corrupted cmd.exe & rundll32.exe ?

kwah · #1 (**permalink**) 04-05-2008, 11:50 PM

err, well, i have a myriad of problems with my computer atm and im not entirely sure where to begin

i spose the first symptom of something being wrong was possibly a month ago where a cmd box would flash up showing "program too big to fit in memory" (then disappearing immediately, too quickly to have read the error without repeating it over and over) seemingly randomly during a program's normal running..

at first it didnt affect usage significantly - it was just an occasional annoyance

more recently though, the volume shadow copy service stopped working, showing the regular appcrash 'check online for a solution'/'close' dialog boxes which would recur until reboot (would then start ~5mins after bootup) regardless of whatever actions i took to remove the error message ..
clicking 'check for a solution' / 'close' / the red 'X' / shutting down the process in the applications tab of task manager / ending the werfault.exe & wermgr.exe processes in the processes tab of taskmanager

ive resorted to just leaving the error minimised in my taskbar where it wont keep recurring and being annoying

it isnt just limited to the volume shadow copy service though - the error i currently have open is for the microsoft windows search protocol host having stopped working

this problem is easy to just ignore, but numerous rundll32 errors show regularly, 'bad image' errors which refer to numerous different files (a notable amount relating to msnmgr.exe which an advanced uninstall with an uptodate revo uninstaller, reboot then reinstall did not fix)

quite early on (upto 6months ago), acer orbicam stopped working but the camera remained visible by msn messenger but ~1-2months ago the camera stopped working altogether and in the last few weeks the built-in microphone and speakers stopped being recognised by msn at all (audio output has remained otherwise perfect)

it is only today when i reinstalled the Realtek HD Audio Manager that the built in microphone begun to feed sound to the speakers when i blew into it (same with a mic with a line in)
a fresh install (i dont know how fresh it was - it remembered my username/password and auto-login status) of msn messenger did not let it re-recognise any audio input

windows media player (~2 weeks ago) begun to crash after ~30 seconds of being open

when accessing certain folders in the open/save dialog, explorer.exe would crash and would need restarting (withOUT reboot) though i do not remember any specifics about this, there was nothing noteable as far as i knew about the folders

whenever i right click on an explorer window / open save dialog for the first time, a rundll32 dos window would popup then disappear indicating an illegal operation error...
when i repeated this just in the iexplore saveas dialog, i noticed for the first time, an ntvdm.exe (i think) dos window showing first, and the illegal operation referenced it...
there was one time when comodo caught the attempt to run rundll32 with no information what program invoked it, i blocked it and the error did not occur.. this has not been repeated since

i havent comprehensively tested it, but i cannot access anything in the control panel past the directory listing due to cmd oppoing up and telling me "program too big to fit in memory" and nothing appears to load past this..

i cannot run cmd.exe for this same reason nor can i pass instructions to it via the run dialog

ive strongly considered a clean install, but i simply dont have enough external storage to backup my data to make it feasible.. on my internal hdd, i have ~15gb free spread accross 5 partitions + unknown amount in my dual boot (MEPIS) linux partition since im running windows at the moment

this is after ive spent all of today uninstalling ~50 programs and researching various fixes, but somewhere along the line my default font or something has cause 90% of the text on my screen to become italics ..

other than this, there's likely to be a huge number of other symptoms that ive missed out of this message but i think that the error is centralised around the fact that i cannot access cmd.exe

an online kaspersky scan is running in another IE window as i type (current duration: +1hour, scan progress: 29%), a pre-kaspersky HJT log will be posted shortly, as will further details about my computer setup

thanks

kwah · #2 (**permalink**) 04-05-2008, 11:59 PM

argh! sorry.. i feel like i should apologise for not being so concise in my original message ... i didnt realise it would be so long ...

Acer Inspire 5610Z (5612ZWLMi)
Pre-installed 32-bit Vista home premium
Intel Pentium dual-core
160GB HDD
2GB DDR2

Fully updated Spybot SD with regular auto-updates and nightly full-scan (usually a few tracking cookies / program histories - clean imo)
ESET Smart Security with regular auto-updates and nightly full-scan (always clean)
Recently had a clean result from adaware but it really irritates me so it was uninstalled immediately afterwards

semi-regular scan using CCleaner & its registry scanner
bitdefender has been installed the last few weeks but i uninstalled it today

is there anything that is needed to know that ive missed?

thanks

kwah · #3 (**permalink**) 05-05-2008, 12:24 AM

just glancing through, the only things that jump out at me as unrecognised are:

C:\Users\roger\AppData\Local\Temp\RtkBtMnt.exe
[i tried in the past to find out what exactly this is but to no avail]

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (disabled by BHODemon)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

and i didnt know this was leftover.. will most likely clean this but ill wait for feedback first ..
http://www.help2go.com/Tutorials/Win...T.exe)%3F.html

