View Full Version : Sudden persistent and recurring malware infection incl. active trojans, browser/googl
HELP! I made a big mistake. After installing BioShock 2 via Steam I ran into some annoying ingame menu/performance problems. After checking the official 2kgames forums I found a related thread here
http://forums.2kgames.com/forums/showthread.php?t=57877and followed instructions there which included 2 steps:
switch certain BioShock 2 executables to Windows 2000 Compatibility mode
download and extract a bink fix from http://massmirror.com/da844f8e8fcc301c8befe7578c1c36e4.html into a particular BioShock 2 sub directory.
Ever since I did this I seem to have a very persistent infection that I have not been able to clear out. Symptons include:
firefox hijack: occasionally additional tabs will open pointing to odd/suspicious ad, search and other pages
firefox google search hijack: google search result links will be redirected to similar pages (copy and paste of links gets me around that)
NAV started to flag high severity attacks from IPs in the 94.228.209.0-255 range even though I'm behind 2 routers and ZAPro internal firewall
following that I checked ZAPro logs for traffic and found that something is contacting the same IP addresses from inside my PC prior to the flagged attacks.
So I got some sort of proactive malware trying to make contact. For now I've set ZAPro to block any and all traffic in and out for that IP address range.
This all reminds me somewhat of this recent thread:
http://forums.spybot.info/showthread.php?t=55489
Just like okmike I'd like to thank you in advance for any support you can offer to help me get rid of this problem.
My original security/pc hygiene setup is as follows:
2 external routers (outermost: AT&T U-verse router; innermost: Linksys WRT610N)
ZoneAlarm Pro internal firewall
Norton Antivirus 2010
Spybot S&D
Secunia PSI to ensure everything currently installed is up-to-date
Various utilities including Startup Delayer, Revo Uninstaller, HijackThis, etc...
My habits are for the most part good. I don't open up unexpected email attachments, I don't install cracked software, I don't open web pages via emailed links, I research what I download (with the unfortunate exception of the bink fix mentioned above), I keep everything updated.
This is my first actual infection in 6 years... :sad:
My system:
OS: MS Windows XP Professional 5.1.2600 SP3 Build 2600 (fully updated)
MB: Asus P5W DH Deluxe
BIOS: AMI 0801, 7/14/2006
CPU: Intel Core2 Duo 6700 2.67Ghz (x86 Family 6 Model 15 Stepping 6 GenuineIntel ~2671Mhz)
RAM: 2GB
The Bioshock 2 install and the binkfix were the only stuff I installed other than Windows updates prior to the infection becoming noticeable. Have not installed new software prior to this. Last install I can remember was Quicken Premier 2010 at least a week prior to all this.
I have since done a whole slew of scans and cleanup attempts:
[LIST]
NAV: other than flagging the incoming attacks which I have subsequently blocked with ZAPro it never found anything ever. Go figure...
Unfortunately ZAPro doesn't tell me more about the outgoing connections preceding the incoming attacks other than the target IP and that they came via svchost.exe. There's of course multiple svchost.exe processes running each associated with various DLLs. Hard to tell which one is behind the outgoing packets.
SpyBot S&D found a bunch of stuff: AdRevolver, Bluemountain, BlueStreak, CasaleMedia, CoreMetrics, DoubleClick, FastClick, HitBox, MediaPlex, RightMedia, Statcounter, WebTrends live, Zedo, Virtumonde.prx
However, even though it claims to have removed everything the problems aren't going away and some of the stuff keeps reappearing.
I'm pretty sure Virtumonde is gone though after some manual cleanup and 2 regular and 2 reboot SpyBot S&D sessions.
Windows Live OneCare Online Scanner found more but couldn't fix any of it:
Trojan:Win32/Hiloti.gen!D
c:\windows\egewadageqewipe.dll
c:\system volume information\_restore{97faff2f-dec1-4daa-aa00-642cc6bb0a68}\rp963\a0233308.dll
These files coincided with the location of Virtumonde flagged by Spybot S&D. After doing some manual cleanup of startup files and some manual file removal of these I think this stuff is gone for good. But the problems persist. Something was still trying to launch egewadageqewipe.dll after I got rid of it. A followup pass with Spybot S&D seems to have cleaned that startup call.
F-Secure Online Scan finds more: Tracking Cookies, Questionmarket, 2o7, Atdmt, Adform, Webtrends, Doubleclick, Application Generic.216253, CEXVW4.DLL w32/Mufanom.A, TAG.EXE w32/Malware!Gemini RASNEMOXWC.TMP w32/Mufanom.A C:\Documents And Settings\Chef\Local Settings\Temp\Rasnemoxwc.tmp.
