1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help! No date & time, task manager, control panel or regedit!

Discussion in 'Virus & Other Malware Removal' started by DrDetroit, Aug 20, 2007.

Thread Status:
Not open for further replies.
  1. DrDetroit

    DrDetroit Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    2
    Hello to TSG - hopefully this will be an easy malware removal but it is my first experience with one so I have no reference...
    'Puter started running slow and quickly found I lost access to:
    Date and Time: "This operation has been canceled due to restrictions in effect on this computer. Contact system admin."
    Task Manager: Greyed out in Windows Security Manager Window
    Control Panel: Gone from Start Menu and Explorer
    Regedit: "Registry Editing has been disabled by your administrator"
    Lord knows what else I cant get to... but no command line string opens any control panel items (ie "control inetcpl.cpl")

    ZoneAlarm detected Trojan.win32.agent.ali (aka "EldyCow L" I believe) and kept finding a text file that would regen - the name was "xxx1333.txt" where xxx is a random - that seems to have stopped, ZoneAlarm has no issues currently, but the restrictions are still in place. This is now day 3 of the problem and I cant find any guidance anywhere so... you are my only hope Obi Wan...

    I will get some of the common tools to get started...

    Thank you all in advance for your assistance and time.:cool:

    <Hijackthis Log File>

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:16:43 AM, on 8/20/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINNT\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\system32\wuauclt.exe
    E:\APPS\MS AnitSpyware\gcasDtServ.exe
    E:\APPS\iTunes\iTunesHelper.exe
    E:\APPS\iPod\bin\iPodService.exe
    E:\Sys\Zone Alarm\ZA5-5\zlclient.exe
    E:\Sys\ZONEAL~1\ZA5-5\MAILFR~1\mantispm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Tech\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\printer.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [gcasServ] "E:\APPS\MS AnitSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AtiDisplayDrv] atidrvxx.exe
    O4 - HKLM\..\Run: [3FnP3sO] rdoiagn.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [XoftSpy] E:\Tech\Xoft\XoftSpy\XoftSpy.exe -s
    O4 - HKLM\..\Run: [iTunesHelper] "E:\APPS\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Video\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
    O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Sys\Zone Alarm\ZA5-5\zlclient.exe"
    O4 - HKLM\..\Run: [WinAVX] C:\WINNT\system32\WinAvXX.exe
    O4 - HKLM\..\RunServices: [AtiDisplayDrv] atidrvxx.exe
    O4 - HKLM\..\RunServices: [Win TaskLoader] msgmr.exe
    O4 - HKCU\..\Run: [AtiDisplayDrv] atidrvxx.exe
    O4 - HKCU\..\Run: [Io4FRii4l] ojx2fw95.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINNT\system32\WinAvXX.exe
    O4 - HKCU\..\RunServices: [AtiDisplayDrv] atidrvxx.exe
    O4 - HKUS\.DEFAULT\..\Run: [Io4FRii4l] apiromon.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AtiDisplayDrv] atidrvxx.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [Win TaskLoader] msgmr.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [WinAVX] C:\WINNT\system32\WinAvXX.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunServices: [AtiDisplayDrv] atidrvxx.exe (User 'Default user')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O16 - DPF: {0D062C61-F69C-11D6-A718-00C0F02CC8EE} (FISERV FIPSCO Report Viewer) - https://lpss.amerus.com/amu/reports/control/amurptview.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.actionbenefits.com/viewer9/activeXViewer/activexviewer.cab
    O16 - DPF: {3D4C3992-ABD6-4F85-9A1B-8568E3B4DB3E} (FISERV FIPSCO Insmark Interface Class) - https://lpss.amerus.com/amu/InsMark/imkctl.cab
    O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - https://www.actionbenefits.com/crystalreportviewers11/ActiveXControls/ActiveXViewer.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15bf6aa2172b8624c705/netzip/RdxIE601.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
    O20 - AppInit_DLLs: C:\WINNT\system32\hrum133.txt
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\APPS\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6627 bytes
     
  2. DrDetroit

    DrDetroit Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    2
    OK - I did a combofix out of desperation and it seems to have done the trick. No props yet, heres the log file...


