scooter1969
2008-08-17, 14:41
Hello. I'm a relative newbie and am hopefully following the guidelines. Recently downloaded Spybot S&D which seems to have been effective in some respects. Also tried HTJ as suggested on TechArena. Below is the log it produced. Is there anything here that can be identified that will help with my recent issues with pop-ups and with Security Center's Automatic Updates repeatedly turning off?
Let me know what additional information may be needed to help. Thanks!
Logfile of Trend Micro HijackThis
v2.0.2
Scan saved at 4:03:32 AM, on
8/17/2008
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common
Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService
.exe
C:\Program
Files\Symantec\LiveUpdate\AluSchedul
erSvc.exe
C:\Acer\Empowering
Technology\admServ.exe
C:\Program
Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLSer
ver.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLSer
vice.exe
C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft
LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
C:\Program
Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CyberLink\Shared
Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD
Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\TV\CLSched.exe
C:\Program
Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering
Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer
Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering
Technology\eDataSecurity\eDSloader.e
xe
C:\acer\Empowering
Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering
Technology\admtray.exe
C:\Program
Files\ScanSoft\OmniPageSE2.0
\OpwareSE2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program
Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_11
\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\BroadJump\Client
Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1
\MotiveSB.exe
C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe
C:\Program
Files\iTunes\iTunesHelper.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Western Digital\WD
Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop
Messenger\8876480
\Program\LogitechDesktopMessenger.ex
e
C:\Program
Files\iPod\bin\iPodService.exe
C:\Program
Files\BitTorrent\bittorrent.exe
C:\Program Files\Common
Files\Nero\Lib\NMBgMonitor.exe
C:\Program
Files\Google\GoogleToolbarNotifier\G
oogleToolbarNotifier.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
C:\Program
Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common
Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\zeropop.exe
C:\Program Files\SBC Self Support
Tool\bin\mpbtn.exe
C:\Program Files\Common
Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Java\jre1.5.0_11
\bin\jucheck.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program Files\Common
Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\Program Files\hijackthis.exe
R1 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?
LinkId=54896
R1 -
HKCU\Software\Microsoft\Windows\Curr
entVersion\Internet
Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 200.124.131.116
casinocontroller.com
O3 - Toolbar: Easy-WebPrint -
{327C2873-E90D-4c37-AA9D-
10AC9BABA46C} - C:\Program
Files\Canon\Easy-
WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar -
{7FEBEFE3-6B19-4349-98D2-
FFB09D4B49CA} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\2.6
\CoIEPlg.dll
O3 - Toolbar: SnagIt - {8FF5E183-
ABDE-46EB-B09E-D2AAB95CABE3} -
C:\Program Files\TechSmith\SnagIt 8
\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-
4965-11d4-9B18-009027A5CD4F} -
c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp]
Alaunch
O4 - HKLM\..\Run: [High Definition
Audio Property Page Shortcut]
HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel]
C:\Program
Files\Realtek\InstallShield\AzMixerS
el.exe
O4 - HKLM\..\Run: [SynTPEnh]
C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002]
C:\WINDOWS\system32
\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService]
"C:\Program Files\Acer\Acer
Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers]
C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL]
RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr]
ALCMTR.EXE
O4 - HKLM\..\Run: [eDataSecurity
Loader] C:\Acer\Empowering
Technology\eDataSecurity\eDSloader.e
xe
O4 - HKLM\..\Run: [EPM-DM]
c:\acer\Empowering
Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower
Management] C:\Acer\Empowering
Technology\ePower\Acer ePower
Management.exe boot
O4 - HKLM\..\Run: [LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService]
C:\Acer\Empowering
Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe]
"C:\Acer\Empowering
Technology\admtray.exe"
O4 - HKLM\..\Run: [Openwares
LiveUpdate] C:\Program
Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [OpwareSE2]
"C:\Program
Files\ScanSoft\OmniPageSE2.0
\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Hardware
Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run:
[LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run:
[LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run:
[SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_11
\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk]
C:\Program Files\Google\Google
Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [VX3000]
C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam]
"C:\Program Files\Microsoft
LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program
Files\BroadJump\Client
Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive
SmartBridge] C:\PROGRA~1\SBCSEL~1
\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\Program Files\Common
Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor]
"C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper]
"C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe]
"C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [WD Drive Manager]
C:\Program Files\Western Digital\WD
Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program
Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [ccApp]
"C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck]
"C:\Program Files\Norton 360
\osCheck.exe"
O4 - HKLM\..\Run: [320d18a1]
rundll32.exe "C:\WINDOWS\system32
\npvgmdkw.dll",b
O4 - HKLM\..\Run: [BM313e2b3d]
Rundll32.exe "C:\WINDOWS\system32
\dcpsmojm.dll",s
O4 - HKCU\..\Run: [LDM] C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\LogitechDesktopMessenger.ex
e
O4 - HKCU\..\Run:
[LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.