It failed to clean up both Mufanom.A and Malware!Gemini
F-Secure Rootkit scan finds nothing
Kaspersky online scanner finds nothing
Windows Live OneCare still finds Hiloti.gen!D during a second pass and still can't clean it up.
After all these cleanup attempts and subsequent reboots the ZAPro log continues to show attempts of something to communicate to the suspicious IP addresses and the browser hijacking is still happening.
*sigh*
I'll post my most recent Hijack This log right after this...
Thanks for any advice/solution you may have!
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:58:23 AM, on 2/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\System32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [svg_file_op1] "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\FileOps.exe" -r "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall"
O4 - HKLM\..\RunOnce: [svg_file_op2] "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\FileOps.exe" -r "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\SetupRsrc.dll"
O4 - HKLM\..\RunOnce: [svg_file_op3] "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\FileOps.exe" -r "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe"
O4 - HKLM\..\RunOnce: [svg_file_op4] "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\FileOps.exe" -r "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\"
O4 - HKLM\..\RunOnce: [svg_file_op5] "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\FileOps.exe" -r "C:\WINDOWS\system32\Adobe\SVG Viewer 3.0"
O4 - HKLM\..\RunOnce: [svg_file_op6] C:\WINDOWS\system32\cmd.exe /D /Q /C del /F /Q "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\FileOps.exe"
O4 - HKLM\..\RunOnce: [svg_file_op7] C:\WINDOWS\system32\cmd.exe /D /Q /C rd /S /Q "C:\Program Files\Common Files\Adobe\SVG Viewer 3.0"
O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [] �
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: ScanSnap Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n019p/EN/install/gtdownlr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158200459132
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158201002655
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c5/v19.108/qboax10.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99f732a046a29) (gupdate1c99f732a046a29) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 14849 bytes
DDS (Ver_09-12-01.01) - NTFSx86
Run by Chef at 12:38:23.47 on Sun 02/21/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1227 [GMT -8:00]
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
E:\PC Management\Installers\DDS\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [@BackupScheduler] c:\program files\online backup\OnlineBackup.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [JMB36X Configure] "c:\windows\system32\JMRaidTool.exe" boot
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [InCD] "c:\program files\nero\nero 7\incd\InCD.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRunOnce: [svg_file_op1] "c:\program files\common files\adobe\svg viewer 3.0\fileops.exe" -r "c:\program files\common files\adobe\svg viewer 3.0\Uninstall"
mRunOnce: [svg_file_op2] "c:\program files\common files\adobe\svg viewer 3.0\fileops.exe" -r "c:\program files\common files\adobe\svg viewer 3.0\uninstall\SetupRsrc.dll"
mRunOnce: [svg_file_op3] "c:\program files\common files\adobe\svg viewer 3.0\fileops.exe" -r "c:\program files\common files\adobe\svg viewer 3.0\uninstall\Winstall.exe"
mRunOnce: [svg_file_op4] "c:\program files\common files\adobe\svg viewer 3.0\fileops.exe" -r "c:\program files\common files\adobe\svg viewer 3.0\uninstall\"
mRunOnce: [svg_file_op5] "c:\program files\common files\adobe\svg viewer 3.0\fileops.exe" -r "c:\windows\system32\adobe\SVG Viewer 3.0"
mRunOnce: [svg_file_op6] c:\windows\system32\cmd.exe /d /q /c del /f /q "c:\program files\common files\adobe\svg viewer 3.0\FileOps.exe"
mRunOnce: [svg_file_op7] c:\windows\system32\cmd.exe /d /q /c rd /s /q "c:\program files\common files\adobe\SVG Viewer 3.0"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\chef\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n019p/EN/install/gtdownlr.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158200459132
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158201002655
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c5/v19.108/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli cexvw4.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\chef\applic~1\mozilla\firefox\profiles\bf5ftzln.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.0.0&locale=en-US&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\chef\application data\mozilla\firefox\profiles\bf5ftzln.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {1F757272-2215-480A-B4D1-4B7DA45F92DB} - c:\documents and settings\chef\local settings\application data\{1F757272-2215-480A-B4D1-4B7DA45F92DB}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-2-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-2-2 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-2-2 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100218.001\IDSXpx86.sys [2010-2-19 329592]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2006-10-24 8576]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-2-3 486280]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-2-2 117640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100221.004\NAVENG.SYS [2010-2-21 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100221.004\NAVEX15.SYS [2010-2-21 1324720]
S2 gupdate1c99f732a046a29;Google Update Service (gupdate1c99f732a046a29);c:\program files\google\update\GoogleUpdate.exe [2009-3-7 133104]
S3 BS_DEF;BS_DEF;c:\program files\asus\asusupdate\BS_DEF.sys [2009-3-19 12800]
S3 CLAVIAUSB;CLAVIAUSB;c:\windows\system32\drivers\ClaviaUSB.sys [2009-10-5 19712]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2006-9-13 332928]
=============== Created Last 30 ================
2010-02-21 01:02:16 0 d-----w- c:\program files\PHP
2010-02-21 00:59:41 0 d-----w- c:\documents and settings\chef\blank
2010-02-21 00:53:07 0 d-----w- c:\program files\common files\xing shared
2010-02-20 20:26:57 0 d-----w- c:\program files\JRE
2010-02-20 19:46:26 0 d-----w- c:\program files\Sun
2010-02-20 19:46:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-20 07:14:30 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-02-20 00:40:11 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-20 00:40:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-19 09:44:12 120 ----a-w- c:\windows\Xhafituyih.dat
2010-02-19 09:44:12 0 ----a-w- c:\windows\Qmibujabowixan.bin
2010-02-18 19:27:57 0 d-----w- c:\program files\common files\Config
2010-02-17 02:06:10 0 d-----w- c:\program files\Lame for Audacity
2010-02-17 02:03:37 0 d-----w- c:\program files\Audacity
2010-02-16 04:44:42 0 d-----w- c:\docume~1\chef\applic~1\Bioshock2
2010-02-16 04:39:04 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-02-16 04:39:04 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-16 04:38:58 0 d-----w- c:\windows\Logs
2010-02-16 04:38:54 0 d-----w- c:\windows\system32\xlive
2010-02-16 04:38:54 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-10 21:30:04 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-02-10 21:29:04 0 d-----w- c:\program files\Quicken
2010-02-10 07:11:48 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-10 06:57:42 0 d-----w- c:\docume~1\chef\applic~1\GetRightToGo
2010-02-03 07:20:04 0 d-----w- c:\program files\iPod
2010-02-03 07:19:56 0 d-----w- c:\program files\iTunes
2010-02-02 22:08:06 0 d-----w- C:\cygwin
==================== Find3M ====================
2010-02-21 12:59:31 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-02-21 00:52:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-21 00:52:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-20 23:07:36 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-20 23:07:29 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-02-20 19:45:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-01 02:02:40 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-12-01 02:02:38 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2008-09-19 06:36:15 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat
2008-11-02 03:53:17 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-11-02 03:53:17 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-11-02 03:53:17 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 12:40:15.73 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/13/2006 6:45:19 PM
System Uptime: 2/20/2010 3:06:54 PM (21 hours ago)
Motherboard: ASUSTeK Computer INC. | | P5W DH Deluxe
Processor: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz | Socket 775 | 2671/266mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 117 GiB total, 9.812 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 256.767 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4
Service: yukonwxp
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF035648
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF035648
Service: RTLWUSB
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
==== System Restore Points ===================
RP917: 11/22/2009 11:11:40 AM - System Checkpoint
RP918: 11/25/2009 11:47:49 PM - System Checkpoint
RP919: 11/26/2009 12:02:48 AM - Software Distribution Service 3.0
RP920: 11/29/2009 7:45:28 PM - System Checkpoint
RP921: 11/30/2009 8:11:44 PM - System Checkpoint
RP922: 12/2/2009 10:55:45 PM - Installed SuperCollider
RP923: 12/5/2009 4:49:06 PM - System Checkpoint
RP924: 12/7/2009 2:35:50 PM - System Checkpoint
RP925: 12/9/2009 11:22:12 PM - Software Distribution Service 3.0
RP926: 12/24/2009 5:38:35 PM - System Checkpoint
RP927: 12/25/2009 7:40:26 PM - System Checkpoint
RP928: 12/29/2009 9:06:03 PM - System Checkpoint
RP929: 12/31/2009 12:43:33 PM - System Checkpoint
RP930: 1/4/2010 8:49:33 PM - System Checkpoint
RP931: 1/13/2010 9:46:03 PM - Software Distribution Service 3.0
RP932: 1/16/2010 6:24:42 PM - System Checkpoint
RP933: 1/18/2010 12:27:16 PM - System Checkpoint
RP934: 1/18/2010 4:58:21 PM - Software Distribution Service 3.0
RP935: 1/23/2010 11:49:45 AM - System Checkpoint
RP936: 1/23/2010 1:05:24 PM - Software Distribution Service 3.0
RP937: 2/1/2010 2:30:01 PM - System Checkpoint
RP938: 2/2/2010 6:43:02 PM - System Checkpoint
RP939: 2/2/2010 11:18:13 PM - Installed iTunes
RP940: 2/2/2010 11:25:36 PM - Installed Windows XP -- Software Updates KB952011.
