1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help! PC Keep sending weird e.mail that keep bouncing back

Discussion in 'Virus & Other Malware Removal' started by chrisley, Apr 27, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    :( Urgent help needed my PC keeps sending weird e.mail that keep bouncing back. Lots of them. Each time the Norton message says "your e.mail message was unable to be sent because your mail server rejected the message". It statrts after 2 min, when I get connected. It's all over the screen. Here is my HJT. It's urgent. Thank You

    Logfile of HijackThis v1.99.1
    Scan saved at 12:41:52 PM, on 4/27/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSLAGENT.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\officedrv.exe
    C:\Program Files\I8kfanGUI\I8kfanGUI.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Norton AntiVirus\OPScan.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\My Documents\Personal Stuff\Drivers\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 166.166.3.3:80
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RegistryMonitor] C:\WINDOWS\officedrv.exe
    O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
    O4 - Startup: PowerReg Scheduler V3.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://203.118.43.106/activex/AxisCamControl.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  3. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    Thank you very much for such a fast reply. Here are the logs SDFix and HJT. Would you have any comments / advice? I can't tell yet if it's been solved. Thank you in advance.


    SDFix: Version 1.79

    Run by Owner - Fri 04/27/2007 - 18:07:52.75

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:






    Restoring Windows Registry Values
    Restoring Windows Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found...




    Removing Temp Files

    ADS Check:

    Checking if ADS is attached to system32 Folder
    C:\WINDOWS\system32
    No streams found.

    Checking if ADS is attached to svchost.exe
    C:\WINDOWS\system32\svchost.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    Remaining Files:
    ---------------
    C:\WINDOWS\system32\rsvp32_2.dll Found - LSP!


    Checking For Files with Hidden Attributes:

    C:\Documents and Settings\Owner\My Documents\Diving\PADI Asia Pacific Member Awards 2006\PADI.com\Thumbs.db
    C:\Program Files\Picasa2\setup.exe
    C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1370.tmp
    C:\WINDOWS\LastGood.Tmp\INF\oem10.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem10.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem11.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem11.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem12.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem12.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem13.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem14.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem14.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem15.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem16.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem16.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem17.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem17.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem18.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem18.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem19.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem19.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem20.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem20.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem21.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem21.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem22.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem22.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem23.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem23.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem24.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem24.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem6.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem6.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem7.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem7.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem8.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem8.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem9.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem9.PNF

    Finished


    Logfile of HijackThis v1.99.1
    Scan saved at 6:14:00 PM, on 4/27/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSLAGENT.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\officedrv.exe
    C:\Program Files\I8kfanGUI\I8kfanGUI.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\My Documents\Personal Stuff\Drivers\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 166.166.3.3:80
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RegistryMonitor] C:\WINDOWS\officedrv.exe
    O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
    O4 - Startup: PowerReg Scheduler V3.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://203.118.43.106/activex/AxisCamControl.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I can see some of the files involved but am sure there is a rootkit hiding the others

    lets start with a clear up of what we can see

    Download LSPfix here: http://www.cexx.org/lspfix.htm
    and now run the LSPFIX application. You will see a list of files in the left hand pane and possibly some in the right hand pane. Tick the"I know what i'm doing" box & select any instances of rsvp32_2.dll that are in the left hand keep pane and move them to the right hand remove pane, DO NOT MOVE ANY OTHER FILES, press finish and the program will do anything necessary


    then

    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the quote box below including the " Files to delete:" line, to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    when it reboots

    post a new HJT log &

    download gmer rootkit detector from http://gmer.net

    unzip it & double click the gmer.exe file

    select rootkit tab & press scan

    when it has finished press copy & post back the log it makes


    then

    Download catchme from
    http://files.thespykiller.co.uk/catchme.exe to your desktop.

    Double click the catchme.exe to run it and then press scan

    when it finishes if there are any files listed in the window press zip to make a copy of any files to submit if we ask for it

    the catchme.log should open automatically, if it doesn't then it will be on the desktop, copy the contents back here please
     
  5. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    Thank you. Need a quick pre-check before proceeding. For LSPfix. I can see a file called rsvp.dll (protocol handler). Shall I move this file to the right-hand panel?
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    NO

    only move the one I sad to move and NO others at all otherwise you will lose internet connection

    rsvp.dll is a legitimate & needed file
     
  7. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    For The Avenger program, what is the text to copy in the View/edit script window ? I cannot see it. Thank you.
     
  8. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    Ok. I can see the text. Now doing it. Sorry. Will get back to you.
     
  9. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    Here are the logs of The Avengers and HJT. Going to do gmer.

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\msdqtbcm

    *******************

    Script file located at: \??\C:\WINDOWS\System32\nfbkrcss.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\rsvp32_2.dll deleted successfully.
    File C:\WINDOWS\officedrv.exe deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.