    ComboFix 07-08-17.2 - "Administrator" 08/20/2007 12:26:03.1 - NTFSx86
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.42 [GMT -4:00]


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\3MH53UQJ\www.broadcaster.com
    C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\ADMINI~1\Desktop.\internet explorer.lnk
    C:\WINNT\system32\MabryObj.dll
    C:\WINNT\system32\msnav32.ax
    C:\WINNT\system32\msnmsgr.exe


    ((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))


    2007-08-20 12:23 51,200 --a------ C:\WINNT\nircmd.exe
    2007-08-18 03:47 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2007-08-15 23:59 512 --a------ C:\ScanSectorLog.dat
    2007-08-15 23:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MailFrontier
    2007-08-15 23:38 3,867,168 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
    2007-08-15 23:38 27,936 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
    2007-08-15 23:24 1,087,216 --a------ C:\WINNT\system32\zpeng24.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    99-12-07 08:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys
    98-04-27 00:00 570128 --a------ C:\Program Files\Common Files\DAO350.DLL
    07-08-20 12:40 61100 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
    07-08-20 12:40 5756 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
    07-07-17 20:38 --------- d-------- C:\Program Files\Common Files\Business Objects
    07-07-05 16:06 --------- d-------- C:\Program Files\MySpace
    07-07-05 16:06 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MySpace
    07-05-29 21:19 50176 --a------ C:\WINNT\system32\reg.exe
    04-07-19 05:14 271 ---h----- C:\Program Files\desktop.ini
    04-07-19 05:14 21952 ---h-c--- C:\Program Files\folder.htt
    2005-09-09 14:55:08 56 --sh--r C:\WINNT\system32\D429A985FE.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [03-06-19 15:05 C:\WINNT\system32\mobsync.exe]
    "gcasServ"="E:\APPS\MS AnitSpyware\gcasServ.exe" [05-11-15 13:12 ]
    "AtiDisplayDrv"="atidrvxx.exe" []
    "3FnP3sO"="rdoiagn.exe" []
    "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [06-01-12 17:40 ]
    "XoftSpy"="E:\Tech\Xoft\XoftSpy\XoftSpy.exe" []
    "iTunesHelper"="E:\APPS\iTunes\iTunesHelper.exe" [06-02-23 15:45 ]
    "QuickTime Task"="E:\Video\QuickTime\qttask.exe" [06-05-12 16:32 ]
    "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [05-08-10 15:42 ]
    "ZoneAlarm Client"="E:\Sys\Zone Alarm\ZA5-5\zlclient.exe" [07-03-09 01:02 ]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtiDisplayDrv"="atidrvxx.exe" []
    "Io4FRii4l"="ojx2fw95.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
    "AtiDisplayDrv"=atidrvxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "AtiDisplayDrv"=atidrvxx.exe
    "Win TaskLoader"=msgmr.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
    "AtiDisplayDrv"=atidrvxx.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Io4FRii4l"=apiromon.exe
    "AtiDisplayDrv"=atidrvxx.exe
    "Win TaskLoader"=msgmr.exe
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoChangeStartMenu"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoLogOff"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    R2 AtiBt829;WDM Video Capture For AIW (AtiBt829);C:\WINNT\system32\DRIVERS\AtiBt829.sys
    R2 ATITUNEP;WDM TV Tuner (ATITuneP);C:\WINNT\system32\DRIVERS\atitunep.sys
    R2 ATITVAUDIO;WDM TVAudio (ATITVSnd);C:\WINNT\system32\DRIVERS\atitvsnd.sys
    R2 ATIXBAR;WDM Video Audio Crossbar (ATIXBar);C:\WINNT\system32\DRIVERS\atixbar.sys
    R3 ati2mpaa;ati2mpaa;C:\WINNT\system32\DRIVERS\ati2mpaa.sys
    R3 Canyon;PSC602 Audio Driver (WDM);C:\WINNT\system32\drivers\PSC602.sys
    R3 ELNK3;3Com EtherLink III;C:\WINNT\system32\DRIVERS\elnk3.sys
    S0 XMS1563K;XMS1563K;C:\WINNT\system32\drivers\XMS1563K.sys
    S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINNT\system32\DRIVERS\NtApm.sys
    S4 Wmdoten5;Wmdoten5;C:\WINNT\System32\drivers\videoprt.sys