RP941: 2/5/2010 12:09:34 PM - System Checkpoint
RP942: 2/5/2010 1:07:36 PM - Software Distribution Service 3.0
RP943: 2/8/2010 10:10:10 AM - System Checkpoint
RP944: 2/9/2010 10:20:28 PM - Software Distribution Service 3.0
RP945: 2/9/2010 11:07:20 PM - Installed Microsoft Office Home and Student 2007
RP946: 2/9/2010 11:11:40 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP947: 2/9/2010 11:20:30 PM - Configured Microsoft Office Home and Student 2007
RP948: 2/10/2010 1:30:14 PM - Printer Driver Amyuni Document Converter 400 Installed
RP949: 2/11/2010 3:00:21 AM - Software Distribution Service 3.0
RP950: 2/11/2010 1:05:42 PM - Installed AcuPartner Professional
RP951: 2/12/2010 5:39:10 PM - Software Distribution Service 3.0
RP952: 2/13/2010 2:19:22 AM - Software Distribution Service 3.0
RP953: 2/13/2010 11:17:32 AM - Software Distribution Service 3.0
RP954: 2/14/2010 12:11:26 PM - System Checkpoint
RP955: 2/15/2010 8:36:24 PM - Installed DirectX
RP956: 2/15/2010 8:37:15 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP957: 2/15/2010 8:37:51 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP958: 2/15/2010 8:38:15 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP959: 2/15/2010 8:39:02 PM - Installed DirectX
RP960: 2/15/2010 8:59:27 PM - Installed BioShock 2
RP961: 2/17/2010 1:10:01 AM - Software Distribution Service 3.0
RP962: 2/18/2010 10:44:31 PM - System Checkpoint
RP963: 2/19/2010 3:57:57 PM - Installed HiJackThis
RP964: 2/20/2010 10:31:13 AM - Revo Uninstaller's restore point - AcuPartner Professional
RP965: 2/20/2010 10:32:53 AM - Removed AcuPartner Professional
RP966: 2/20/2010 10:49:42 AM - Revo Uninstaller's restore point - AnswerWorks 5.0 English Runtime
RP967: 2/20/2010 10:51:19 AM - Revo Uninstaller's restore point - Avanquest update
RP968: 2/20/2010 10:55:40 AM - Revo Uninstaller's restore point - Documents To Go
RP969: 2/20/2010 10:55:58 AM - Removed Documents To Go
RP970: 2/20/2010 11:02:32 AM - Revo Uninstaller's restore point - GLOBEtrotter FLEXid Drivers
RP971: 2/20/2010 11:03:12 AM - Revo Uninstaller's restore point - GLOBEtrotter FLEXid Drivers
RP972: 2/20/2010 11:34:34 AM - Revo Uninstaller's restore point - Java(TM) 6 Update 13
RP973: 2/20/2010 11:35:27 AM - Revo Uninstaller's restore point - Java(TM) 6 Update 15
RP974: 2/20/2010 11:35:35 AM - Removed Java(TM) 6 Update 14
RP975: 2/20/2010 11:37:39 AM - Revo Uninstaller's restore point - Adobe AIR
RP976: 2/20/2010 11:39:24 AM - Revo Uninstaller's restore point - WebEx Support Manager for Internet Explorer
RP977: 2/20/2010 11:39:40 AM - Removed WebEx Support Manager for Internet Explorer
RP978: 2/20/2010 11:44:19 AM - Installed Java(TM) SE Development Kit 6 Update 18
RP979: 2/20/2010 11:45:36 AM - Installed Java(TM) 6 Update 18
RP980: 2/20/2010 11:51:52 AM - Removed Adobe Reader 9.1.3.
RP981: 2/20/2010 11:52:27 AM - Installed Adobe Reader 9.3.
RP982: 2/20/2010 12:22:58 PM - Removed OpenOffice.org 3.1
RP983: 2/20/2010 12:26:32 PM - Installed OpenOffice.org 3.2
RP984: 2/20/2010 4:47:24 PM - Revo Uninstaller's restore point - Adobe SVG Viewer 3.0
RP985: 2/20/2010 5:02:16 PM - Installed PHP 5.3.1
==== Installed Programs ======================
ABBYY FineReader for ScanSnap (TM) 4.0
Acrobat.com
Active GPX
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.3.1
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ASUS WiFi-AP Solo
AsusUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Problem Report Wizard
Audacity 1.2.6
Autodesk DirectConnect 2.0
Bioshock
BioShock 2
BitTorrent 5.0.7
BOINC
Bonjour
BootLog XP
Canon CanoScan Toolbox 4.9
Canon i950
Canon Utilities Easy-PhotoPrint
CardMinder
CardMinder V4.0
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CDDRV_Installer
Cheat Engine 5.5
Cisco Systems VPN Client 5.0.02.0090
Creative Jukebox Driver
Creative Media Toolbox
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
DiskCheckup V2.1
Diskeeper 2009 Professional
DVD Decrypter (Remove Only)
EAX4 Unified Redist
Eraser 5.8
ExamDiff 1.6m
FLAC Installer 1.1.3b (remove only)
FreeMind
FW LiveUpdate
GameShadow
Garmin Communicator Plugin
Garmin MapSource
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Google Earth
Google Update Helper
Google Updater
Half-Life 2: Episode Two
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Matrix Storage Manager
iPhone Configuration Utility
iTunes
Java DB 10.5.3.0
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 18
Jitbit Macro Recorder
JLIP VideoCapture3.1
JRAID
KhalInstallWrapper
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
LightScribe 1.4.124.1
Logitech Harmony Remote Software 7
Logitech Legacy USB Camera Driver Package
Logitech QuickCam Driver Package
Logitech SetPoint
Logitech Updater
Logitech Webcam Software
Manual CanoScan 9900F
Marvell Miniport Driver
Maya 2008
Maya 2008 Documentation (en_US)
MediaMonkey 3.2
MediaMonkey AAC Plug-in 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliType Pro 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.6)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
NOMAD Explorer
Nord Sample Editor v2.00
Nord Sound Manager v5.02
Nord Wave Manager v1.16
Norton AntiVirus
OGA Notifier 2.0.0048.0
oggcodecs 0.71.0946
Online Backup
OpenOffice.org 3.2
palmOne
palmOne VersaMail(tm)
PC Probe II
PDF Settings
Peggle Deluxe Demo
Peggle Extreme
PhoneTools
PHP 5.3.1
Picasa 3
Portal
PuTTY version 0.60
Python 2.5
Python 2.5 py2exe-0.6.5
QuickBooks Premier: Nonprofit Edition 2007
QuickBooks Product Listing Service
Quicken 2010
QuickPar 0.9
QuickTime
Rack2-Filer
Rack2-Viewer (This application may be deleted by deleting Rack2-Filer)
Rack2 Folder Monitor Software
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Registry Mechanic 5.0
Remote Control USB Driver
Remove Empty Directories 2.1
Revo Uninstaller 1.85
ScanSnap
ScanSnap Manager
ScanSnap Organizer
Secunia PSI
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sentinel System Driver
Skins
Skype™ 4.1
Soldier of Fortune II - Double Helix GOLD
Soldier of Fortune Payback
Sony DVD Architect 4.0
Sony Media Manager 2.2
Sony Vegas 7.0
Sound Blaster X-Fi
Spybot - Search & Destroy
Startup Delayer v2.5 (build 138)
Steam
SuperCollider
SupportSoft Assisted Service
Symantec KB-DocID:2003093015493306
Synology Assistant
Team Fortress 2
Tom Clancy's Splinter Cell Double Agent
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
TrueCrypt
U.S. Robotics ControlCenter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UseNeXT
VC 9.0 Runtime
VC80
Virtual Cable Tester
VLC media player 0.9.8a
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Works Suite OS Pack
wxPython 2.7.2.0 (ansi) for Python 2.5
wxPython Docs and Demos 2.7.2.0
XML Paper Specification Shared Components Pack 1.0
XviD 1.1 final uninstall
ZoneAlarm Pro
==== Event Viewer Messages From Past Week ========
2/21/2010 12:29:52 AM, error: Service Control Manager [7000] - The BS_DEF service failed to start due to the following error: The specified driver is invalid.
2/20/2010 11:59:25 AM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
2/20/2010 1:13:32 AM, error: Service Control Manager [7000] - The F-Secure BlackLight Engine Driver service failed to start due to the following error: A device attached to the system is not functioning.
2/19/2010 11:20:19 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2/19/2010 11:20:19 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2/19/2010 11:20:16 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
2/19/2010 11:20:01 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
2/19/2010 11:19:54 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
2/19/2010 11:19:51 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
2/19/2010 11:19:51 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/16/2010 11:21:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
2/16/2010 11:21:30 AM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/15/2010 11:17:40 AM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the device specified.
2/15/2010 1:19:05 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
==== End Of File ===========================
Hello KPax23,
Please see this forum's FAQ and start a new topic providing a link back to this one.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Best regards.