=====

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:37, on 05/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\roger\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\boinctray.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\HoeKey\HoeKey.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Users\roger\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\roger\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8118;https=localhost:8118;socks=loc alhost:9050
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SimpleFindBar - {1758A162-79FF-4C60-96B6-24EFAFE98E3F} - C:\Program Files\SimpleFindBar\SimpleFindBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled by BHODemon)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (disabled by BHODemon)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKCU\..\Run: [task manager] C:\Windows\System32\taskmgr.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\roger\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: HoeKey.lnk = C:\Program Files\HoeKey\HoeKey.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: BOINC System Tray.lnk = C:\Windows\boinctray.exe
O4 - Global Startup: Empowering Technology Launcher.lnk.disabled
O4 - Global Startup: Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor...n/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C5C5502-0A2D-4F29-B143-8D5A84A3B4BF}: NameServer = 62.31.144.39,62.31.112.39
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs:
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BOINC - Space Sciences Laboratory - C:\Program Files\BOINC\boinc.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files\Vidalia Bundle\Tor\tor.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12511 bytes

kwah · #4 (**permalink**) 05-05-2008, 12:46 AM

Quote:

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

Apologies for the quadruple post but i noticed the above quote after going through the startup list generated by HJT ..

======

StartupList report, 05/05/2008, 00:31:43
StartupList version: 1.52.2
Started from : C:\Users\roger\Downloads\HiJackThis.EXE
Detected: Windows Vista (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16643)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\roger\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\boinctray.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\HoeKey\HoeKey.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Users\roger\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Users\roger\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\5U2MMX8S\HiJackThis[1].exe
C:\Users\roger\Downloads\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\BOINC\projects\lhcathome.cern.ch_lhcathome\s ixtrack_4.67_windows_intelx86.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\roger\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup]
HoeKey.lnk = C:\Program Files\HoeKey\HoeKey.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
BOINC System Tray.lnk = C:\Windows\boinctray.exe
Empowering Technology Launcher.lnk.disabled
Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

RtHDVCpl = RtHDVCpl.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
IgfxTray = C:\Windows\system32\igfxtray.exe
HotKeysCmds = C:\Windows\system32\hkcmd.exe
Persistence = C:\Windows\system32\igfxpers.exe
egui = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
SpybotSnD = "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
LogMeIn GUI = "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
NotebookHardwareControl = "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

task manager = C:\Windows\System32\taskmgr.exe
Vidalia = "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
googletalk = C:\Users\roger\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MsnMsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=boinc.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
SimpleFindBar - C:\Program Files\SimpleFindBar\SimpleFindBar.dll - {1758A162-79FF-4C60-96B6-24EFAFE98E3F}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled by BHODemon) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - (no file) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - __BHODemonDisabled (file missing) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - C:\Program Files\Free Download Manager\iefdm2.dll - {CC59E0F9-7E43-44FA-9FAA-8377850BF205}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Check Updates for Windows Live Toolbar.job
PC Pitstop Disk MD - Daily X.job
PC Pitstop Disk MD - Weekly M.job
PC Pitstop Disk MD - Weekly Z.job
Spybot - Search & Destroy - Scheduled Task.job
User_Feed_Synchronization-{9EB45C27-E280-4864-BDA0-0C5E8945B252}.job

--------------------------------------------------

Enumerating Download Program Files:

[PCPitstop Utility]
InProcServer32 = C:\Windows\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[CKAVWebScan Object]
InProcServer32 = C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english...an_unicode.cab

[Musicnotes Viewer]
InProcServer32 = C:\Windows\Downloaded Program Files\mnviewer.dll
CODEBASE = http://www.musicnotes.com/download/mnviewer.cab

[PSFormX Control]
InProcServer32 = C:\Windows\DOWNLO~1\PESTSC~1.OCX
CODEBASE = http://www.ca.com/us/securityadvisor...n/pestscan.cab

[WScanCtl Class]
InProcServer32 = C:\Windows\Downloaded Program Files\webscan.dll
CODEBASE = http://www.ca.com/us/securityadvisor...fo/webscan.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE = http://java.sun.com/products/plugin/...ndows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab

[a-squared Scanner]
InProcServer32 = C:\Windows\DOWNLO~1\asquared.ocx
CODEBASE = http://ax.emsisoft.com/asquared.cab

[Java Plug-in 1.4.2_17]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/products/plugin/...ndows-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE = http://java.sun.com/products/plugin/...ndows-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab

[Minesweeper Flags Class]
InProcServer32 = C:\Windows\Downloaded Program Files\MineSweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary...r.cab56986.cab