    Logfile of HijackThis v1.99.1
    Scan saved at 8:28:06 PM, on 4/27/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSLAGENT.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\I8kfanGUI\I8kfanGUI.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\My Documents\Personal Stuff\Drivers\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 166.166.3.3:80
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RegistryMonitor] C:\WINDOWS\officedrv.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [i8kfangui] "C:\Program Files\I8kfanGUI\I8kfanGUI.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
    O4 - Startup: PowerReg Scheduler V3.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://203.118.43.106/activex/AxisCamControl.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  10. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    GMER 1.0.12.12244 - http://www.gmer.net
    Rootkit scan 2007-04-27 20:40:22
    Windows 5.1.2600 Service Pack 1


    ---- System - GMER 1.0.12 ----

    SSDT 823E9FA8 ZwAllocateVirtualMemory
    SSDT 822A6F98 ZwConnectPort
    SSDT 823EB1C0 ZwCreateKey
    SSDT 82396E78 ZwCreateProcess
    SSDT 823DC948 ZwCreateProcessEx
    SSDT 82395650 ZwCreateThread
    SSDT 8233D0A8 ZwDeleteKey
    SSDT 82396A20 ZwDeleteValueKey
    SSDT 821A4AA8 ZwOpenProcess
    SSDT 822A9F40 ZwOpenThread
    SSDT 823E7910 ZwQueueApcThread
    SSDT 823E9C60 ZwReadVirtualMemory
    SSDT 823975C8 ZwRenameKey
    SSDT 823C54A0 ZwSetContextThread
    SSDT 823970F0 ZwSetInformationKey
    SSDT 823C8658 ZwSetInformationProcess
    SSDT 823C5518 ZwSetInformationThread
    SSDT 823E2238 ZwSetValueKey
    SSDT 823C85E0 ZwSuspendProcess
    SSDT 823E7988 ZwSuspendThread
    SSDT 823DC528 ZwTerminateProcess
    SSDT 823955D8 ZwTerminateThread
    SSDT 823E9F30 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.12 ----

    .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 150 805025CC 4 Bytes [ A8, 9F, 3E, 82 ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 188 80502604 4 Bytes [ 98, 6F, 2A, 82 ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [ C0, B1, 3E, 82 ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C8 80502644 8 Bytes [ 78, 6E, 39, 82, 48, C9, 3D, ... ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1E0 8050265C 4 Bytes [ 50, 56, 39, 82 ]
    .text ...
    ? jawgjvut.sys The system cannot find the file specified.

    ---- User code sections - GMER 1.0.12 ----

    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1108] kernel32.dll!CreateThread + 18 77E7BE6B 4 Bytes [ 91, 42, 5D, 88 ]
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1500] kernel32.dll!CreateThread + 18 77E7BE6B 4 Bytes JMP D5701BB6
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[1644] kernel32.dll!SetUnhandledExceptionFilter 77E7E5A1 9 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe
    .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[3016] kernel32.dll!VirtualProtect 77E6169E 5 Bytes JMP 0002FEDC C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[3016] kernel32.dll!VirtualAlloc 77E7AC72 5 Bytes JMP 0002FE60 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[3016] kernel32.dll!CreateFileA 77E7B476 5 Bytes JMP 0002FCB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[3016] kernel32.dll!LoadLibraryExW 77E7D839 5 Bytes JMP 0002FCB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[3016] kernel32.dll!VirtualFree 77E815CB 5 Bytes JMP 0002FEA0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

    ---- Devices - GMER 1.0.12 ----

    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 820A10C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 8215E0C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 820AE0C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 821842C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 82078198
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 8209E0C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 8209F0C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 820A00C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 8206F0C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 820C00C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 82186768
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 82186B10
    Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 8208D0C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 8209C0C8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 821EF580
    Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 821A42D8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 821E9908
    Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 820AAF20
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 8217DE90
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 821DC298
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 820955E8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 82240358
    Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 82093D98
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 82187648
    Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 8208A2B8
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 820A6970
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 81FFBE90
    Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 82344F10
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 820A10C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 8215E0C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 820AE0C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 821842C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 82078198
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 8209E0C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 8209F0C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 820A00C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 8206F0C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 820C00C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 82186768
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 82186B10
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 8208D0C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 8209C0C8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 821EF580
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 821A42D8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 821E9908
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 820AAF20
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 8217DE90
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 821DC298
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 820955E8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 82240358
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 82093D98
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 82187648
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 8208A2B8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 820A6970
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 81FFBE90
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 82344F10
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 820A10C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 8215E0C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 820AE0C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 821842C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 82078198
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 8209E0C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 8209F0C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 820A00C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 8206F0C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 820C00C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 82186768
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 82186B10
    Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 8208D0C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 8209C0C8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 821EF580
    Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 821A42D8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 821E9908
    Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 820AAF20
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 8217DE90
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 821DC298
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 820955E8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 82240358
    Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 82093D98
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 82187648
    Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 8208A2B8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 820A6970
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 81FFBE90
    Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 82344F10
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 820A10C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 8215E0C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 820AE0C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 821842C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 82078198
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 8209E0C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 8209F0C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 820A00C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 8206F0C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 820C00C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 82186768
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 82186B10
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 8208D0C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 8209C0C8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 821EF580
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 821A42D8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 821E9908
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 820AAF20
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 8217DE90
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 821DC298
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 820955E8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 82240358
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 82093D98
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 82187648
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 8208A2B8
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 820A6970
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 81FFBE90
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 82344F10
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 820A10C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 8215E0C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 820AE0C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 821842C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 82078198
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 8209E0C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 8209F0C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 820A00C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 8206F0C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 820C00C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 82186768
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 82186B10
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 8208D0C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 8209C0C8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 821EF580
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 821A42D8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 821E9908
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 820AAF20
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 8217DE90
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 821DC298
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 820955E8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 82240358
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 82093D98
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 82187648
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 8208A2B8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 820A6970
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 81FFBE90
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 82344F10
    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EF464116] tfsnifs.sys
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EF464116] tfsnifs.sys
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EF464116] tfsnifs.sys
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EF464116] tfsnifs.sys
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EF464116] tfsnifs.sys
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [EF464253] tfsnifs.sys

