OctoshapeClient" "C:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe"="C:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe:*:Enabled:BTSoftphone" "C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX32.172\\IdeSE.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX32.172\\IdeSE.exe:*:Enabled:IdeSE" "C:\\Doom\\skulltag.exe"="C:\\Doom\\skulltag.exe:*:Enabled:Skulltag" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded" "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe:*:Enabled:BF2VoipServer" "C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam" "C:\\Program Files\\Valve\\Steam\\SteamApps\\pk909\\team fortress 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\pk909\\team fortress 2\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service" "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI" "C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrator\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PK909-751113DA5 ComSpec=C:\WINDOWS\system32\cmd.exe DBCONFIG=C:\adabas\sql DBROOT=C:\adabas\ DBWORK=C:\adabas\sql DEFAULT_CA_NR=CA8 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrator LOGONSERVER=\\PK909-751113DA5 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\COMMON FILES\TELECA SHARED;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\adabas\bin;C:\adabas\pgm PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=PK909-751113DA5 USERNAME=Administrator USERPROFILE=C:\Documents and Settings\Administrator windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Preyes (admin) Administrator (admin)
  4. pk909
    Part 2: -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module> R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> S4 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT> S4 KService - "c:\program files\kontiki\kservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\9067FB508D00 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\9067FB508D00 Service: NIC1394 Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ROOT\PORTS\0000 Manufacturer: (Standard port types) Name: Communications Port (COM6) PNP Device ID: ROOT\PORTS\0000 Service: Serial -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 992) 2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor> C:\WINDOWS\system32\svchost.exe (pid 1444) 2006-03-30 14:58:34 131072 --a------ C:\WINDOWS\system32\nvappfilter.dll <Not Verified; NVIDIA; NVIDIA Application Filter> C:\WINDOWS\system32\svchost.exe (pid 1496) 2006-03-30 14:58:34 131072 --a------ C:\WINDOWS\system32\nvappfilter.dll <Not Verified; NVIDIA; NVIDIA Application Filter> C:\WINDOWS\explorer.exe (pid 1168) 2005-10-22 12:00:50 7168 --a------ C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent> 2007-11-18 20:56:30 159744 --a------ C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll 2007-11-18 20:55:02 23552 --a------ C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll 2006-02-10 22:31:22 311296 --a------ C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll <Not Verified; Sun Microsystems, Inc.; > 2006-02-10 22:31:34 98304 --a------ C:\Program Files\Sun\StarOffice 8\program\uwinapi.dll <Not Verified; Sun Microsystems, Inc.; > 2006-02-10 22:31:24 577536 --a------ C:\Program Files\Sun\StarOffice 8\program\stlport_vc7145.dll <Not Verified; STLport Consulting, Inc.; STLport Standard ANSI C++ Libarary> 2008-05-13 10:13:36 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware> -- Scheduled Tasks ------------------------------------------------------------- 2008-06-27 19:58:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-06-03 and 2008-07-03 ----------------------------- 2008-07-03 10:21:08 0 d-------- C:\WINDOWS\LastGood 2008-07-01 19:45:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\EmuPatchMixDSP 2008-07-01 18:56:24 0 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-06-29 18:37:25 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-06-29 18:33:23 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-06-29 17:41:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-06-29 16:33:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-06-23 18:02:19 0 d-------- C:\Program Files\Trend Micro 2008-06-22 15:39:45 0 d-------- C:\Program Files\EsetOnlineScanner 2008-06-22 15:33:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-06-22 15:33:57 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-22 15:33:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-22 14:55:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-22 14:55:36 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-22 14:55:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-06-22 13:17:21 0 d-------- C:\Program Files\Enigma Software Group 2008-06-22 12:19:35 0 d-------- C:\VundoFix Backups 2008-06-22 09:59:18 0 d-------- C:\Temp 2008-06-20 14:04:02 43202 --a------ C:\WINDOWS\system32\FlashMenu.sys 