exe" boot
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0
\Reader\AdobeUpdateManager.exe"
AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [BitTorrent]
"C:\Program
Files\BitTorrent\bittorrent.exe" --
force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_
{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program
Files\Common
Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\G
oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD
TeaTimer] C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe
O4 - Startup: SCRABBLE Complete
Registration.lnk = C:\Documents and
Settings\Scott Volk\Local
Settings\Temp\{EF3DE308-1D1D-436D-
8297-650C713BE9CB}\{B36649A3-D0DD-
4706-B042-F5B384529C7A}\ATR1.exe
O4 - Startup: 0pop.lnk = C:\Program
Files\zeropop.exe
O4 - Global Startup: Logitech
SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader
Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O4 - Global Startup: Logitech
Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\LogitechDesktopMessenger.ex
e
O4 - Global Startup: AT&T Self
Support Tool.lnk = C:\Program
Files\SBC Self Support
Tool\bin\matcli.exe
O8 - Extra context menu item:
&Sample Toolband Serach -
res://C:\WINDOWS\system32
\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item:
E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12
\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-
WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-
WebPrint\Resource.dll/RC_AddToList.h
tml
O8 - Extra context menu item: Easy-
WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-
WebPrint\Resource.dll/RC_HSPrint.htm
l
O8 - Extra context menu item: Easy-
WebPrint Preview - res://C:\Program
Files\Canon\Easy-
WebPrint\Resource.dll/RC_Preview.htm
l
O8 - Extra context menu item: Easy-
WebPrint Print - res://C:\Program
Files\Canon\Easy-
WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program
Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun
Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-
5663EE0C6C49} - C:\PROGRA~1
\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end
to OneNote - {2670000A-7350-4f3c-
8081-5663EE0C6C49} - C:\PROGRA~1
\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1
\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com -
{B4B52284-A248-4c51-9F7C-
F0A0C67FCC9D} - C:\Program
Files\PartyGaming\PartyCasino\RunCas
ino.exe (file missing)
O9 - Extra 'Tools' menuitem:
PartyCasino.com - {B4B52284-A248-
4c51-9F7C-F0A0C67FCC9D} - C:\Program
Files\PartyGaming\PartyCasino\RunCas
ino.exe (file missing)
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-
58CAB36FD2A2} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot
- Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-
58CAB36FD2A2} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-
f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D
-3C54734667FE} (LSSupCtl Class) -
http://www.symantec.com/techsupp/asa
/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8
-fa1d4f56a2ab} (YInstStarter Class)
- C:\Program Files\Yahoo!
\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042
-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/
20060104/qtinstall.info.apple.com/sn
ape/us/win/QuickTimeInstaller.exe
O16 - DPF: {6A344D34-5231-452A-8A57
-D064AC9B7862} (Symantec Download
Manager) -
https://webdl.symantec.com/activex/s
ymdlmgr.cab
O18 - Protocol: bwfile-8876480 -
{9462A756-7B47-47BC-8C80-
C34B9B80B32B} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS -
{88FED34C-F0CA-4636-A375-
3CB6248B04CD} - C:\PROGRA~1
\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device -
Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile
Device
Support\bin\AppleMobileDeviceService
.exe
O23 - Service: Ati HotKey Poller -
ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate
Scheduler - Symantec Corporation -
C:\Program
Files\Symantec\LiveUpdate\AluSchedul
erSvc.exe
O23 - Service: AdminWorks Agent X6
(AWService) - Avocent Inc. -
C:\Acer\Empowering
Technology\admServ.exe
O23 - Service: Bonjour Service -
Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access
Library 8 (CCALib8) - Canon Inc. -
C:\Program
Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event
Manager (ccEvtMgr) - Symantec
Corporation - C:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings
Manager (ccSetMgr) - Symantec
Corporation - C:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: CyberLink Background
Capture Service (CBCS) (CLCapSvc) -
Unknown owner - C:\Program
Files\Acer\Acer
Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task
Scheduler (CTS) (CLSched) - Unknown
owner - C:\Program Files\Acer\Acer
Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic
NetConnect service (CLTNetCnService)
- Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) -
Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media
Library Service - Cyberlink -
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLSer
ver.exe
O23 - Service: Google Updater
Service (gusvc) - Google -
C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table
Manager (IDriverT) - Macrovision
Corporation - C:\Program
Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple
Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec
Corporation - C:\Program
Files\Symantec\LiveUpdate\LuComServe
r_3_4.EXE
O23 - Service: LiveUpdate Notice -
Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp
Scheduler 3 - Nero AG - C:\Program
Files\Nero\Nero8\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService -
Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown
owner - C:\Program
Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo
Service(CRVS) (RichVideo) - Unknown
owner - C:\Program
Files\CyberLink\Shared
Files\RichVideo.exe
O23 - Service: Symantec Core LC -
Unknown owner - C:\Program
Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WD Drive Manager
Service (WDBtnMgrSvc.exe) - WDC -
C:\Program Files\Western Digital\WD
Drive Manager\WDBtnMgrSvc.exe
O24 - Desktop Component 0: (no name)
-
http://www.chaosmen.com/bio4ms/2006/
p080-blake/02.jpg
--
End of file - 15708 bytes
Let me know what additional information may be needed to help. Thanks!
Logfile of Trend Micro HijackThis
v2.0.2
Scan saved at 4:03:32 AM, on
8/17/2008
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common
Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService
.exe
C:\Program
Files\Symantec\LiveUpdate\AluSchedul
erSvc.exe
C:\Acer\Empowering
Technology\admServ.exe
C:\Program
Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLSer
ver.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLSer
vice.exe
C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft
LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
C:\Program
Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CyberLink\Shared
Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD
Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\TV\CLSched.exe
C:\Program
Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering
Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer
Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering
Technology\eDataSecurity\eDSloader.e
xe
C:\acer\Empowering
Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering
Technology\admtray.exe
C:\Program
Files\ScanSoft\OmniPageSE2.0
\OpwareSE2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program
Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_11
\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\BroadJump\Client
Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1
\MotiveSB.exe
C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe
C:\Program
Files\iTunes\iTunesHelper.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Western Digital\WD
Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop
Messenger\8876480
\Program\LogitechDesktopMessenger.ex
e
C:\Program
Files\iPod\bin\iPodService.exe
C:\Program
Files\BitTorrent\bittorrent.exe
C:\Program Files\Common
Files\Nero\Lib\NMBgMonitor.exe
C:\Program
Files\Google\GoogleToolbarNotifier\G
oogleToolbarNotifier.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
C:\Program
Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common
Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\zeropop.exe
C:\Program Files\SBC Self Support
Tool\bin\mpbtn.exe
C:\Program Files\Common
Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Java\jre1.5.0_11
\bin\jucheck.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program Files\Common
Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\Program Files\hijackthis.exe
R1 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?