    ---- EOF - GMER 1.0.12 ----
     
  11. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    and here is the log of the Catchme.exe run. What should I do next?

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-04-27 20:43:41
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    next lets ee what this shows
    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
      • In the Processes group click Non-Microsoft
      • In the Win32 Services group click Non-Microsoft
      • In the Driver Services group click Non-Microsoft
      • In the Registry group click Non-Microsoft
      • In the Files Created Within group click 30 days Make sure Non-Microsoft only is CHECKED
      • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
      • In the File String Search group select Non-Microsoft
      • in the Additional scans sections please press select all and uncheck microsoft only
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    Use the Reply button and attach the notepad file here . I will review it when it comes in.
     
  13. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    Here is the log from WinPFind3u, in 2 posts as it says the text is too long. Please note in the "Additiona Scan" sections, I unchecked the box "non-microsoft only".

    How does it look ? Thank you very much in advance.


    WinPFind3 logfile created on: 4/27/2007 9:10:50 PM
    WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2800.1106)

    510.21 Mb Total Physical Memory | 182.26 Mb Available Physical Memory | 35.72% Memory free
    1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.57% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 34.04 Gb Free Space | 60.91% Space Free
    Unable to calculate disk information.
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: CHRISTOP-9KSTDR
    Current User Name: Owner
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    1xconfig.exe -> %System32%\1XConfig.exe -> Intel [Ver = 4, 1, 0, 3 | Size = 184320 bytes | Modified Date = 6/20/2003 6:56:06 AM | Attr = ]
    aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
    bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 5:59:24 AM | Attr = ]
    ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 58984 bytes | Modified Date = 1/9/2007 5:32:02 PM | Attr = ]
    ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 198248 bytes | Modified Date = 1/9/2007 5:32:02 PM | Attr = ]
    ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 181864 bytes | Modified Date = 1/9/2007 5:32:04 PM | Attr = ]
    dragdiag.exe -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON [Ver = 300.7.0.2 | Size = 878080 bytes | Modified Date = 9/5/2003 6:59:20 AM | Attr = ]
    dslagent.exe -> %System32%\dslagent.exe -> [Ver = | Size = 16384 bytes | Modified Date = 2/2/2001 9:54:40 AM | Attr = ]
    hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2311 | Size = 118784 bytes | Modified Date = 10/27/2003 6:56:38 PM | Attr = ]
    i8kfangui.exe -> %ProgramFiles%\I8kfanGUI\I8kfanGUI.exe -> Christian Diefer [Ver = 2.2.0 | Size = 524288 bytes | Modified Date = 1/24/2004 10:26:46 PM | Attr = ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
    itunes.exe -> %ProgramFiles%\iTunes\iTunes.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 14672448 bytes | Modified Date = 3/14/2007 7:05:44 PM | Attr = ]
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
    navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ]
    npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 12:54:52 PM | Attr = ]
    pronomgr.exe -> %ProgramFiles%\Intel\NCS\PROSet\PRONoMgr.exe -> Intel(R) Corporation [Ver = 6.1.302.0 | Size = 86016 bytes | Modified Date = 5/28/2003 5:32:40 PM | Attr = ]
    realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 1/30/2006 2:55:44 PM | Attr = ]
    regsrvc.exe -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 122880 bytes | Modified Date = 6/20/2003 6:54:18 AM | Attr = ]
    s24evmon.exe -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 303171 bytes | Modified Date = 6/20/2003 6:55:22 AM | Attr = ]
    skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 10/13/2006 5:20:08 PM | Attr = ]
    sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr = ]
    spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 4:24:04 PM | Attr = ]
    spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 3/1/2007 8:09:12 PM | Attr = ]
    spysweeperui.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 4865600 bytes | Modified Date = 3/1/2007 8:09:02 PM | Attr = ]
    ssu.exe -> %ProgramFiles%\Webroot\Spy Sweeper\ssu.exe -> [Ver = | Size = 168512 bytes | Modified Date = 3/1/2007 8:09:08 PM | Attr = ]
    symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 822424 bytes | Modified Date = 10/12/2005 12:34:20 PM | Attr = ]
    tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    vsnpstd.exe -> %SystemRoot%\vsnpstd.exe -> [Ver = 1, 0, 1, 1 | Size = 286720 bytes | Modified Date = 6/10/2004 1:48:04 PM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
    (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 198248 bytes | Modified Date = 1/9/2007 5:32:02 PM | Attr = ]
    (ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 79464 bytes | Modified Date = 1/9/2007 5:32:04 PM | Attr = ]
    (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 181864 bytes | Modified Date = 1/9/2007 5:32:04 PM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 9/4/2002 12:31:04 AM | Attr = ]
    (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/27/2007 2:28:36 PM | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
    (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
    (navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ]
    (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.1.301.0 | Size = 139264 bytes | Modified Date = 4/29/2003 2:29:54 PM | Attr = ]
    (NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 12:54:52 PM | Attr = ]
    (RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 122880 bytes | Modified Date = 6/20/2003 6:54:18 AM | Attr = ]
    (S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 303171 bytes | Modified Date = 6/20/2003 6:55:22 AM | Attr = ]
    (SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 3/7/2005 2:59:36 PM | Attr = ]
    (SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 67184 bytes | Modified Date = 10/19/2005 12:55:00 PM | Attr = ]
    (SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr = ]
    (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 4:24:04 PM | Attr = ]
    (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 822424 bytes | Modified Date = 10/12/2005 12:34:20 PM | Attr = ]
    (WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 3/1/2007 8:09:12 PM | Attr = ]