2008-06-20 14:03:43 3548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys 2008-06-20 14:03:32 0 d-------- C:\Program Files\U-ABIT 2008-06-20 13:39:57 0 d-------- C:\biosflash 2008-06-09 10:58:02 691545 --a------ C:\WINDOWS\unins000.exe 2008-06-09 10:58:02 2558 --a------ C:\WINDOWS\unins000.dat 2008-06-05 16:38:35 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs 2008-06-05 11:47:52 0 d-------- C:\Program Files\Funcom 2008-06-05 11:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom -- Find3M Report --------------------------------------------------------------- 2008-07-02 18:20:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\StarOffice8 2008-07-01 19:45:52 0 d-------- C:\Program Files\Creative Professional 2008-06-29 18:35:37 0 d-------- C:\Program Files\ATI Technologies 2008-06-29 18:30:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-29 17:36:05 4096 --a------ C:\WINDOWS\system32\crash 2008-06-29 16:44:46 0 d-------- C:\Program Files\d-lusion 2008-06-22 14:55:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-20 12:53:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-06-20 12:37:54 0 d-------- C:\Program Files\SopCast 2008-06-10 18:59:58 0 d-------- C:\Program Files\World of Warcraft 2008-06-09 10:33:34 0 d-------- C:\Program Files\BitLord 2008-06-09 10:25:16 0 d-------- C:\Program Files\Yahoo! 2008-06-09 10:23:58 0 d-------- C:\Program Files\NCSoft 2008-06-09 10:23:35 0 d-------- C:\Program Files\Guild Wars 2008-06-09 10:21:26 0 d-------- C:\Program Files\Soulseek 2008-06-09 10:20:23 0 d-------- C:\Program Files\Project64 1.6 2008-06-07 15:51:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\teamspeak2 2008-05-28 17:56:29 0 d-------- C:\Program Files\Last.fm 2008-05-28 17:50:03 0 d-------- C:\Program Files\Apple Software Update 2008-05-27 23:10:09 0 d-------- C:\Program Files\iTunes 2008-05-27 23:10:02 0 d-------- C:\Program Files\iPod 2008-05-27 23:08:51 0 d-------- C:\Program Files\QuickTime 2008-05-20 21:47:21 0 d-------- C:\Program Files\Octoshape Streaming Services 2008-05-18 11:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Tunebite 2008-05-15 22:05:05 0 d-------- C:\Program Files\Haali 2008-05-15 22:05:04 0 d-------- C:\Program Files\ffdshow 2008-05-15 22:04:40 563712 --a------ C:\WINDOWS\system32\Redemption.dll <Not Verified; Dmitry Streblechenko; Outlook Redemption> 2008-05-15 21:53:28 0 d-------- C:\Program Files\Amazon 2008-05-15 21:29:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\RTPlayer 2008-05-15 21:27:02 0 d-------- C:\Program Files\PixiePack Codec Pack 2008-05-15 21:25:50 0 d-------- C:\Program Files\RapidSolution 2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files 2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-12 17:27:19 0 d-------- C:\Program Files\Common Files\Real 2008-05-06 09:28:03 0 d-------- C:\Program Files\Alwil Software 2008-05-05 09:31:30 0 d-------- C:\Program Files\AVG 2008-05-05 08:55:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [23/07/2007 12:06] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19] "SoundMan"="SOUNDMAN.EXE" [] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 12:17] "CTHELPER"="C:\WINDOWS\CTHELPER.EXE" [22/10/2005 12:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "NoIE4StubProcessing"=C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe -- End of Deckard's System Scanner: finished at 2008-07-03 10:34:43 ------------
  5. pk909
    DSS scan: Part 1 Deckard's System Scanner v20071014.68 Run by Administrator on 2008-07-03 10:32:53 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 90: 2008-07-03 09:32:57 UTC - RP414 - Deckard's System Scanner Restore Point 89: 2008-07-03 09:22:57 UTC - RP413 - Software Distribution Service 3.0 88: 2008-07-03 09:22:31 UTC - RP412 - Installed Windows Internet Explorer 7. 87: 2008-07-03 09:22:15 UTC - RP411 - Installed Windows IDNMitigationAPIs. 86: 2008-07-03 09:21:54 UTC - RP410 - Installed Windows NLSDownlevelMapping. -- First Restore Point -- 1: 2008-04-06 12:54:44 UTC - RP325 - System Checkpoint Performed disk cleanup. -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:33:07, on 03/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CTHELPER] C:\WINDOWS\CTHELPER.EXE O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138541459156 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214934936750 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - C:\WINDOWS\system32\pr2agnqb.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 8236 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT> R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX> R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture> R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S0 fcdabus - c:\windows\system32\drivers\fcdabus.sys (file missing) S3 fsRamDsk (RamDisk Drive Service) - c:\windows\system32\drivers\fsramdsk.sys (file missing) S3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkhdaud.sys (file missing) S3 Memctl - c:\program files\u-abit\flashmenu\memctl.sys S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing) S3 WINFLASH - c:\program files\u-abit\flashmenu\winflash.sys