[PCPitstop Exam]
InProcServer32 = C:\Windows\Downloaded Program Files\pcpitstop2.dll
CODEBASE = http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\System32\mswsock.dll
NameSpace #3: C:\Windows\System32\winrnr.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Windows\system32\wshbth.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll
Protocol #11: C:\Windows\system32\mswsock.dll
Protocol #12: C:\Windows\system32\mswsock.dll
Protocol #13: C:\Windows\system32\mswsock.dll
Protocol #14: C:\Windows\system32\mswsock.dll
Protocol #15: C:\Windows\system32\mswsock.dll
Protocol #16: C:\Windows\system32\mswsock.dll
Protocol #17: C:\Windows\system32\mswsock.dll
Protocol #18: C:\Windows\system32\mswsock.dll
Protocol #19: C:\Windows\system32\mswsock.dll
Protocol #20: C:\Windows\system32\mswsock.dll
Protocol #21: C:\Windows\system32\mswsock.dll
Protocol #22: C:\Windows\system32\mswsock.dll
Protocol #23: C:\Windows\system32\mswsock.dll
Protocol #24: C:\Windows\system32\mswsock.dll
Protocol #25: C:\Windows\system32\mswsock.dll
Protocol #26: C:\Windows\system32\mswsock.dll
Protocol #27: C:\Windows\system32\mswsock.dll
Protocol #28: C:\Windows\system32\mswsock.dll
Protocol #29: C:\Windows\system32\mswsock.dll
Protocol #30: C:\Windows\system32\mswsock.dll
Protocol #31: C:\Windows\system32\mswsock.dll
Protocol #32: C:\Windows\system32\mswsock.dll
Protocol #33: C:\Windows\system32\mswsock.dll
Protocol #34: C:\Windows\system32\mswsock.dll
Protocol #35: C:\Windows\system32\mswsock.dll
Protocol #36: C:\Windows\system32\mswsock.dll
Protocol #37: C:\Windows\system32\mswsock.dll
Protocol #38: C:\Windows\system32\mswsock.dll
Protocol #39: C:\Windows\system32\mswsock.dll
Protocol #40: C:\Windows\system32\mswsock.dll
Protocol #41: C:\Windows\system32\mswsock.dll
Protocol #42: C:\Windows\system32\mswsock.dll
Protocol #43: C:\Windows\system32\mswsock.dll
Protocol #44: C:\Windows\system32\mswsock.dll
Protocol #45: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\drivers\acpi.sys (system)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (disabled)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (disabled)
adpu160m: \SystemRoot\system32\drivers\adpu160m.sys (disabled)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (disabled)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Ancilliary Function Driver for Winsock: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
aic78xx: \SystemRoot\system32\drivers\djsvs.sys (disabled)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\drivers\amdagp.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (disabled)
AMD K7 Processor Driver: \SystemRoot\system32\drivers\amdk7.sys (disabled)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (disabled)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\drivers\arc.sys (disabled)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (disabled)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\drivers\atapi.sys (system)
Atheros Extensible Wireless LAN device driver: system32\DRIVERS\athr.sys (manual start)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Broadcom 440x 10/100 Integrated Controller XP Driver: system32\DRIVERS\bcm4sbxp.sys (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
blbdrive: \SystemRoot\system32\drivers\blbdrive.sys (disabled)
BlueSoleilCS: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (autostart)
BOINC: "C:\Program Files\BOINC\boinc.exe" -daemon (autostart)
Bowser: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\brfiltlo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\brfiltup.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\system32\drivers\brserid.sys (disabled)
Brother WDM Serial driver: \SystemRoot\system32\drivers\brserwdm.sys (disabled)
Brother MFC USB Fax Only Modem: \SystemRoot\system32\drivers\brusbmdm.sys (disabled)
Brother MFC USB Serial WDM Driver: \SystemRoot\system32\drivers\brusbser.sys (manual start)
BsHelpCS: C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (manual start)
Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start)
Bluetooth Request Block Driver: system32\DRIVERS\BthEnum.sys (manual start)
Bluetooth HID Enumerator: System32\Drivers\vbtenum.sys (system)
Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system)
Bluetooth Modem Communications Driver: system32\DRIVERS\bthmodem.sys (manual start)
Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth Port Driver: System32\Drivers\BTHport.sys (manual start)
@%SystemRoot%\System32\bthserv.dll,-101: %SystemRoot%\system32\svchost.exe -k bthsvcs (disabled)
Bluetooth Radio USB Driver: System32\Drivers\BTHUSB.sys (manual start)
Bluetooth Audio Device Service: system32\drivers\btwaudio.sys (manual start)
Bluetooth AVDT: system32\drivers\btwavdt.sys (manual start)
btwrchid: system32\DRIVERS\btwrchid.sys (manual start)
catchme: \??\C:\Users\roger\AppData\Local\Temp\catchme.sys (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (disabled)
Common Log (CLFS): System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\ms corsvw.exe (manual start)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (disabled)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: system32\drivers\crcdisk.sys (system)
Transmeta Crusoe Processor Driver: \SystemRoot\system32\drivers\crusoe.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
Dfs Client Driver: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Disk Driver: system32\drivers\disk.sys (system)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
Intel(R) PRO/1000 NDIS 6 Adapter Driver: system32\DRIVERS\E1G60I32.sys (manual start)
EAMON: system32\DRIVERS\eamon.sys (autostart)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
easdrv: system32\DRIVERS\easdrv.sys (system)
ReadyBoost Caching Driver: System32\drivers\ecache.sys (system)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
@%SystemRoot%\ehome\ehstart.dll,-101: %windir%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
Eset HTTP Server: "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" (manual start)
Eset Service: "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" (autostart)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (disabled)
@%SystemRoot%\system32\emdmgmt.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
EMSCR: system32\DRIVERS\EMS7SK.sys (manual start)
eNet Service: C:\Acer\Empowering Technology\eNet\eNet Service.exe (autostart)
epfw: system32\DRIVERS\epfw.sys (autostart)
Eset Personal Firewall: system32\DRIVERS\Epfwndis.sys (manual start)
epfwtdi: system32\DRIVERS\epfwtdi.sys (system)
ESDCR: system32\DRIVERS\ESD7SK.sys (manual start)
eSettings Service: C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (autostart)
ESMCR: system32\DRIVERS\ESM7SK.sys (manual start)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (disabled)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
File Information FS MiniFilter: system32\drivers\fileinfo.sys (system)
FileTrace: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (disabled)
FltMgr: system32\drivers\fltmgr.sys (system)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\Pres entationFontCache.exe (manual start)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
SEMC USB Flash Driver: system32\DRIVERS\ggsemc.sys (manual start)
giveio: system32\giveio.sys (system)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft 1.1 UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Microsoft Bluetooth HID Miniport: system32\DRIVERS\hidbth.sys (manual start)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (disabled)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HpCISSs: \SystemRoot\system32\drivers\hpcisss.sys (disabled)
HSFHWAZL: system32\DRIVERS\VSTAZL3.SYS (manual start)
HSF_DPV: system32\DRIVERS\HSX_DPV.sys (manual start)
HSXHWAZL: system32\DRIVERS\HSXHWAZL.sys (manual start)
HTTP: system32\drivers\HTTP.sys (manual start)
i2omp: \SystemRoot\system32\drivers\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\igdkmd32.sys (manual start)
Intel RAID Controller Vista: \SystemRoot\system32\drivers\iastorv.sys (disabled)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (manual start)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework\v3.0\Win dows Communication Foundation\infocard.exe" (manual start)
igfx: system32\DRIVERS\igdkmd32.sys (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (disabled)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
int15: \??\C:\Windows\system32\drivers\int15.sys (autostart)
Service for Realtek HD Audio (WDM): system32\drivers\RTKVHDA.sys (manual start)
intelide: system32\drivers\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IPMIDRV: \SystemRoot\system32\drivers\ipmidrv.sys (disabled)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IR Bus Enumerator: system32\drivers\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: \SystemRoot\system32\drivers\isapnp.sys (disabled)
iScsiPort Driver: system32\DRIVERS\msiscsi.sys (manual start)
ISO DVD/CD-ROM Device Driver: \??\C:\Program Files\UltraISO\drivers\ISODrive.sys (system)
ITEATAPI_Service_Install: \SystemRoot\system32\drivers\iteatapi.sys (disabled)
ITERAID_Service_Install: \SystemRoot\system32\drivers\iteraid.sys (disabled)
Sony Ericsson K510 Driver driver (WDM): system32\DRIVERS\k510bus.sys (manual start)
Sony Ericsson K510 USB WMC Modem Filter: system32\DRIVERS\k510mdfl.sys (manual start)
Sony Ericsson K510 USB WMC Modem Driver: system32\DRIVERS\k510mdm.sys (manual start)
Sony Ericsson K510 USB WMC Device Management Drivers (WDM): system32\DRIVERS\k510mgmt.sys (manual start)
Sony Ericsson K510 USB WMC OBEX Interface: system32\DRIVERS\k510obex.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
KSecDD: System32\Drivers\ksecdd.sys (system)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LogMeIn Kernel Information Provider: \??\C:\Program Files\LogMeIn\x86\RaInfo.sys (autostart)
LogMeIn Maintenance Service: "C:\Program Files\LogMeIn\x86\RaMaint.exe" (autostart)
lmimirr: system32\DRIVERS\lmimirr.sys (manual start)
LogMeIn Remote File System Driver: \??\C:\Windows\system32\drivers\LMIRfsDriver.sys (autostart)
LogMeIn: "C:\Program Files\LogMeIn\x86\LogMeIn.exe" (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (disabled)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (disabled)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (disabled)
UAC File Virtualization: \SystemRoot\system32\drivers\luafv.sys (autostart)
Logitech Machine Vision Engine Loader: system32\DRIVERS\LVMVDrv.sys (manual start)
Windows Media Center Extender Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
megasas: \SystemRoot\system32\drivers\megasas.sys (disabled)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
MobilityService: C:\Acer\Mobility Center\MobilityService.exe -p (autostart)
Modem: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
Mount Point Manager: System32\drivers\mountmgr.sys (system)
Microsoft Multi-Path Bus Driver: \SystemRoot\system32\drivers\mpio.sys (disabled)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@mqutil.dll,-6101: system32\drivers\mqac.sys (manual start)
Mraid35x: \SystemRoot\system32\drivers\mraid35x.sys (disabled)
WebDav Client Redirector Driver: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
SMB MiniRedirector Wrapper and Engine: system32\DRIVERS\mrxsmb.sys (manual start)
SMB 1.x MiniRedirector: system32\DRIVERS\mrxsmb10.sys (manual start)
SMB 2.0 MiniRedirector: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (disabled)
MSCSPTISRV: "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" (manual start)
Microsoft Multi-Path Device Specific Module: \SystemRoot\system32\drivers\msdsm.sys (disabled)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
ISA/EISA Class Driver: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
@mqutil.dll,-6102: %systemroot%\system32\mqsvc.exe (autostart)
@mqutil.dll,-6203: %Systemroot%\system32\mqtgsvc.exe (autostart)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Mup: System32\Drivers\mup.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
NDIS System Driver: system32\drivers\ndis.sys (system)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
neokdss: system32\Drivers\neokdss.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NETBT: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\netprof.dll,-246: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201: "%systemroot%\Microsoft.NET\Framework\v3.0\Win dows Communication Foundation\SMSvcHost.exe" (manual start)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (disabled)
Notebook Hardware Control Driver: \??\C:\Windows\system32\drivers\nhcDriver.sys (manual start)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
NSI proxy service: system32\drivers\nsiproxy.sys (system)
Upper Class Filter Driver: system32\DRIVERS\NTIDrvr.sys (manual start)
@%SystemRoot%\system32\ntmssvc.dll,-2: %SystemRoot%\system32\svchost.exe -k rsmsvcs (manual start)
N-trig HID Tablet Driver: \SystemRoot\system32\drivers\ntrigdigi.sys (disabled)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (disabled)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (disabled)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
o1394bul: \??\C:\Users\roger\AppData\Local\Temp\o1394bul.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
NEC FireWarden OHCI Compliant IEEE 1394 Host Controller: \SystemRoot\system32\drivers\ohci1394.sys (disabled)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (disabled)
Partition Manager: System32\drivers\partmgr.sys (system)
Parvdm: \SystemRoot\system32\drivers\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: \SystemRoot\system32\drivers\pciide.sys (disabled)
pcmcia: system32\DRIVERS\pcmcia.sys (system)
PDAgent: "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" (autostart)
PDEngine: "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe" (manual start)
PDExchange: "C:\Program Files\Raxco\PerfectDisk\PDExchange.exe" (manual start)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\p2psvc.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (disabled)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
QLogic Fibre Channel Miniport Driver: \SystemRoot\system32\drivers\ql2300.sys (disabled)
QLogic iSCSI Miniport Driver: \SystemRoot\system32\drivers\ql40xx.sys (disabled)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Driver for RADPMS Device: system32\DRIVERS\radpms.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Redirected Buffering Sub Sysytem: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: \SystemRoot\system32\drivers\rdpdr.sys (disabled)
RDP Encoder Mirror Driver: system32\drivers\rdpencdd.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
Bluetooth Device (RFCOMM Protocol TDI): system32\DRIVERS\rfcomm.sys (manual start)
RMCAST (Pgm) Protocol Driver: system32\DRIVERS\RMCAST.sys (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
Sony Ericsson Device 116 driver (WDM): system32\DRIVERS\s116bus.sys (manual start)
Sony Ericsson Device 116 USB WMC Modem Filter: system32\DRIVERS\s116mdfl.sys (manual start)
Sony Ericsson Device 116 USB WMC Modem Driver: system32\DRIVERS\s116mdm.sys (manual start)
Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM): system32\DRIVERS\s116mgmt.sys (manual start)
Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS): system32\DRIVERS\s116nd5.sys (manual start)
Sony Ericsson Device 116 USB WMC OBEX Interface: system32\DRIVERS\s116obex.sys (manual start)
Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM): system32\DRIVERS\s116unic.sys (manual start)
Sony Ericsson Device 125 driver (WDM): system32\DRIVERS\s125bus.sys (manual start)
Sony Ericsson Device 125 USB WMC Modem Filter: system32\DRIVERS\s125mdfl.sys (manual start)
Sony Ericsson Device 125 USB WMC Modem Driver: system32\DRIVERS\s125mdm.sys (manual start)
Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM): system32\DRIVERS\s125mgmt.sys (manual start)
Sony Ericsson Device 125 USB WMC OBEX Interface: system32\DRIVERS\s125obex.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: \SystemRoot\system32\drivers\sbp2port.sys (disabled)
SBSD Security Center Service: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (autostart)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial Port Driver: \SystemRoot\system32\drivers\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (disabled)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (disabled)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (disabled)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\simptcp.dll,-200: %SystemRoot%\System32\tcpsvcs.exe (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\drivers\sisagp.sys (manual start)
SiSRaid2: \SystemRoot\system32\drivers\sisraid2.sys (disabled)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (disabled)
SiwvidStart: \??\C:\Users\roger\AppData\Local\Temp\_ISTMP1.DIR\ _ISTMP0.DIR\siwvid.sys (manual start)
@%SystemRoot%\system32\SLsvc.exe,-101: %SystemRoot%\system32\SLsvc.exe (autostart)
@%SystemRoot%\system32\SLUINotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (system)
@%SystemRoot%\system32\snmp.exe,-3: %SystemRoot%\System32\snmp.exe (autostart)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
SonicStage Back-End Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe" (manual start)
speedfan: system32\speedfan.sys (system)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)
srv: System32\DRIVERS\srv.sys (manual start)
srv2: System32\DRIVERS\srv2.sys (manual start)
srvnet: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SonicStage SCSI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Symc8xx: \SystemRoot\system32\drivers\symc8xx.sys (disabled)
Sym_hi: \SystemRoot\system32\drivers\sym_hi.sys (disabled)
Sym_u3: \SystemRoot\system32\drivers\sym_u3.sys (disabled)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
TAP VPN Adapter: system32\DRIVERS\tapvpn.sys (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\System32\shsvcs.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
tmcomm: \??\C:\Windows\system32\drivers\tmcomm.sys (autostart)
TMPassthruMP: system32\DRIVERS\TMPassthru.sys (manual start)
Tor Win32 Service: "C:\Program Files\Vidalia Bundle\Tor\tor.exe" --nt-service -f "C:\Users\roger\AppData\Roaming\Vidalia\torrc" ControlPort 9051 (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
Terminal Services Security Filter Driver: System32\DRIVERS\tssecsrv.sys (manual start)
Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)
Microsoft IPv6 Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
Interactive Services Detection: %SystemRoot%\system32\UI0Detect.exe (autostart)
Conexant Setup API: system32\DRIVERS\UIUSYS.SYS (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
uliahci: \SystemRoot\system32\drivers\uliahci.sys (disabled)
UlSata: \SystemRoot\system32\drivers\ulsata.sys (disabled)
ulsata2: \SystemRoot\system32\drivers\ulsata2.sys (disabled)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (disabled)
Fingerprint Reader Class Driver: system32\DRIVERS\usbdpfp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (disabled)
Microsoft USB PRINTER Class: \SystemRoot\system32\drivers\usbprint.sys (disabled)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Virtual CD-ROM Device Driver: \??\C:\Windows\System32\drivers\VCdRom.sys (system)
Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start)
Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\drivers\viaagp.sys (manual start)
VIA C7 Processor Driver: \SystemRoot\system32\drivers\viac7.sys (disabled)
viaide: \SystemRoot\system32\drivers\viaide.sys (disabled)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
Dynamic Volume Manager: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (disabled)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (disabled)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Remote Access IPv6 ARP Driver: system32\DRIVERS\wanarp.sys (system)
@%windir%\system32\inetsrv\iisres.dll,-30001: %windir%\system32\svchost.exe -k iissvcs (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Microsoft Watchdog Timer Driver: \SystemRoot\system32\drivers\wd.sys (disabled)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
Diagnostic Service Host: %SystemRoot%\System32\svchost.exe -k wdisvc (autostart)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (autostart)
winachsf: system32\DRIVERS\HSX_CNXT.sys (manual start)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
WinHTTP Web Proxy Auto-Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
VNC Server Version 4: "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (autostart)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Windows Live Setup Service: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (manual start)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
ePower Service: C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (autostart)
Windows Media Player Network Sharing Service: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" (disabled)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Winsock IFS driver: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
XAudio: system32\DRIVERS\xaudio.sys (autostart)
XAudioService: %SystemRoot%\system32\DRIVERS\xaudio.exe (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = PDBoot.exe

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Users\roger\AppData\Local\MICROS~1\Windows\TEMP OR~1\Content.IE5\index.dat||C:\Users\roger\AppData \Local\MICROS~1\Windows\TEMPOR~1\Low\Content.IE5\i ndex.dat||C:\Users\roger\AppData\Roaming\MICROS~1\ Windows\Cookies\index.dat||C:\Users\roger\AppData\ Roaming\MICROS~1\Windows\Cookies\Low\index.dat||C: \Users\roger\AppData\Local\MICROS~1\Windows\Histor y\History.IE5\index.dat||C:\Users\roger\AppData\Lo cal\MICROS~1\Windows\History\Low\History.IE5\index .dat

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 59,135 bytes
Report generated in 1.326 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Neal · #5 (**permalink**) 07-05-2008, 12:44 AM

That is pretty much a mess, I would seriously consider a reformat and re-install.

What happened to the kaspersky san you were doing?

But if you want you can do this next scan and I will take a look at it and see what if anything can be done.

Please download Deckard's System Scanner (DSS) to your desktop.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Quote:

What DSS will do:

Create a new System Restore point in Windows XP and Vista.
Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.

Post Logs:

DSS Scan Results: contents of 1) Main.txt and 2) Extra.txt

kwah · #6 (**permalink**) 13-05-2008, 01:11 PM

yeah.. ive visited the option of reformatting several times but there's always been something in the way ..

first couple of times, not having any install disk prevented me from doing anything, and nowhere I searched shown me a way to get any (legal) versions of the Home Premium disk - the copy I have install atm is legal but came pre-installed.

then I found out that i could install from the install disk but ive not explored that option much further than downloading what looks to be an upgrade disk from http://support.acer-europe.com/
the reason ive not explored that option any further is the fact that my hdd is almost full and i dont have enough extrernal storage / room on the second (linux) partition to backup important files ..

anyways...

im not at home at the moment so i cant run the scanner but ill do that later..
and i completely forgot to post the kaspersky scan logs (sorry) .. i know it found quite a few files it wasnt happy with but i never deleted any files because i already knew they were ... 'computer un-friendly' ...

ill redo all the scan and run deckard later tonight..
thanks

Kwah

kwah · #7 (**permalink**) 13-05-2008, 09:55 PM

Deckard's System Scanner v20071014.68
Run by {username edited-out} on 2008-05-13 21:53:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.65 GiB (less than 15%) free.

-- HijackThis (run as {username edited-out}.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:12, on 13/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\{username edited-out}\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\boinctray.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\HoeKey\HoeKey.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\{username edited-out}\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Raxco\PerfectDisk\PerfectDisk.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\BOINC\projects\www.primegrid.com\primegrid_l lr_wrapper_5.08_windows_intelx86.exe
C:\Program Files\BOINC\projects\lhcathome.cern.ch_lhcathome\s ixtrack_4.67_windows_intelx86.exe
C:\Program Files\BOINC\slots\0\primegrid_llr_5.08_windows_int elx86.exe
C:\Users\{username edited-out}\Downloads\Deckard System Scanner\dss.exe
C:\Users\{username edited-out}\DOWNLO~1\{username edited-out}.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8118;https=localhost:8118;socks=loc alhost:9050
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SimpleFindBar - {1758A162-79FF-4C60-96B6-24EFAFE98E3F} - C:\Program Files\SimpleFindBar\SimpleFindBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled by BHODemon)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (disabled by BHODemon)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [task manager] C:\Windows\System32\taskmgr.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\{username edited-out}\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: HoeKey.lnk = C:\Program Files\HoeKey\HoeKey.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: BOINC System Tray.lnk = C:\Windows\boinctray.exe
O4 - Global Startup: Empowering Technology Launcher.lnk.disabled
O4 - Global Startup: Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C5C5502-0A2D-4F29-B143-8D5A84A3B4BF}: NameServer = 62.31.144.39,62.31.112.39
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs:
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BOINC - Space Sciences Laboratory - C:\Program Files\BOINC\boinc.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files\Vidalia Bundle\Tor\tor.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12825 bytes

-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-11 00:27:33 0 d-------- C:\Program Files\TightVNC
2008-05-05 17:56:00 0 d-------- C:\Program Files\Sun
2008-05-04 21:50:54 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-04 20:12:42 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-04 16:13:56 0 d-------- C:\Program Files\Windows Live
2008-05-04 15:23:00 2343 --a------ C:\Windows\system32\time_stats_log
2008-05-04 15:22:53 0 d-------- C:\Program Files\BOINC
2008-05-04 09:24:44 180 --a------ C:\Program Files\2VA37D09.bat
2008-05-03 23:56:38 0 d-------- C:\Program Files\FreeCommander
2008-04-30 19:40:44 0 d-------- C:\Users\All Users\PCPitstop
2008-04-30 19:35:32 0 d-------- C:\Program Files\PCPitstop
2008-04-29 18:14:26 0 d-------- C:\Program Files\RealVNC
2008-04-28 01:49:11 0 d-------- C:\Program Files\Sibelius Software
2008-04-28 00:57:15 0 d-------- C:\Users\All Users\Musicnotes
2008-04-28 00:57:04 0 d-------- C:\Program Files\Musicnotes
2008-04-23 19:47:20 0 d-------- C:\Users\All Users\Tarma Installer
2008-04-23 19:12:46 0 d-------- C:\Program Files\Shell Menu View
2008-04-23 19:08:18 251664 --a------ C:\Windows\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-23 19:08:18 1039360 --a------ C:\Windows\system32\Msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-23 19:08:17 368912 --a------ C:\Windows\system32\Vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-23 19:08:17 24336 --a------ C:\Windows\system32\Msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-23 19:08:17 37136 --a------ C:\Windows\system32\Msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-23 19:08:17 0 d-------- C:\Program Files\Epsilon Squared
2008-04-23 17:59:02 0 d-------- C:\Program Files\COMODO
2008-04-22 22:38:49 0 d-------- C:\Program Files\BitDefender
2008-04-20 22:22:55 0 d-------- C:\Program Files\FileAdvisor
2008-04-15 06:57:18 0 d-------- C:\Documents <DOCUME~1>
2008-04-15 06:53:03 0 d-------- C:\Desktop
2008-04-14 01:21:49 0 d-------- C:\Program Files\Portrait Professional 6
2008-04-13 23:31:09 0 d-------- C:\Program Files\TimeSync

-- Find3M Report ---------------------------------------------------------------

2008-05-13 21:22:40 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\tor
2008-05-13 21:13:54 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Vidalia
2008-05-13 19:56:40 0 d-------- C:\Program Files\LogMeIn
2008-05-11 19:44:41 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\uTorrent
2008-05-05 17:55:46 0 d-------- C:\Program Files\Java
2008-05-04 20:14:44 0 d-------- C:\Program Files\Realtek
2008-05-04 11:33:17 0 d-------- C:\Program Files\Common Files
2008-05-04 11:21:01 0 d-------- C:\Program Files\Trend Micro
2008-05-04 10:25:46 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-04 09:05:45 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\mIRC
2008-05-03 23:56:42 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\FreeCommander
2008-05-02 14:40:58 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Comodo
2008-04-22 22:50:09 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Free Download Manager
2008-04-20 01:58:22 0 d-------- C:\Program Files\Microsoft.NET
2008-04-17 23:14:16 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\RhinoSoft.com
2008-04-17 17:53:51 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Adobe
2008-04-14 01:21:56 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Anthropics
2008-04-10 22:13:24 0 d-------- C:\Program Files\Image-Line
2008-04-10 22:12:43 0 d-------- C:\Program Files\VstPlugins
2008-04-10 22:11:25 0 d-------- C:\Program Files\Outsim
2008-04-10 00:05:54 0 d-------- C:\Program Files\Common Files\Acer
2008-04-10 00:03:26 0 d-------- C:\Program Files\Windows Mail
2008-04-09 23:30:35 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-09 17:52:26 0 d-------- C:\Program Files\Nero
2008-04-09 17:46:34 0 d-------- C:\Program Files\Common Files\Nero
2008-04-08 19:48:15 0 d-------- C:\Program Files\Microsoft Games
2008-03-31 00:42:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-30 13:13:07 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\MindTerm
2008-03-30 00:23:26 0 d-------- C:\Program Files\MadTracker
2008-03-29 21:50:18 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Bidgood Svcs
2008-03-29 21:28:10 0 d-------- C:\Program Files\PrintKey2000
2008-03-29 13:49:24 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\SimpleFindBar
2008-03-23 16:44:35 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Google
2008-03-21 02:35:33 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Actual Tools
2008-03-20 20:13:44 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\VirtuaWin
2008-03-20 20:13:41 0 d-------- C:\Program Files\VirtuaWin
2008-03-18 04:08:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-18 01:17:22 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Media Player Classic
2008-03-18 01:04:00 0 d-------- C:\Program Files\Ringz Studio
2008-03-16 22:52:14 0 d-------- C:\Program Files\HoeKey
2008-03-15 13:44:42 0 d-------- C:\Program Files\NeroInstall.bak
2008-03-13 08:04:35 0 d-------- C:\Users\{username edited-out}\AppData\Roaming\Software Informer
2008-02-25 00:02:14 32 --a------ C:\Windows\0
2008-02-25 00:01:59 12 --a------ C:\Windows\bthservsdp.dat
2008-02-24 23:13:32 0 --a------ C:\Windows\system32\0
2008-02-20 21:14:36 6281 --a------ C:\Windows\mozver.dat

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-05-13 21:54:43 ------------

kwah · #8 (**permalink**) 13-05-2008, 10:14 PM

hmm... i dont get a file called "extra.txt" in C:\Deckard\System Scanner

the only files that appear are "main.txt" in that directory and a copy of the same file in a timestamped folder in that directory..

Neal · #9 (**permalink**) 13-05-2008, 10:29 PM

Never mind that, I'll wait for the kaspersky log, thanks.