LinkId=54896
R1 -
HKCU\Software\Microsoft\Windows\Curr
entVersion\Internet
Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 200.124.131.116
casinocontroller.com
O3 - Toolbar: Easy-WebPrint -
{327C2873-E90D-4c37-AA9D-
10AC9BABA46C} - C:\Program
Files\Canon\Easy-
WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar -
{7FEBEFE3-6B19-4349-98D2-
FFB09D4B49CA} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\2.6
\CoIEPlg.dll
O3 - Toolbar: SnagIt - {8FF5E183-
ABDE-46EB-B09E-D2AAB95CABE3} -
C:\Program Files\TechSmith\SnagIt 8
\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-
4965-11d4-9B18-009027A5CD4F} -
c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp]
Alaunch
O4 - HKLM\..\Run: [High Definition
Audio Property Page Shortcut]
HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel]
C:\Program
Files\Realtek\InstallShield\AzMixerS
el.exe
O4 - HKLM\..\Run: [SynTPEnh]
C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002]
C:\WINDOWS\system32
\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService]
"C:\Program Files\Acer\Acer
Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers]
C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL]
RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr]
ALCMTR.EXE
O4 - HKLM\..\Run: [eDataSecurity
Loader] C:\Acer\Empowering
Technology\eDataSecurity\eDSloader.e
xe
O4 - HKLM\..\Run: [EPM-DM]
c:\acer\Empowering
Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower
Management] C:\Acer\Empowering
Technology\ePower\Acer ePower
Management.exe boot
O4 - HKLM\..\Run: [LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService]
C:\Acer\Empowering
Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe]
"C:\Acer\Empowering
Technology\admtray.exe"
O4 - HKLM\..\Run: [Openwares
LiveUpdate] C:\Program
Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [OpwareSE2]
"C:\Program
Files\ScanSoft\OmniPageSE2.0
\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Hardware
Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run:
[LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run:
[LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run:
[SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_11
\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk]
C:\Program Files\Google\Google
Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [VX3000]
C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam]
"C:\Program Files\Microsoft
LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program
Files\BroadJump\Client
Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive
SmartBridge] C:\PROGRA~1\SBCSEL~1
\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\Program Files\Common
Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor]
"C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper]
"C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe]
"C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [WD Drive Manager]
C:\Program Files\Western Digital\WD
Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program
Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [ccApp]
"C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck]
"C:\Program Files\Norton 360
\osCheck.exe"
O4 - HKLM\..\Run: [320d18a1]
rundll32.exe "C:\WINDOWS\system32
\npvgmdkw.dll",b
O4 - HKLM\..\Run: [BM313e2b3d]
Rundll32.exe "C:\WINDOWS\system32
\dcpsmojm.dll",s
O4 - HKCU\..\Run: [LDM] C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\LogitechDesktopMessenger.ex
e
O4 - HKCU\..\Run:
[LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.
exe" boot
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0
\Reader\AdobeUpdateManager.exe"
AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [BitTorrent]
"C:\Program
Files\BitTorrent\bittorrent.exe" --
force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_
{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program
Files\Common
Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\G
oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD
TeaTimer] C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe
O4 - Startup: SCRABBLE Complete
Registration.lnk = C:\Documents and
Settings\Scott Volk\Local
Settings\Temp\{EF3DE308-1D1D-436D-
8297-650C713BE9CB}\{B36649A3-D0DD-
4706-B042-F5B384529C7A}\ATR1.exe
O4 - Startup: 0pop.lnk = C:\Program
Files\zeropop.exe
O4 - Global Startup: Logitech
SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader
Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O4 - Global Startup: Logitech
Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\LogitechDesktopMessenger.ex
e
O4 - Global Startup: AT&T Self
Support Tool.lnk = C:\Program
Files\SBC Self Support
Tool\bin\matcli.exe
O8 - Extra context menu item:
&Sample Toolband Serach -
res://C:\WINDOWS\system32
\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item:
E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12
\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-
WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-
WebPrint\Resource.dll/RC_AddToList.h
tml
O8 - Extra context menu item: Easy-
WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-
WebPrint\Resource.dll/RC_HSPrint.htm
l
O8 - Extra context menu item: Easy-
WebPrint Preview - res://C:\Program
Files\Canon\Easy-
WebPrint\Resource.dll/RC_Preview.htm
l
O8 - Extra context menu item: Easy-
WebPrint Print - res://C:\Program
Files\Canon\Easy-
WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program
Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun
Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-
5663EE0C6C49} - C:\PROGRA~1
\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end
to OneNote - {2670000A-7350-4f3c-
8081-5663EE0C6C49} - C:\PROGRA~1
\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1
\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com -
{B4B52284-A248-4c51-9F7C-
F0A0C67FCC9D} - C:\Program
Files\PartyGaming\PartyCasino\RunCas
ino.exe (file missing)
O9 - Extra 'Tools' menuitem:
PartyCasino.com - {B4B52284-A248-
4c51-9F7C-F0A0C67FCC9D} - C:\Program
Files\PartyGaming\PartyCasino\RunCas
ino.exe (file missing)
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-
58CAB36FD2A2} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot
- Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-
58CAB36FD2A2} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-
f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D
-3C54734667FE} (LSSupCtl Class) -
http://www.symantec.com/techsupp/asa
/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8
-fa1d4f56a2ab} (YInstStarter Class)
- C:\Program Files\Yahoo!
\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042
-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/
20060104/qtinstall.info.apple.com/sn
ape/us/win/QuickTimeInstaller.exe
O16 - DPF: {6A344D34-5231-452A-8A57
-D064AC9B7862} (Symantec Download
Manager) -
https://webdl.symantec.com/activex/s
ymdlmgr.cab
O18 - Protocol: bwfile-8876480 -
{9462A756-7B47-47BC-8C80-
C34B9B80B32B} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS -
{88FED34C-F0CA-4636-A375-
3CB6248B04CD} - C:\PROGRA~1
\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device -
Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile
Device
Support\bin\AppleMobileDeviceService
.exe
O23 - Service: Ati HotKey Poller -
ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate
Scheduler - Symantec Corporation -
C:\Program
Files\Symantec\LiveUpdate\AluSchedul
erSvc.exe
O23 - Service: AdminWorks Agent X6
(AWService) - Avocent Inc. -
C:\Acer\Empowering
Technology\admServ.exe
O23 - Service: Bonjour Service -
Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access
Library 8 (CCALib8) - Canon Inc. -
C:\Program
Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event
Manager (ccEvtMgr) - Symantec
Corporation - C:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings
Manager (ccSetMgr) - Symantec
Corporation - C:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: CyberLink Background
Capture Service (CBCS) (CLCapSvc) -
Unknown owner - C:\Program
Files\Acer\Acer
Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task
Scheduler (CTS) (CLSched) - Unknown
owner - C:\Program Files\Acer\Acer
Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic
NetConnect service (CLTNetCnService)
- Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) -
Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media
Library Service - Cyberlink -
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLSer
ver.exe
O23 - Service: Google Updater
Service (gusvc) - Google -
C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table
Manager (IDriverT) - Macrovision
Corporation - C:\Program
Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple
Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec
Corporation - C:\Program
Files\Symantec\LiveUpdate\LuComServe
r_3_4.EXE
O23 - Service: LiveUpdate Notice -
Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp
Scheduler 3 - Nero AG - C:\Program
Files\Nero\Nero8\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService -
Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown
owner - C:\Program
Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo
Service(CRVS) (RichVideo) - Unknown
owner - C:\Program
Files\CyberLink\Shared
Files\RichVideo.exe
O23 - Service: Symantec Core LC -
Unknown owner - C:\Program
Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WD Drive Manager
Service (WDBtnMgrSvc.exe) - WDC -
C:\Program Files\Western Digital\WD
Drive Manager\WDBtnMgrSvc.exe
O24 - Desktop Component 0: (no name)
-
http://www.chaosmen.com/bio4ms/2006/
p080-blake/02.jpg
--
End of file - 15708 bytes