  6. pk909
    Here is the result of proxycfg: http://img.photobucket.com/albums/v339/pk909/screendump.jpg
  7. pk909
    Here are a few results from eventvwr: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. --------------------------------------------------------------------- Faulting application pprekop.exe, version 4.2.0.172, faulting module ole32.dll, version 5.1.2600.2182, fault address 0x10017bed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. --------------------------------------------------------------------- Faulting application dxstress.exe, version 6.14.10.4, faulting module dxstress.exe, version 6.14.10.4, fault address 0x00004ab6. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. --------------------------------------------------------------------- EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 471ebc5b, P7 f44, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. --------------------------------------------------------------------- The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---------------------------------------------------------------------- DCOM got error "The service database is locked. " attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---------------------------------------------------------------------- DCOM got error "The service database is locked. " attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---------------------------------------------------------------------- DCOM got error "The service database is locked. " attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---------------------------------------------------------------------- The ForceWare Intelligent Application Manager (IAM) service hung on starting. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ----------------------------------------------------------------------
  8. pk909
    Ad-Aware was opening the Ad-Watch program which is why it was opening at start-up. I've disabled that now. I've removed most of the registry entries you recommended apart from CTHELPER as that one loads my sound card on start up. I've run CHKDSK and it didn't find anything. Unfortunately I've still got the same problems, web pages aren't loading. Due to this I wasn't able to update to SP3 (I got there eventually but the installation just froze). I usually use Firefox rather than IE as I don't like IE at all but will change to that if you think it will help. That said, this problem occurs whichever browser I use. Any further help would be much appreciated. P.
  9. pk909
    Part 3 -- Scheduled Tasks ------------------------------------------------------------- 2008-06-27 19:58:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-05-30 and 2008-06-30 ----------------------------- 2008-06-29 18:37:25 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-06-29 18:33:23 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-06-29 17:41:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-06-29 16:33:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-06-23 18:02:19 0 d-------- C:\Program Files\Trend Micro 2008-06-22 15:39:45 0 d-------- C:\Program Files\EsetOnlineScanner 2008-06-22 15:33:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-06-22 15:33:57 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-22 15:33:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-22 14:55:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-22 14:55:36 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-22 14:55:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-06-22 13:17:21 0 d-------- C:\Program Files\Enigma Software Group 2008-06-22 12:19:35 0 d-------- C:\VundoFix Backups 2008-06-22 09:59:18 0 d-------- C:\Temp 2008-06-20 14:04:02 43202 --a------ C:\WINDOWS\system32\FlashMenu.sys 2008-06-20 14:03:43 3548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys 2008-06-20 14:03:32 0 d-------- C:\Program Files\U-ABIT 2008-06-20 13:39:57 0 d-------- C:\biosflash 2008-06-09 10:58:02 691545 --a------ C:\WINDOWS\unins000.exe 2008-06-09 10:58:02 2558 --a------ C:\WINDOWS\unins000.dat 2008-06-05 16:38:35 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs 2008-06-05 11:47:52 0 d-------- C:\Program Files\Funcom 2008-06-05 11:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom -- Find3M Report --------------------------------------------------------------- 2008-06-30 10:36:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\StarOffice8 2008-06-30 09:57:13 0 d-------- C:\Program Files\PartyGaming 2008-06-29 18:35:37 0 d-------- C:\Program Files\ATI Technologies 2008-06-29 18:30:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-29 17:36:05 4096 --a------ C:\WINDOWS\system32\crash 2008-06-29 16:44:46 0 d-------- C:\Program Files\d-lusion 2008-06-22 14:55:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-20 12:53:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-06-20 12:37:54 0 d-------- C:\Program Files\SopCast 2008-06-10 18:59:58 0 d-------- C:\Program Files\World of Warcraft 2008-06-09 10:33:34 0 d-------- C:\Program Files\BitLord 2008-06-09 10:25:16 0 d-------- C:\Program Files\Yahoo! 