    *Newly Created Service* - IPNAT
    *Newly Created Service* - RASAUTO
    *Newly Created Service* - SHAREDACCESS

    Contents of the 'Scheduled Tasks' folder
    2007-08-20 12:43:00 C:\WINNT\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    2006-01-06 13:58:05 C:\WINNT\Tasks\XoftSpy.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-20 12:52:33
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINNT\system32\drivers\MFX.sys

    scan completed successfully
    hidden files: 1

    **************************************************************************

    Completion time: 2007-08-20 12:56:37 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 07-08-20 12:55

    --- E O F ---

    OK - now heres the latest HJT Log file...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:09:02 PM, on 8/20/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\ZoneLabs\avsys\ScanningProcess.exe
    E:\APPS\iTunes\iTunesHelper.exe
    E:\APPS\MS AnitSpyware\gcasDtServ.exe
    E:\Video\QuickTime\qttask.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    E:\APPS\iPod\bin\iPodService.exe
    E:\Sys\Zone Alarm\ZA5-5\zlclient.exe
    C:\WINNT\system32\ZoneLabs\avsys\ScanningProcess.exe
    E:\Sys\ZONEAL~1\ZA5-5\MAILFR~1\mantispm.exe
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Tech\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [gcasServ] "E:\APPS\MS AnitSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AtiDisplayDrv] atidrvxx.exe
    O4 - HKLM\..\Run: [3FnP3sO] rdoiagn.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [XoftSpy] E:\Tech\Xoft\XoftSpy\XoftSpy.exe -s
    O4 - HKLM\..\Run: [iTunesHelper] "E:\APPS\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Video\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
    O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Sys\Zone Alarm\ZA5-5\zlclient.exe"
    O4 - HKLM\..\RunServices: [AtiDisplayDrv] atidrvxx.exe
    O4 - HKLM\..\RunServices: [Win TaskLoader] msgmr.exe
    O4 - HKCU\..\Run: [AtiDisplayDrv] atidrvxx.exe
    O4 - HKCU\..\Run: [Io4FRii4l] ojx2fw95.exe
    O4 - HKCU\..\RunServices: [AtiDisplayDrv] atidrvxx.exe
    O4 - HKUS\.DEFAULT\..\Run: [Io4FRii4l] apiromon.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AtiDisplayDrv] atidrvxx.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [Win TaskLoader] msgmr.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunServices: [AtiDisplayDrv] atidrvxx.exe (User 'Default user')
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O16 - DPF: {0D062C61-F69C-11D6-A718-00C0F02CC8EE} (FISERV FIPSCO Report Viewer) - https://lpss.amerus.com/amu/reports/control/amurptview.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.actionbenefits.com/viewer9/activeXViewer/activexviewer.cab
    O16 - DPF: {3D4C3992-ABD6-4F85-9A1B-8568E3B4DB3E} (FISERV FIPSCO Insmark Interface Class) - https://lpss.amerus.com/amu/InsMark/imkctl.cab
    O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - https://www.actionbenefits.com/crystalreportviewers11/ActiveXControls/ActiveXViewer.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15bf6aa2172b8624c705/netzip/RdxIE601.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\APPS\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6209 bytes


    Any help would be greatly appreciated as I cant read these properly and would love to know that it is truly clean...:cool:
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/612506

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice