Unable to run Hijack This
Ok as stated in the title I am unable to run HijackThis on my computer. I'm currently using Windows XP Service Pack 3.
The issues I'm getting are adware popups all the time and I am unable to run any installed anti-virus or anti-spyware programs, various portable apps work, but are unable to actually do anything as they get denied access. I get a message indicating that I do not have sufficient privileges. When I tried to run HijackThis, it opened, but when I tried to get the log it just quit.
Thanks in advance for the help.
here is the Win32diag log
Running from: C:\Documents and Settings\Eric\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Eric\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE90.tmp\ZAPE90.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF6A.tmp\ZAPF6A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF98.tmp\ZAPF98.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\MSSecurityNi\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\MSSecurityNS\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
[1] 2008-04-14 07:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()
disabled my anti-virus program for this one
Running from: C:\Documents and Settings\Eric\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Eric\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE90.tmp\ZAPE90.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF6A.tmp\ZAPF6A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF98.tmp\ZAPF98.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\MSSecurityNi\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\MSSecurityNS\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
[1] 2008-04-14 07:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\95b0eb6de61f9c4758f6dd82521ed694\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2008-04-14 07:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 07:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Finished!
first the log for ComboFix followed by the log for HijackThis
ComboFix 09-11-01.04 - Eric 11/02/2009 23:04.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2732 [GMT -5:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\E00A9AB2.x86.dll
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\logevent.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.
2009-10-30 20:27 . 2009-10-30 20:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2009-10-30 20:17 . 2009-10-30 20:17 -------- d-----w- c:\program files\2K Games
2009-10-30 01:00 . 2009-10-30 01:00 -------- d-----w- c:\program files\Trend Micro
2009-10-30 00:58 . 2009-10-30 00:58 -------- d-----w- c:\program files\ERUNT
2009-10-30 00:39 . 2009-10-30 00:39 -------- d-----w- c:\program files\Uniblue
2009-10-29 20:30 . 2009-10-29 20:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-29 17:29 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-29 16:45 . 2009-10-29 16:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-29 16:40 . 2009-11-03 04:09 -------- d--h--w- c:\windows\PIF
2009-10-29 16:32 . 2009-10-29 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-29 16:15 . 2009-10-29 16:48 -------- d-----w- c:\program files\SpybotSD
2009-10-28 13:19 . 2009-10-29 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-28 13:19 . 2009-10-29 16:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-28 12:40 . 2009-11-03 03:09 0 ----a-r- c:\windows\win32k.sys
2009-10-26 02:02 . 2009-10-26 02:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-24 02:47 . 2009-10-24 02:47 0 ----a-w- c:\windows\nsreg.dat
2009-10-24 02:47 . 2009-10-24 02:47 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Mozilla
2009-10-24 02:45 . 2009-10-24 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-24 01:25 . 2009-10-24 01:25 -------- d-----w- c:\documents and settings\Eric\Application Data\InstallShield Installation Information
2009-10-24 01:15 . 2009-10-24 01:15 -------- d-----w- c:\program files\Unreal Tournament 3
2009-10-24 01:15 . 2009-10-24 01:15 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2009-10-23 22:07 . 2009-10-31 03:17 -------- d-----w- c:\program files\Steam
2009-10-23 21:54 . 2009-10-23 21:54 -------- d-----w- c:\program files\Common Files\Softimage
2009-10-23 21:53 . 2009-08-12 02:29 57344 ------w- c:\windows\system32\XSIChooser.exe
2009-10-23 21:51 . 2009-10-23 21:51 -------- d-----w- C:\Softimage
2009-10-23 21:49 . 2009-10-23 21:49 -------- d-----w- c:\documents and settings\Eric\Application Data\InstallShield
2009-10-23 21:48 . 2009-10-23 21:48 -------- d-----w- c:\documents and settings\Eric\Application Data\Autodesk
2009-10-23 21:48 . 2009-10-23 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Alias
2009-10-23 21:37 . 2009-10-23 21:37 8 ----a-w- c:\windows\system32\nvModes.dat
2009-10-23 21:18 . 2009-10-23 21:19 -------- d-----w- c:\program files\Common Files\Alias Shared
2009-10-23 21:12 . 2009-10-23 21:12 -------- d-----w- c:\program files\Common Files\en-US
2009-10-23 21:12 . 2009-10-23 21:12 -------- d-----w- c:\program files\Common Files\ja-JP
2009-10-23 21:05 . 2009-10-23 21:05 -------- d-sh--w- c:\documents and settings\Eric\PrivacIE
2009-10-23 21:01 . 2009-10-23 21:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-10-23 21:00 . 2009-10-23 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-10-23 20:59 . 2009-10-23 21:47 -------- d-----w- c:\program files\Autodesk
2009-10-23 20:59 . 2008-07-31 14:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-10-23 20:59 . 2008-07-31 14:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-10-23 20:59 . 2008-07-31 14:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-10-23 20:59 . 2008-07-12 12:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-10-23 20:59 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-10-23 20:59 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-10-23 20:46 . 2009-10-23 20:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-23 20:45 . 2009-10-23 20:45 -------- d-sh--w- c:\documents and settings\Eric\IETldCache
2009-10-23 04:21 . 2009-10-23 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-10-23 04:00 . 2008-04-07 09:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-10-23 04:00 . 2008-04-07 09:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-10-23 03:24 . 2009-10-23 03:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-10-23 03:16 . 2009-10-23 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-10-23 03:16 . 2009-10-23 03:16 -------- d-----w- C:\NVIDIA
2009-10-23 01:58 . 2009-10-23 01:58 -------- d-----w- c:\program files\Razer
2009-10-23 01:14 . 2009-10-23 01:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation
2009-10-23 00:31 . 2009-10-23 00:31 -------- d-----w- c:\program files\Adobe Media Player
2009-10-23 00:30 . 2009-10-23 00:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-23 00:14 . 2009-10-23 00:14 -------- d-----w- c:\documents and settings\Eric\Application Data\Leadertech
2009-10-23 00:05 . 2009-10-23 00:05 -------- d-----w- C:\NeverwinterNights
2009-10-22 23:52 . 2009-10-22 23:52 -------- d-----w- c:\windows\system32\js
2009-10-22 23:52 . 2009-10-22 23:52 -------- d-----w- c:\windows\system32\html
2009-10-22 23:38 . 2009-10-22 23:38 -------- d-----w- c:\program files\CE Remote Tools
2009-10-22 23:37 . 2009-10-22 23:37 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-10-22 23:15 . 2009-10-22 23:15 -------- d-----w- c:\program files\Bethesda Softworks
2009-10-22 23:15 . 2009-10-22 23:21 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Oblivion
2009-10-22 23:12 . 2009-10-22 23:12 -------- d-----w- c:\windows\MSSecurityNS
2009-10-22 23:12 . 2009-10-22 23:12 -------- d-----w- c:\windows\MSSecurityNi
2009-10-22 23:12 . 2009-10-22 23:12 -------- d-----w- c:\program files\Nik Software
2009-10-22 23:10 . 2009-10-22 23:10 -------- d-----w- c:\program files\Corel
2009-10-22 23:10 . 2009-10-22 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-10-22 22:55 . 2009-11-03 03:18 -------- d-----w- c:\documents and settings\Eric\Application Data\WTablet
2009-10-22 22:55 . 2009-10-24 13:09 -------- d-----w- c:\documents and settings\Eric\Application Data\WTouch
2009-10-22 22:55 . 2009-07-15 16:13 220968 ------w- c:\windows\system32\Touch_Tablet.dll
2009-10-22 22:55 . 2009-10-22 22:55 -------- d-----w- c:\program files\WTouch
2009-10-22 22:55 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2009-10-22 22:55 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2009-10-22 22:55 . 2009-05-20 19:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2009-10-22 22:55 . 2009-10-22 22:55 -------- d-----w- c:\windows\system32\WTablet
2009-10-22 22:55 . 2009-07-15 16:07 284672 ------w- c:\windows\system32\Wintab32.dll
2009-10-22 22:55 . 2009-07-15 16:13 392488 ------w- c:\windows\system32\Pen_Tablet.dll
2009-10-22 22:55 . 2009-07-15 16:13 4408616 ------w- c:\windows\system32\Pen_Tablet.exe
2009-10-22 22:55 . 2009-10-22 22:55 -------- d-----w- c:\program files\Tablet
2009-10-22 22:45 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-22 22:43 . 2008-04-14 04:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-22 18:48 . 2009-10-22 18:48 -------- d-----w- c:\windows\Performance
2009-10-22 18:48 . 2009-10-22 18:48 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Microsoft Corporation
2009-10-22 18:48 . 2009-10-22 18:48 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-22 18:35 . 2009-10-22 18:35 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\My Games
2009-10-22 18:18 . 2009-10-22 18:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-22 18:15 . 2009-10-22 18:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-22 18:15 . 2009-10-22 18:15 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-22 18:15 . 2009-10-22 18:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-22 18:15 . 2009-10-22 18:15 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-22 18:15 . 2009-10-22 18:15 -------- d-----w- c:\windows\system32\LogFiles
2009-10-22 18:14 . 2009-10-22 18:14 -------- d-sh--w- c:\documents and settings\Eric\UserData
2009-10-22 18:11 . 2009-10-22 18:11 -------- d-----w- c:\program files\Ubisoft
2009-10-22 18:03 . 2009-10-22 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-10-22 18:03 . 2009-10-22 18:03 -------- d-----w- c:\program files\Citrix
2009-10-22 18:03 . 2009-10-22 18:03 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Citrix
2009-10-22 18:02 . 2009-10-22 18:02 61224 ----a-w- c:\documents and settings\Eric\GoToAssistDownloadHelper.exe
2009-10-22 18:02 . 2009-10-22 18:02 -------- d-----w- c:\windows\Sun
2009-10-22 17:44 . 2009-10-22 17:44 -------- d-----w- c:\documents and settings\Eric\Application Data\Windows Search
2009-10-22 17:39 . 2009-10-22 17:39 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\SupportSoft
2009-10-22 17:24 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2009-10-21 13:15 . 2009-09-27 20:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-21 13:15 . 2009-09-24 13:24 490088 ----a-w- c:\windows\system32\nvuninst.exe
2009-10-21 13:15 . 2008-01-15 03:20 3636 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-10-21 13:15 . 2008-01-15 03:20 356352 ----a-w- c:\windows\system32\nvunrm.exe
2009-10-21 13:15 . 2008-10-03 11:12 53504 ----a-w- c:\windows\system32\drivers\1394bus.sys
2009-10-21 13:15 . 2008-04-14 12:16 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-10-21 13:15 . 2001-08-18 01:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-10-21 13:15 . 2008-04-14 12:15 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-10-21 09:11 . 2004-09-15 12:28 480768 ----a-w- c:\windows\system32\Audiodev.dll
2009-10-21 09:11 . 2004-09-15 12:28 175104 ----a-w- c:\windows\system32\wmpsrcwp.dll
2009-10-21 09:11 . 2004-09-15 12:28 1589760 ----a-w- c:\windows\system32\wmpencen.dll
2009-10-21 09:09 . 2009-10-22 21:32 -------- d-----w- C:\DELL
2009-10-21 06:44 . 2009-09-16 14:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-21 06:44 . 2009-04-09 18:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-21 06:44 . 2009-10-23 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-21 06:44 . 2009-09-16 14:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-21 06:44 . 2009-09-16 14:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-21 06:44 . 2009-09-16 14:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-21 06:44 . 2009-09-16 14:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-21 06:44 . 2009-06-23 17:57 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-21 06:44 . 2009-06-30 06:27 -------- d-----w- c:\program files\McAfee.com
2009-10-21 06:43 . 2009-11-03 03:15 -------- d-----w- c:\program files\McAfee
2009-10-21 06:43 . 2009-10-21 06:43 -------- d-----w- c:\program files\Dell
2009-10-21 06:43 . 2009-10-21 06:43 -------- d-----w- c:\program files\Microsoft Plus! Photo Story 2 LE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 22:04 . 2009-10-30 22:04 1758 ----a-w- c:\documents and settings\Eric\Application Data\Profile0.dat
2009-10-30 20:16 . 2009-10-30 20:16 -------- d-----w- c:\program files\DIFX
2009-10-23 20:45 . 2009-10-22 17:27 44736 ----a-w- c:\documents and settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 03:16 . 2009-10-21 06:27 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-23 00:09 . 2009-10-21 06:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 00:04 . 2009-10-21 06:27 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-22 23:52 . 2009-10-22 23:52 -------- d-----w- c:\program files\Business Objects
2009-10-22 23:52 . 2009-10-22 23:38 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-22 23:51 . 2009-10-22 23:47 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-22 23:49 . 2009-10-22 23:49 -------- d-----w- c:\program files\MSXML 6.0
2009-10-22 23:47 . 2009-10-22 23:47 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-10-22 23:47 . 2009-10-22 23:46 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-10-22 23:46 . 2009-10-22 23:46 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-10-22 23:43 . 2009-10-22 23:38 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-10-22 23:43 . 2009-10-22 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-10-22 23:40 . 2009-10-22 23:38 -------- d-----w- c:\program files\HTML Help Workshop
2009-10-22 23:40 . 2008-04-25 21:42 -------- d-----w- c:\program files\MSBuild
2009-10-22 23:38 . 2009-10-22 23:38 -------- d-----w- c:\program files\Microsoft SDKs
2009-10-22 18:15 . 2009-10-22 18:15 22328 ----a-w- c:\documents and settings\Eric\Application Data\PnkBstrK.sys
2009-10-22 17:38 . 2009-10-21 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-10-21 09:10 . 2009-10-21 09:10 6492 ----a-w- c:\windows\system32\drivers\1028_Dell_XPS_XPS_630I.mrk
2009-10-21 06:35 . 2009-10-22 17:27 -------- d-----w- c:\documents and settings\Eric\Application Data\Roxio Log Files
2009-10-21 06:35 . 2009-10-22 17:27 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Roxio Log Files
2009-10-21 06:29 . 2009-10-21 06:27 -------- d-----w- c:\program files\Creative
2009-10-21 06:28 . 2009-10-21 06:28 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-21 06:28 . 2009-10-21 06:28 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-21 06:27 . 2009-10-21 06:27 -------- d-----w- c:\program files\Alienware
2009-10-21 06:24 . 2009-10-21 06:24 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-21 06:24 . 2009-10-22 17:27 -------- d-----w- c:\documents and settings\Eric\Application Data\Windows Desktop Search
2009-10-21 06:24 . 2009-10-22 17:27 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Desktop Search
2009-10-21 06:24 . 2009-10-21 06:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-10-21 06:21 . 2009-10-21 06:21 -------- d-----w- c:\program files\MSXML 4.0
2009-09-27 22:20 . 2009-09-27 22:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 22:20 . 2009-09-27 22:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 22:19 . 2009-09-27 22:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 22:19 . 2009-09-27 22:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 22:19 . 2009-09-27 22:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 22:19 . 2009-09-27 22:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 22:19 . 2009-09-27 22:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 22:19 . 2009-09-27 22:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 22:19 . 2009-09-27 22:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 22:19 . 2009-09-27 22:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 22:19 . 2009-09-27 22:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 22:19 . 2009-09-27 22:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 22:19 . 2009-09-27 22:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 20:12 . 2009-10-21 09:10 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 20:12 . 2009-10-21 09:10 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 20:12 . 2009-10-21 09:10 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 20:12 . 2009-10-21 09:10 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 20:12 . 2009-10-21 09:10 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 20:12 . 2009-10-21 09:10 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 20:12 . 2009-10-21 09:10 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 20:12 . 2009-10-21 09:10 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 20:12 . 2009-10-21 09:10 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 20:12 . 2009-10-21 09:10 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2008-04-25 16:16 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-04-25 16:16 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 17:36 . 2009-08-14 17:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-06 23:24 . 2008-04-25 21:27 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-04-25 21:27 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-10-16 19:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-04-25 21:27 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2008-04-25 21:27 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2008-04-25 16:16 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-04-25 21:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-04-25 21:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-25 16:16 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-05-15 01:02 . 2009-05-15 01:02 3392872 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 01:02 . 2009-05-15 01:02 3298152 ----a-w- c:\program files\Common Files\adlmint.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-05-30 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 203296]
"AlienFX Controller"="c:\program files\Alienware\AlienFX\AlienwareAlienFXController.exe" [2009-02-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2009-07-27 24064]
c:\documents and settings\Eric\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-6-5 708608]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-10-22 18:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Eric^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
path=c:\documents and settings\Eric\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
backup=c:\windows\pss\Neverwinter Nights Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"SessionLauncher"=2 (0x2)
"SeaPort"=2 (0x2)
"idsvc"=3 (0x3)
"GoToAssist"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [10/22/2009 5:55 PM 4408616]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [10/22/2009 5:55 PM 112936]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/21/2009 4:10 AM 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/21/2009 4:10 AM 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/21/2009 4:10 AM 73752]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [10/21/2009 4:10 AM 1232920]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 4:36 PM 86016]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [6/10/2009 10:59 AM 166384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/21/2009 1:27 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/21/2009 4:10 AM 198168]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/21/2009 4:10 AM 1353240]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/21/2009 4:10 AM 73752]
S3 PCDSRVC{A762A74B-20E584C3-06000000}_0;PCDSRVC{A762A74B-20E584C3-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\HWDiag\bin\pcdsrvc.pkms [4/27/2009 6:16 PM 20856]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/10/2009 10:58 AM 1124848]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [6/10/2009 10:59 AM 309744]
S4 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\41xieux7.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 23:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{A762A74B-20E584C3-06000000}_0]
"ImagePath"="\??\c:\program files\dell support center\hwdiag\bin\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(2492)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alienware\AlienFX\AlienFXHook32Mngr.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-03 23:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-03 04:16
Pre-Run: 396,938,461,184 bytes free
Post-Run: 397,323,915,264 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 641B78F7BD59C486FD84FD8D173A14DB
********************************************************
One thing to note about the HijackThis log, and I don't know if this will effect anything, but I hat to install it to a different location then the default, as it was still being blocked.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:48 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alienware\AlienFX\AlienFXHook32Mngr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\TM\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AlienFX Controller] "C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s.../SysProExe.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
--
End of file - 11464 bytes