2008-06-09 10:23:58 0 d-------- C:\Program Files\NCSoft 2008-06-09 10:23:35 0 d-------- C:\Program Files\Guild Wars 2008-06-09 10:21:26 0 d-------- C:\Program Files\Soulseek 2008-06-09 10:20:23 0 d-------- C:\Program Files\Project64 1.6 2008-06-07 15:51:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\teamspeak2 2008-05-28 17:56:29 0 d-------- C:\Program Files\Last.fm 2008-05-28 17:50:03 0 d-------- C:\Program Files\Apple Software Update 2008-05-27 23:10:09 0 d-------- C:\Program Files\iTunes 2008-05-27 23:10:02 0 d-------- C:\Program Files\iPod 2008-05-27 23:08:51 0 d-------- C:\Program Files\QuickTime 2008-05-20 21:47:21 0 d-------- C:\Program Files\Octoshape Streaming Services 2008-05-18 11:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Tunebite 2008-05-15 22:05:05 0 d-------- C:\Program Files\Haali 2008-05-15 22:05:04 0 d-------- C:\Program Files\ffdshow 2008-05-15 22:04:40 563712 --a------ C:\WINDOWS\system32\Redemption.dll <Not Verified; Dmitry Streblechenko; Outlook Redemption> 2008-05-15 21:53:28 0 d-------- C:\Program Files\Amazon 2008-05-15 21:29:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\RTPlayer 2008-05-15 21:27:02 0 d-------- C:\Program Files\PixiePack Codec Pack 2008-05-15 21:25:50 0 d-------- C:\Program Files\RapidSolution 2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files 2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-12 17:27:19 0 d-------- C:\Program Files\Common Files\Real 2008-05-06 09:28:03 0 d-------- C:\Program Files\Alwil Software 2008-05-05 09:31:30 0 d-------- C:\Program Files\AVG 2008-05-05 08:55:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real 2008-04-01 18:28:50 24664 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-04-01 13:49:26 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-04-01 13:49:26 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [22/10/2005 12:00 C:\WINDOWS\CTHELPER.EXE] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 01:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25] "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/04/2007 09:45] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 15:43] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [23/07/2007 12:06] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "RTHDCPL"="RTHDCPL.EXE" [] "SoundMan"="SOUNDMAN.EXE" [] "Alcmtr"="ALCMTR.EXE" [] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 12:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BTAgile"="C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe" [18/06/2007 09:39] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50] MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [17/01/2008 21:52:25] StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [25/01/2006 18:42:42] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [28/01/2007 18:47:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{452ebfda-c41b-11dc-a09b-00508d91989d}] AutoRun\command- F:\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe -- End of Deckard's System Scanner: finished at 2008-06-30 10:38:59 ------------
  10. pk909
    Part 2 -- Scheduled Tasks ------------------------------------------------------------- 2008-06-27 19:58:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-05-30 and 2008-06-30 ----------------------------- 2008-06-29 18:37:25 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-06-29 18:33:23 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-06-29 17:41:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-06-29 16:33:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-06-23 18:02:19 0 d-------- C:\Program Files\Trend Micro 2008-06-22 15:39:45 0 d-------- C:\Program Files\EsetOnlineScanner 2008-06-22 15:33:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-06-22 15:33:57 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-22 15:33:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-22 14:55:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-22 14:55:36 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-22 14:55:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-06-22 13:17:21 0 d-------- C:\Program Files\Enigma Software Group 2008-06-22 12:19:35 0 d-------- C:\VundoFix Backups 2008-06-22 09:59:18 0 d-------- C:\Temp 2008-06-20 14:04:02 43202 --a------ C:\WINDOWS\system32\FlashMenu.sys 2008-06-20 14:03:43 3548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys 2008-06-20 14:03:32 0 d-------- C:\Program Files\U-ABIT 2008-06-20 13:39:57 0 d-------- C:\biosflash 2008-06-09 10:58:02 691545 --a------ C:\WINDOWS\unins000.exe 2008-06-09 10:58:02 2558 --a------ C:\WINDOWS\unins000.dat 2008-06-05 16:38:35 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs 2008-06-05 11:47:52 0 d-------- C:\Program Files\Funcom 2008-06-05 11:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom -- Find3M Report --------------------------------------------------------------- 2008-06-30 10:36:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\StarOffice8 2008-06-30 09:57:13 0 d-------- C:\Program Files\PartyGaming 2008-06-29 18:35:37 0 d-------- C:\Program Files\ATI Technologies 2008-06-29 18:30:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-29 17:36:05 4096 --a------ C:\WINDOWS\system32\crash 2008-06-29 16:44:46 0 d-------- C:\Program Files\d-lusion 2008-06-22 14:55:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-20 12:53:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-06-20 12:37:54 0 d-------- C:\Program Files\SopCast 2008-06-10 18:59:58 0 d-------- C:\Program Files\World of Warcraft 2008-06-09 10:33:34 0 d-------- C:\Program Files\BitLord 2008-06-09 10:25:16 0 d-------- C:\Program Files\Yahoo! 2008-06-09 10:23:58 0 d-------- C:\Program Files\NCSoft 2008-06-09 10:23:35 0 d-------- C:\Program Files\Guild Wars 2008-06-09 10:21:26 0 d-------- C:\Program Files\Soulseek 2008-06-09 10:20:23 0 d-------- C:\Program Files\Project64 1.6 2008-06-07 15:51:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\teamspeak2 2008-05-28 17:56:29 0 d-------- C:\Program Files\Last.fm 2008-05-28 17:50:03 0 d-------- C:\Program Files\Apple Software Update 2008-05-27 23:10:09 0 d-------- C:\Program Files\iTunes 2008-05-27 23:10:02 0 d-------- C:\Program Files\iPod 2008-05-27 23:08:51 0 d-------- C:\Program Files\QuickTime 2008-05-20 21:47:21 0 d-------- C:\Program Files\Octoshape Streaming Services 2008-05-18 11:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Tunebite 2008-05-15 22:05:05 0 d-------- C:\Program Files\Haali 2008-05-15 22:05:04 0 d-------- C:\Program Files\ffdshow 2008-05-15 22:04:40 563712 --a------ C:\WINDOWS\system32\Redemption.dll <Not Verified; Dmitry Streblechenko; Outlook Redemption> 2008-05-15 21:53:28 0 d-------- C:\Program Files\Amazon 2008-05-15 21:29:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\RTPlayer 2008-05-15 21:27:02 0 d-------- C:\Program Files\PixiePack Codec Pack 2008-05-15 21:25:50 0 d-------- C:\Program Files\RapidSolution 2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files 2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-12 17:27:19 0 d-------- C:\Program Files\Common Files\Real 2008-05-06 09:28:03 0 d-------- C:\Program Files\Alwil Software 2008-05-05 09:31:30 0 d-------- C:\Program Files\AVG 2008-05-05 08:55:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real 2008-04-01 18:28:50 24664 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-04-01 13:49:26 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-04-01 13:49:26 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [22/10/2005 12:00 C:\WINDOWS\CTHELPER.EXE] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 01:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25] "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/04/2007 09:45] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 15:43] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [23/07/2007 12:06] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "RTHDCPL"="RTHDCPL.EXE" [] "SoundMan"="SOUNDMAN.EXE" [] "Alcmtr"="ALCMTR.EXE" [] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 12:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BTAgile"="C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe" [18/06/2007 09:39] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50] MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [17/01/2008 21:52:25] StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [25/01/2006 18:42:42] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [28/01/2007 18:47:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{452ebfda-c41b-11dc-a09b-00508d91989d}] AutoRun\command- F:\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe -- End of Deckard's System Scanner: finished at 2008-06-30 10:38:59 ------------
  11. pk909
    Hi AdvancedSetup, Firstly thanks for the assistance its greatly appreciated. I've followed your instructions and manually disabled the Kontiki service. I manged to find CDAC11BA.EXE in the registry but couldn't work out what had installed it. I've removed Party Poker, run HJT and removed the entries as advised. I've done a full scan with DSS and the results are as follows: Part 1 Deckard's System Scanner v20071014.68 Run by Administrator on 2008-06-30 10:37:48 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 5 Restore Point(s) -- 83: 2008-06-30 09:02:55 UTC - RP405 - Deckard's System Scanner Restore Point 82: 2008-06-29 17:34:46 UTC - RP404 - Installed ATI Catalyst Control Center 81: 2008-06-29 17:29:57 UTC - RP403 - Removed Realtek High Definition Audio Driver 80: 2008-06-29 17:29:33 UTC - RP402 - Removed ATI Catalyst Registration 79: 2008-06-29 17:25:23 UTC - RP401 - Installed ATI Catalyst Registration -- First Restore Point -- 1: 2008-04-01 11:29:22 UTC - RP323 - Installed DirectX Performed disk cleanup. -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:37:49, on 30/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\CTHELPER.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Sun\StarOffice 8\program\soffice.exe C:\Program Files\Sun\StarOffice 8\program\soffice.BIN C:\Documents and Settings\Administrator\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [bTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138541459156 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - C:\WINDOWS\system32\pr2agnqb.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 9173 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT> R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX> R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture> R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S0 fcdabus - c:\windows\system32\drivers\fcdabus.sys (file missing) S3 fsRamDsk (RamDisk Drive Service) - c:\windows\system32\drivers\fsramdsk.sys (file missing) S3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkhdaud.sys (file missing) S3 Memctl - c:\program files\u-abit\flashmenu\memctl.sys S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing) S3 WINFLASH - c:\program files\u-abit\flashmenu\winflash.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module> R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> S4 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT> S4 KService - "c:\program files\kontiki\kservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\9067FB508D00 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\9067FB508D00 Service: NIC1394 Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ROOT\PORTS\0000 Manufacturer: (Standard port types) Name: Communications Port (COM6) PNP Device ID: ROOT\PORTS\0000 Service: Serial -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 992) 2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor> C:\WINDOWS\system32\svchost.exe (pid 1448) 2006-03-30 14:58:34 131072 --a------ C:\WINDOWS\system32\nvappfilter.dll <Not Verified; NVIDIA; NVIDIA Application Filter> C:\WINDOWS\system32\svchost.exe (pid 1520) 2006-03-30 14:58:34 131072 --a------ C:\WINDOWS\system32\nvappfilter.dll <Not Verified; NVIDIA; NVIDIA Application Filter> C:\WINDOWS\explorer.exe (pid 1096) 2005-05-25 03:40:00 57344 --a------ C:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2005-10-22 12:00:50 7168 --a------ C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent> 2007-11-18 20:56:30 159744 --a------ C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll 2007-11-18 20:55:02 23552 --a------ C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll 2006-02-10 22:31:22 311296 --a------ C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll <Not Verified; Sun Microsystems, Inc.; > 2006-02-10 22:31:34 98304 --a------ C:\Program Files\Sun\StarOffice 8\program\uwinapi.dll <Not Verified; Sun Microsystems, Inc.; > 2006-02-10 22:31:24 577536 --a------ C:\Program Files\Sun\StarOffice 8\program\stlport_vc7145.dll <Not Verified; STLport Consulting, Inc.; STLport Standard ANSI C++ Libarary> 2008-05-13 10:13:36 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware> C:\WINDOWS\system32\rundll32.exe (pid 1416) 2005-05-25 03:40:00 57344 --a------ C:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
  12. pk909
    No problem Wolfeymole, thanks for the assistance :)
  13. pk909
    That was the whole log, the only bit I missed was: -- End of file - 10600 bytes but I didn't think you'd need that. I've run hijack this again and got the same logfile. P
  14. pk909
    sorry, i've been trying to send it in two parts as it was too big, my connection has been so bad its taken ages :( part 2: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [bTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138541459156 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - C:\WINDOWS\system32\pr2agnqb.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
  15. pk909
    Here is my logfile: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\CTHELPER.EXE C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Sun\StarOffice 8\program\soffice.exe C:\Program Files\Sun\StarOffice 8\program\soffice.BIN C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
×
×
  • Create New...