    [Driver Services - Non-Microsoft Only]
    (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
    (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
    (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
    (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
    (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
    (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
    (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Stopped] -> %System32%\drivers\alcan5wn.sys -> THOMSON [Ver = 300.7.0.2 | Size = 53600 bytes | Modified Date = 9/5/2003 6:58:24 AM | Attr = ]
    (alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] -> %System32%\drivers\alcaudsl.sys -> THOMSON [Ver = 301.0.0.12 | Size = 70688 bytes | Modified Date = 12/8/2003 11:53:46 AM | Attr = ]
    (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
    (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
    (ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %System32%\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.3.1.232 | Size = 94600 bytes | Modified Date = 8/21/2003 7:25:52 PM | Attr = ]
    (asc) asc [Kernel | Disabled | Stopped] -> -> File not found
    (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
    (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
    (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
    (BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %System32%\drivers\BCMSM.sys -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 8/29/2003 5:59:24 AM | Attr = ]
    (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
    (Changer) Changer [Kernel | System | Stopped] -> -> File not found
    (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
    (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
    (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
    (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Modified Date = 9/4/2002 12:31:04 AM | Attr = ]
    (dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Modified Date = 9/4/2002 12:31:06 AM | Attr = ]
    (dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 9/4/2002 12:31:06 AM | Attr = ]
    (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
    (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.65a | Size = 84576 bytes | Modified Date = 7/31/2003 3:21:00 AM | Attr = ]
    (drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.38a | Size = 40448 bytes | Modified Date = 6/20/2003 2:56:00 AM | Attr = ]
    (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 6.04.14.0081 built by: WinDDK | Size = 140800 bytes | Modified Date = 8/21/2003 4:46:42 PM | Attr = ]
    (fanio) FanIO driver [Kernel | System | Running] -> %System32%\drivers\fanio.sys -> CD [Ver = 1.5 built by: WinDDK | Size = 17792 bytes | Modified Date = 8/6/2003 5:18:36 AM | Attr = ]
    (GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr = ]
    (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
    (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
    (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
    (ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3701 | Size = 93979 bytes | Modified Date = 10/27/2003 8:42:30 PM | Attr = ]
    (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
    (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
    (MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.2.1.0 [Kernel | Auto | Running] -> %System32%\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.2.1.0 | Size = 14037 bytes | Modified Date = 10/6/2005 2:19:02 PM | Attr = ]
    (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
    (NAL) Nal Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\iqvw32.sys -> Intel Corporation [Ver = 1.00.9.0 built by: WinDDK | Size = 20096 bytes | Modified Date = 11/22/2002 8:01:26 PM | Attr = ]
    (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070425.033\NAVENG.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 77688 bytes | Modified Date = 4/4/2007 4:00:00 PM | Attr = ]
    (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070425.033\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 852824 bytes | Modified Date = 4/4/2007 4:00:00 PM | Attr = ]
    (OMCI) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\drivers\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 318, 0 | Size = 17153 bytes | Modified Date = 10/9/2002 10:20:52 AM | Attr = ]
    (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
    (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
    (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
    (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
    (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
    (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
    (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
    (PolarUSB) Polar USB Interface [Kernel | On_Demand | Stopped] -> %System32%\drivers\PolarUSB.sys -> Polar Electro [Ver = 1.0 | Size = 17343 bytes | Modified Date = 7/12/2001 3:49:44 PM | Attr = ]
    (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 9/4/2002 12:53:10 AM | Attr = ]
    (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.41a | Size = 36560 bytes | Modified Date = 9/28/2006 5:53:24 AM | Attr = ]
    (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
    (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
    (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
    (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
    (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
    (s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 10970 bytes | Modified Date = 6/20/2003 6:54:04 AM | Attr = ]
    (SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Norton AntiVirus\SAVRT.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 338056 bytes | Modified Date = 3/7/2005 2:59:44 PM | Attr = ]
    (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton AntiVirus\SAVRTPEL.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 50312 bytes | Modified Date = 3/7/2005 2:59:50 PM | Attr = ]
    (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 9/4/2002 12:58:50 AM | Attr = ]
    (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
    (SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\smcirda.sys -> SMC [Ver = 5.1.2462.0 | Size = 35913 bytes | Modified Date = 8/17/2001 12:10:28 PM | Attr = ]
    (snpstd) VideoCAM Eye [Kernel | On_Demand | Stopped] -> %System32%\drivers\snpstd.sys -> [Ver = 1, 1, 6, 1 | Size = 390912 bytes | Modified Date = 6/20/2005 9:27:02 PM | Attr = ]
    (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
    (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,0,1,47 | Size = 341096 bytes | Modified Date = 7/21/2004 4:24:04 PM | Attr = ]
    (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 5621 bytes | Modified Date = 7/14/2003 11:28:40 AM | Attr = ]
    (SSFS0509) Spy Sweeper File System Filer Driver: 0509 [Kernel | Boot | Running] -> %System32%\drivers\SSFS0509.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 20544 bytes | Modified Date = 3/1/2007 7:54:16 PM | Attr = ]
    (SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 22080 bytes | Modified Date = 3/1/2007 7:54:16 PM | Attr = ]
    (SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 144960 bytes | Modified Date = 3/1/2007 7:54:18 PM | Attr = ]
    (SSKBFD) Webroot Spy Sweeper Keylogger Shield Keyboard Filter [Kernel | On_Demand | Running] -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 21056 bytes | Modified Date = 3/1/2007 7:54:22 PM | Attr = ]
    (ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 23219 bytes | Modified Date = 7/14/2003 11:28:22 AM | Attr = ]
    (STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.3794 | Size = 220176 bytes | Modified Date = 4/25/2003 5:10:52 PM | Attr = ]
    (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
    (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
    (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 11480 bytes | Modified Date = 3/28/2007 6:41:12 PM | Attr = ]
    (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Modified Date = 9/15/2006 10:52:12 PM | Attr = ]
    (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 171928 bytes | Modified Date = 3/28/2007 6:41:14 PM | Attr = ]
    (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 37016 bytes | Modified Date = 3/28/2007 6:41:20 PM | Attr = ]
    (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070417.002\SymIDSCo.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 185976 bytes | Modified Date = 1/16/2007 7:01:06 PM | Attr = ]
    (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 4608 bytes | Modified Date = 10/12/2005 12:34:20 PM | Attr = ]
    (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 47192 bytes | Modified Date = 3/28/2007 6:41:18 PM | Attr = ]
    (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 18904 bytes | Modified Date = 3/28/2007 6:41:24 PM | Attr = ]
    (SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 266552 bytes | Modified Date = 3/28/2007 6:41:26 PM | Attr = ]
    (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
    (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
    (tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 25685 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    (tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 34837 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    (tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 4117 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    (tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 2233 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    (tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 83284 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    (tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 14229 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    (tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 6357 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    (tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 98068 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 100373 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
    (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
    (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
    (w70n51) Intel(R) PRO/Wireless 7100 Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\w70n51.sys -> IntelĀ® Corporation [Ver = 1.2.0.56 | Size = 2477952 bytes | Modified Date = 6/11/2003 5:06:44 AM | Attr = ]
    (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
    ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.14.10.3701 | Size = 120830 bytes | Modified Date = 10/27/2003 8:43:36 PM | Attr = ]
    ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.14.10.3701 | Size = 98938 bytes | Modified Date = 10/27/2003 8:43:28 PM | Attr = ]
    ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 [Kernel | On_Demand | Running] -> %System32%\drivers\wA301a.sys -> Intel Corporation [Ver = 4.14.10.3701 | Size = 33847 bytes | Modified Date = 10/27/2003 8:42:36 PM | Attr = ]
    ({E2B953A7-195A-44F9-9BA3-3D5F4E32BB55}) AIM 3.0 Part 01 Codec Driver CH-7009-B [Kernel | On_Demand | Running] -> %System32%\drivers\wA301b.sys -> Intel Corporation [Ver = 4.14.10.3701 | Size = 33847 bytes | Modified Date = 10/27/2003 8:42:36 PM | Attr = ]
     
  14. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 5:59:24 AM | Attr = ]
    ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 58984 bytes | Modified Date = 1/9/2007 5:32:02 PM | Attr = ]
    dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr = ]
    DSLAGENTEXE -> %System32%\dslagent.exe -> [Ver = | Size = 16384 bytes | Modified Date = 2/2/2001 9:54:40 AM | Attr = ]
    GSICONEXE -> GSICON.EXE -> File not found
    HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2311 | Size = 118784 bytes | Modified Date = 10/27/2003 6:56:38 PM | Attr = ]
    IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2311 | Size = 155648 bytes | Modified Date = 10/27/2003 7:09:38 PM | Attr = ]
    iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
    PRONoMgr.exe -> %ProgramFiles%\Intel\NCS\PROSet\PRONoMgr.exe -> Intel(R) Corporation [Ver = 6.1.302.0 | Size = 86016 bytes | Modified Date = 5/28/2003 5:32:40 PM | Attr = ]
    QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
    RegistryMonitor -> %SystemRoot%\officedrv.exe -> File not found
    snpstd -> %SystemRoot%\vsnpstd.exe -> [Ver = 1, 0, 1, 1 | Size = 286720 bytes | Modified Date = 6/10/2004 1:48:04 PM | Attr = ]
    SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON [Ver = 300.7.0.2 | Size = 878080 bytes | Modified Date = 9/5/2003 6:59:20 AM | Attr = ]
    SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 4865600 bytes | Modified Date = 3/1/2007 8:09:02 PM | Attr = ]
    SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240 bytes | Modified Date = 11/2/2004 5:59:52 PM | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
    Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 100056 bytes | Modified Date = 4/5/2007 1:27:52 PM | Attr = ]
    TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 1/30/2006 2:55:44 PM | Attr = ]
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    i8kfangui -> %ProgramFiles%\I8kfanGUI\I8kfanGUI.exe -> Christian Diefer [Ver = 2.2.0 | Size = 524288 bytes | Modified Date = 1/24/2004 10:26:46 PM | Attr = ]
    LowRateVoip -> %ProgramFiles%\LowRateVoip\LowRateVoip.exe -> File not found
    Octoshape Streaming Services -> %ProgramFiles%\Octoshape Streaming Services\Owner\OctoshapeClient.exe -> File not found
    Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 10/13/2006 5:20:08 PM | Attr = ]
    < User Startup > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup
    -> %UserStartup%\PowerReg Scheduler V3.exe -> Leader Technologies [Ver = 3,0,0,0 | Size = 225280 bytes | Modified Date = 10/6/2005 3:19:40 PM | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2311 | Size = 319488 bytes | Modified Date = 10/27/2003 6:55:48 PM | Attr = ]
    WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 233024 bytes | Modified Date = 3/1/2007 8:09:10 PM | Attr = ]
    < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Local Page -> C:\windows\system32\blank.htm ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Local Page -> C:\windows\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKCU: ProxyEnable -> 0 ->
    HKCU: ProxyOverride -> <local> ->
    < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    salesforce.com [https] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
    < Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:54 PM | Attr = R ]
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ]
    {8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 9/4/2002 12:44:26 AM | Attr = ]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
    < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:54 PM | Attr = R ]
    WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:54 PM | Attr = R ]
    WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ]
    WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
    E&xport to Microsoft Excel -> -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
    {4DB0F2A5-6AA4-4DFA-82C7-1EFA7044B461} -> (Intel(R) PRO/Wireless LAN 2100 3A Mini PCI Adapter) ->
    {816E05A6-7A4F-449B-AA75-947D975B1F19} -> () ->
    {D1E5163F-E071-4250-8C1C-8ACE1D0F451E} -> (1394 Net Adapter) ->
    {D204C0F6-5222-4672-9D68-660F29153C8D} -> (Intel(R) PRO/100 VE Network Connection) ->
    < Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
    shell -> shell protocol not assigned ->
    < Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
    shell -> shell protocol not assigned ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 9/4/2002 12:44:26 AM | Attr = ]
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
    {3334504D-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> CamImage Class - CodeBase = http://203.118.43.106/activex/AxisCamControl.cab ->
    {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -> Symantec Download Bridge - CodeBase = http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab ->
    {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
    DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
    Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


    [Files/Folders - Created Within 30 days]
    avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 4/27/2007 8:25:19 PM | Attr = ]
    SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 4/27/2007 6:02:26 PM | Attr = ]
    Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 4/5/2007 12:02:54 AM | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/5/2007 2:41:09 PM | Attr = ]
    winsmei.exe -> %SystemDrive%\winsmei.exe -> [Ver = | Size = 618 bytes | Created Date = 4/11/2007 4:46:56 PM | Attr = ]
    yt.htm -> %SystemDrive%\yt.htm -> [Ver = | Size = 92032 bytes | Created Date = 4/5/2007 12:02:53 AM | Attr = ]
    dadzu.exe -> %SystemRoot%\dadzu.exe -> [Ver = 5.1.2600.2180 | Size = 54784 bytes | Created Date = 4/26/2007 11:22:11 PM | Attr = ]
    dapsolfeb.exe -> %SystemRoot%\dapsolfeb.exe -> Delsim Communications [Ver = 4, 2, 0, 9 | Size = 50688 bytes | Created Date = 4/26/2007 5:37:52 PM | Attr = ]
    gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12244 | Size = 573503 bytes | Created Date = 4/27/2007 8:34:03 PM | Attr = ]
    gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12244 | Size = 577536 bytes | Created Date = 4/27/2007 8:34:02 PM | Attr = ]
    gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 4/27/2007 8:34:03 PM | Attr = ]
    gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 4/27/2007 8:34:03 PM | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 4/27/2007 8:56:00 PM | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 4/27/2007 8:56:00 PM | Attr = H ]
    WRUninstall.dll -> %SystemRoot%\WRUninstall.dll -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 271936 bytes | Created Date = 4/27/2007 6:48:59 PM | Attr = ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/10/2007 7:25:13 AM | Attr = ]
    javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/10/2007 7:25:13 AM | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/10/2007 7:25:13 AM | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/10/2007 7:25:13 AM | Attr = ]
    pfxzmtaim.dll -> %System32%\pfxzmtaim.dll -> [Ver = | Size = 17 bytes | Created Date = 4/25/2007 10:53:55 PM | Attr = ]
    pfxzmtgtal.dll -> %System32%\pfxzmtgtal.dll -> [Ver = | Size = 17 bytes | Created Date = 4/25/2007 10:53:55 PM | Attr = ]
    pfxzmticq.dll -> %System32%\pfxzmticq.dll -> [Ver = | Size = 17 bytes | Created Date = 4/25/2007 10:53:55 PM | Attr = ]
    pfxzmtymsg.dll -> %System32%\pfxzmtymsg.dll -> [Ver = | Size = 17 bytes | Created Date = 4/25/2007 10:53:55 PM | Attr = ]
    qch29sr.dll -> %System32%\qch29sr.dll -> [Ver = | Size = 10000 bytes | Created Date = 4/5/2007 8:56:30 AM | Attr = ]
    rsvp322.dll -> %System32%\rsvp322.dll -> [Ver = | Size = 102400 bytes | Created Date = 4/26/2007 11:22:12 PM | Attr = ]
    sfxzmtforum.dll -> %System32%\sfxzmtforum.dll -> [Ver = | Size = 20 bytes | Created Date = 4/25/2007 10:53:55 PM | Attr = ]
    sfxzmtsmt.dll -> %System32%\sfxzmtsmt.dll -> [Ver = | Size = 20 bytes | Created Date = 4/25/2007 10:53:55 PM | Attr = ]
    sfxzmtwbmail.dll -> %System32%\sfxzmtwbmail.dll -> [Ver = | Size = 20 bytes | Created Date = 4/25/2007 10:53:55 PM | Attr = ]
    ssiefr.EXE -> %System32%\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 10240 bytes | Created Date = 4/27/2007 6:48:59 PM | Attr = ]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3222 bytes | Created Date = 4/5/2007 11:11:42 AM | Attr = ]
    WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 233024 bytes | Created Date = 4/27/2007 6:49:04 PM | Attr = ]
    wrlzma.dll -> %System32%\wrlzma.dll -> [Ver = | Size = 26688 bytes | Created Date = 4/27/2007 6:48:59 PM | Attr = ]
    gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3868 | Size = 69905 bytes | Created Date = 4/27/2007 8:34:03 PM | Attr = ]
    SSFS0509.sys -> %System32%\drivers\SSFS0509.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 20544 bytes | Created Date = 4/27/2007 6:49:05 PM | Attr = ]
    sshrmd.sys -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 22080 bytes | Created Date = 4/27/2007 6:49:05 PM | Attr = ]
    ssidrv.sys -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 144960 bytes | Created Date = 4/27/2007 6:49:05 PM | Attr = ]
    sskbfd.sys -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 21056 bytes | Created Date = 4/27/2007 6:49:05 PM | Attr = ]

    [Files/Folders - Modified Within 30 days]
    avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 4/27/2007 8:25:20 PM | Attr = ]
    Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4/5/2007 12:51:08 PM | Attr = ]
    fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 4/27/2007 1:09:10 PM | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/27/2007 8:25:14 PM | Attr = R ]
    SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 4/27/2007 6:11:02 PM | Attr = ]
    Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/5/2007 12:02:58 AM | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/5/2007 2:41:10 PM | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/27/2007 8:56:02 PM | Attr = ]
    winsmei.exe -> %SystemDrive%\winsmei.exe -> [Ver = | Size = 618 bytes | Modified Date = 4/11/2007 4:46:58 PM | Attr = ]
    yt.htm -> %SystemDrive%\yt.htm -> [Ver = | Size = 92032 bytes | Modified Date = 4/5/2007 12:14:16 AM | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/27/2007 8:25:10 PM | Attr = S]
    cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 892 bytes | Modified Date = 4/23/2007 10:46:36 AM | Attr = ]
    dadzu.exe -> %SystemRoot%\dadzu.exe -> [Ver = 5.1.2600.2180 | Size = 54784 bytes | Modified Date = 4/26/2007 11:22:14 PM | Attr = ]
    dapsolfeb.exe -> %SystemRoot%\dapsolfeb.exe -> Delsim Communications [Ver = 4, 2, 0, 9 | Size = 50688 bytes | Modified Date = 4/26/2007 11:22:08 PM | Attr = ]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/27/2007 8:25:20 PM | Attr = ]
    Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 4/3/2007 2:53:04 PM | Attr = ]
    gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12244 | Size = 573503 bytes | Modified Date = 4/27/2007 8:34:04 PM | Attr = ]
    gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12244 | Size = 577536 bytes | Modified Date = 4/12/2007 5:04:36 PM | Attr = ]
    gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 4/27/2007 8:34:04 PM | Attr = ]
    gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 4/27/2007 8:34:04 PM | Attr = ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/10/2007 7:24:40 AM | Attr = HS]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/27/2007 8:43:46 PM | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 4/27/2007 8:56:02 PM | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/27/2007 8:56:02 PM | Attr = H ]
    system32 -> %System32% -> [Folder | Modified Date = 4/27/2007 8:24:52 PM | Attr = ]
    Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/5/2007 12:51:08 PM | Attr = S]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/27/2007 8:30:42 PM | Attr = ]
    win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 756 bytes | Modified Date = 4/27/2007 6:49:06 PM | Attr = ]
    wpd99.drv -> %SystemRoot%\wpd99.drv -> [Ver = | Size = 49 bytes | Modified Date = 4/26/2007 9:54:36 AM | Attr = ]
    AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 4/26/2007 2:50:02 PM | Attr = ]
    Norton AntiVirus - Scan my computer - Owner.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Owner.job -> [Ver = | Size = 530 bytes | Modified Date = 4/27/2007 8:08:12 PM | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/27/2007 8:25:18 PM | Attr = H ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/27/2007 8:47:20 PM | Attr = ]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 4/27/2007 8:34:04 PM | Attr = ]
    pfxzmtaim.dll -> %System32%\pfxzmtaim.dll -> [Ver = | Size = 17 bytes | Modified Date = 4/25/2007 10:53:56 PM | Attr = ]
    pfxzmtgtal.dll -> %System32%\pfxzmtgtal.dll -> [Ver = | Size = 17 bytes | Modified Date = 4/25/2007 10:53:56 PM | Attr = ]
    pfxzmticq.dll -> %System32%\pfxzmticq.dll -> [Ver = | Size = 17 bytes | Modified Date = 4/25/2007 10:53:56 PM | Attr = ]
    pfxzmtymsg.dll -> %System32%\pfxzmtymsg.dll -> [Ver = | Size = 17 bytes | Modified Date = 4/25/2007 10:53:56 PM | Attr = ]
    qch29sr.dll -> %System32%\qch29sr.dll -> [Ver = | Size = 10000 bytes | Modified Date = 4/5/2007 8:56:32 AM | Attr = ]
    rsvp322.dll -> %System32%\rsvp322.dll -> [Ver = | Size = 102400 bytes | Modified Date = 4/26/2007 11:22:14 PM | Attr = ]
    sfxzmtforum.dll -> %System32%\sfxzmtforum.dll -> [Ver = | Size = 20 bytes | Modified Date = 4/25/2007 10:53:56 PM | Attr = ]
    sfxzmtsmt.dll -> %System32%\sfxzmtsmt.dll -> [Ver = | Size = 20 bytes | Modified Date = 4/25/2007 10:53:56 PM | Attr = ]
    sfxzmtwbmail.dll -> %System32%\sfxzmtwbmail.dll -> [Ver = | Size = 20 bytes | Modified Date = 4/25/2007 10:53:56 PM | Attr = ]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3222 bytes | Modified Date = 4/27/2007 1:42:06 PM | Attr = ]
    etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/27/2007 6:08:02 PM | Attr = ]
    gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3868 | Size = 69905 bytes | Modified Date = 4/27/2007 8:34:04 PM | Attr = ]
    hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 986 bytes | Modified Date = 4/5/2007 2:27:04 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    aspack , -> %SystemRoot%\dadzu.exe -> [Ver = 5.1.2600.2180 | Size = 54784 bytes | Modified Date = 4/26/2007 11:22:14 PM | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 9/4/2002 12:30:40 AM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.2 | Size = 573952 bytes | Modified Date = 1/7/2006 1:06:34 AM | Attr = ]
    Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
    Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
    Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\qch29sr.dll -> [Ver = | Size = 10000 bytes | Modified Date = 4/5/2007 8:56:32 AM | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 9/4/2002 1:10:48 AM | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 9/4/2002 12:24:16 AM | Attr = ]

    < End of report >
     
  15. chrisley

    chrisley Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    94
    Everything seems back to normal. Do you see anything to correct? Thank you very much for your very fast and effective help.

    Here is an HJT log.


    Logfile of HijackThis v1.99.1
    Scan saved at 8:47:03 AM, on 4/28/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSLAGENT.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\I8kfanGUI\I8kfanGUI.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\My Documents\Personal Stuff\Drivers\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 166.166.3.3:80
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RegistryMonitor] C:\WINDOWS\officedrv.exe
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [i8kfangui] "C:\Program Files\I8kfanGUI\I8kfanGUI.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
    O4 - Startup: PowerReg Scheduler V3.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://203.118.43.106/activex/AxisCamControl.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/567122

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice