Shutdown during Virus Scan(RESOLVED)
-
Shutdown during Virus Scan(RESOLVED)
I can't finish a virus scan (with any virus scanner) without my computer completely turning off (like if some ghost pulled the plug). I'm also not able to get updates for Windows Defender, I get an error code of: 0x8024402F. The random shutdowns is really ticking me off. I'm desperate, please help. Below is my HijackThis logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:28 AM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\hjtt.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll (file missing)
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Æǵµ¶óTV¹Ì´Ï] C:\Program Files\PandoraTVMini\MiniUpdate.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
--
End of file - 10457 bytes
-
Welcome,
Try running your virus scan from safe mode:
Now reboot into safe mode( without networking support) by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter and try the virus scan.
Try this also:
Please download and install SUPERAntiSpyware Trial Pro Edition http://www.superantispyware.com/superantispyware.html
* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the SUPERAntiSpyware log in your next reply.
Run it from safe mode if possible.
You can also try to rename it like something like this kittykat.exe then try a scan.
How to rename:
Right click superantispyware, select rename, rename it, press enter
Also:
Please download Deckard's System Scanner (DSS) to your desktop.- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, a text file will open - Main.txt
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
- An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
- Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
What DSS will do:- Create a new System Restore point in Windows XP and Vista.
- Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
- Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.
Post Logs:- DSS Scan Results: contents of 1) Main.txt and 2) Extra.txt
-
I forgot to mention that It still shuts down in safe mode as well. I did try SuperAntiSpyware in Safe Mode and it did shuts dow. Any more angles?
-Thanks!
-
Did you try Deckards system scanner?
did you rename things and try after renameing?
-
I haven't tried renaming SuperAntiSpyware yet. I will do that when I get back in a couple hours. But here are the txt file reports from DSS:
REPORT #1
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-02-11 17:46:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
21: 2008-02-12 01:46:27 UTC - RP1040 - Deckard's System Scanner Restore Point
20: 2008-02-11 23:26:44 UTC - RP1039 - Installed SUPERAntiSpyware Professional
19: 2008-02-09 00:49:55 UTC - RP1038 - System Checkpoint
18: 2008-02-08 00:45:40 UTC - RP1037 - System Checkpoint
17: 2008-02-01 23:52:52 UTC - RP1036 - System Checkpoint
-- First Restore Point --
1: 2007-12-13 03:41:46 UTC - RP1020 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:19 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\Administrator.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll (file missing)
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Æǵµ¶óTV¹Ì´Ï] C:\Program Files\PandoraTVMini\MiniUpdate.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
--
End of file - 10539 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 CloneCD (CloneCD I/O Driver) - c:\windows\system32\drivers\clonecd.sys <Not Verified; Elaborate Bytes; CloneCD>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 atimtag - c:\windows\system32\drivers\atimtag.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS IMAGING CORP.; VVRUSB Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 EpsonBidirectionalService - c:\program files\common files\epson\ebapi\eebsvc.exe
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 ScReadSpool (SolidPDFConverterReadSpool) - c:\program files\soliddocuments\solidconverterpdf\scpdf\solid pdfservice.exe <Not Verified; VoyagerSoft, LLC; Solid Converter PDF>
R2 wfxsvc (WinFax PRO) - c:\windows\system32\wfxsvc.exe <Not Verified; Symantec Corporation; Symantec WinFax PRO>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description:
Device ID: DISPLAY\NTATIVPD35\5&3421329D&0&8000000C&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVPD35\5&3421329D&0&8000000C&01&00
Service:
Class GUID:
Description:
Device ID: DISPLAY\NTATIVMD35\5&3421329D&0&80000007&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVMD35\5&3421329D&0&80000007&01&00
Service:
Class GUID:
Description:
Device ID: DISPLAY\NTATIVXS35\5&3421329D&0&80000005&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVXS35\5&3421329D&0&80000005&01&00
Service:
Class GUID:
Description:
Device ID: DISPLAY\NTATIVRA35\5&3421329D&0&80000009&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVRA35\5&3421329D&0&80000009&01&00
Service:
Class GUID:
Description:
Device ID: DISPLAY\NTATIVRV35\5&3421329D&0&80000008&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVRV35\5&3421329D&0&80000008&01&00
Service:
Class GUID:
Description:
Device ID: DISPLAY\NTATIVTU35\5&3421329D&0&80000003&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVTU35\5&3421329D&0&80000003&01&00
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_80A61043&REV_02\3&267 A616A&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_80A61043&REV_02\3&267 A616A&0&EF
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-02-11 17:18:54 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2008-01-11 and 2008-02-11 -----------------------------
2008-02-11 15:30:16 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-11 15:26:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-11 15:26:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-11 04:48:10 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-02-10 02:11:49 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 02:11:49 6456 --a------ C:\WINDOWS\unins000.dat
-- Find3M Report ---------------------------------------------------------------
2008-02-11 17:50:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-02-11 17:42:12 0 d-------- C:\Program Files\GetRight
2008-02-11 17:19:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-02-11 15
00 0 d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-02-11 15:26:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-11 01:25:17 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-10 03:01:15 512 --a------ C:\ScanSectorLog.dat
2008-02-08 1908 0 d-------- C:\Documents and Settings\Administrator\Application Data\SolidDocuments
2008-01-23 17:36:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-01-20 03:43:15 0 d-------- C:\Program Files\Winamp
2007-12-30 18:52:10 0 d-------- C:\Program Files\Bonjour
2007-12-30 18:52:04 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-30 18:29:33 0 d-------- C:\Program Files\Common Files
2007-12-30 18:29:33 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-13 02:52:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Arcsoft
2007-11-22 0256 62344 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [06/06/2005 01:40 AM C:\WINDOWS\sm56hlpr.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [05/29/2003 03:28 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/30/2003 08:42 AM]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 03:24 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
"NWEReboot"="" []
"Ptipbmf"="ptipbmf.dll" [06/19/2003 11:06 PM C:\WINDOWS\system32\ptipbmf.dll]
"WinFaxAppPortStarter"="wfxsnt40.exe" [02/14/2000 04:36 PM C:\WINDOWS\system32\WFXSNT40.EXE]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [05/15/2003 07:36 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 03:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/18/2006 11:55 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/08/2007 11:02 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [11/16/2006 07:04 PM]
"Second Copy"="C:\Program Files\SecCopy\SecCopy.exe" [01/09/2006 12:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [04/29/2006 09:22 AM]
"Æǵµ¶óTV¹Ì´Ï"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [11/12/2007 03:48 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [3/17/2003 5:50:26 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [10/31/2006 4:24:24 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/7/2006 4:43:05 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [12/19/2006 2:29:07 AM]
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [7/12/2007 12:23:00 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [10/15/2004 2:26:54 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [07/27/1998 03:54 AM 38400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rewardnet
-- Hosts -----------------------------------------------------------------------
127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 dev.bde.com.au
118 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-02-11 17:53:16 ------------
REPORT#2
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 2046.73 MiB / 1222.27 MiB
Pagefile Memory (total/avail): 3942.81 MiB / 3270.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.84 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 465.76 GiB total, 290 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
H: is Fixed (NTFS) - 372.61 GiB total, 200.85 GiB free.
I: is Fixed (NTFS) - 372.61 GiB total, 87.3 GiB free.
\\.\PHYSICALDRIVE0 - Maxtor 6H500F0 - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:
\\.\PHYSICALDRIVE1 - ST340083 2A SCSI Disk Device - 372.61 GiB - 1 partition
\PARTITION0 - Installable File System - 372.61 GiB - H:
\\.\PHYSICALDRIVE2 - ST340083 2A SCSI Disk Device - 372.61 GiB - 1 partition
\PARTITION0 - Installable File System - 372.61 GiB - I:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
AntivirusOverride is set.
FW: ZoneAlarm Security Suite Firewall v7.0.337.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.337.000 (Check Point, LTD.)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\ WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:T rueVector Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"="C:\\WINDOWS \\system32\\pdrtvsvr.exe:*:Enabled:PandoraTV VoD Control"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ODDGOD1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\ODDGOD1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Disc Creator;C:\Program Files\Common Files\Roxio Shared\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ODDGOD1
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb91 9b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Flash Player --> C:\WINDOWS\iun6002.exe "C:\Program Files\Mohsoft\Advanced Flash Player\irunin.ini"
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\Setup.exe" -l0x9 -uninst
ASUS Probe V2.23.03 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class
ISPLAY -clean
CloneCD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Elaborate Bytes\CloneCD\Uninst.isu"
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Creative DVD Audio Plugin for Audigy Series --> "C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
DiscWizard for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 3.0.1.8 Beta --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
Ease Audio Converter 3.70 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
eIMAGE Recovery --> C:\PROGRA~1\EIMAGE~1\UNWISE.EXE C:\PROGRA~1\EIMAGE~1\INSTALL.LOG
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}\setup.exe" -l0x9 MyUninstall
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDAT E.EXE /r
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL
EPSON User's Guide --> C:\Program Files\epson\guide\uninstall.exe
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Free Download Manager 2.0 - FreewareFiles.com Edition --> "C:\Program Files\Free Download Manager\unins000.exe"
GetRight --> C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spunins t.exe"
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterVideo Disc Master 2 --> "C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
InterVideo DVDCopy 2 for AsusTek --> "C:\Program Files\InstallShield Installation Information\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}\setup.exe" --u:{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}
InterVideo WinDVD 5 --> "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
IsoBuster 1.8 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\I Driver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveAdvisor (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveAdvisor\VcSetup.exe /REMOVE
LiveUpdate --> C:\Program Files\Symantec\LiveUpdate\Uninst.exe -u
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Maia Mechanics Imaging --> MsiExec.exe /X{DFD1A6C5-A5B6-43B6-9D25-F51D2CA22A57}
MailFrontier Desktop --> C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\INSTMLF.LOG
MaxBlast 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst .exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Motorola SM56 Speakerphone Modem --> C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
Palm Desktop --> MsiExec.exe /X{72765AF7-BEA5-4C62-9EC9-A9E386305D04}
Panasonic Office Add-in --> MsiExec.exe /I{C97AEFB5-E52F-49C8-AB51-D5F335AF8B7C}
Paragon Partition Manager 7.0 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F06F0CE-C2B7-428C-BF70-8C55EEDF81BC}\Setup.exe" -l0x9
Partition Commander --> C:\SC\CONSOLE.EXE PCUNINSTALL
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Post-it® Software Notes Lite --> "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\I Driver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealSpeak_Solo_Common_for_Panasonic --> MsiExec.exe /I{C52BEBC0-4A0C-42FB-B7EC-FAD0A14DD64E}
RealSpeak_Solo_English_for_Panasonic --> MsiExec.exe /I{DA12E3FF-60E1-43E0-8E64-C43890A596AE}
RecordPad Sound Recorder --> C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Riva FLV Player --> "C:\Program Files\Riva\Riva FLV Player\unins000.exe"
Roxio Easy DVD Copy --> MsiExec.exe /I{C46B4678-0F42-4791-9D19-BE01BB3DD358}
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUnin stall.exe
Samsung Contacts Copier --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FECB001A-62F8-4E84-8FD0-4B963D039A63}\setup.exe" -l0x9 -removeonly
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Unins tall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Unin stall.exe
SAPI5_Common --> MsiExec.exe /I{50B631C6-6E91-4D7B-A4E0-81E7FA8D5B3D}
SAPI5_English --> MsiExec.exe /I{4922C9E7-CD91-496A-A73B-0FDF9D54B44F}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Second Copy (7.0) --> C:\PROGRA~1\SecCopy\UNWISE.EXE C:\PROGRA~1\SecCopy\INSTALL.LOG
Sencesa Flash Player --> C:\PROGRA~1\SENCES~1\UNWISE.EXE C:\PROGRA~1\SENCES~1\INSTALL.LOG
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slide --> C:\WINDOWS\unvise32.exe C:\Program Files\Slide\uninstall.log
SolidConverterPDF --> MsiExec.exe /I{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}
Sony Sound Forge 8.0a --> MsiExec.exe /X{5985D056-633E-4914-A411-8B273F2BE84B}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec WinFax PRO 10.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Symantec\WinFax\WFXUNIST.ISU" -c"C:\Program Files\Symantec\WinFax\UNINSTUB.DLL"
Ulead DVD MovieFactory 3 Disc Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}\setup.exe" -l0x9
Voice Editing --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44CE6902-84EA-11D6-887E-00609721D519}\setup.exe"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spunins t.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spunins t.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type3565 / Warning
Event Submitted/Written: 02/11/2008 05:43:32 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete' failed during request for component '{AFF22926-A739-4E3B-A969-57E406191443}'
Event Record #/Type3564 / Warning
Event Submitted/Written: 02/11/2008 05:43:32 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete', component '{B2B6EDF3-22B8-47B3-8358-4D1976F0949D}' failed. The resource 'C:\Program Files\SUPERAntiSpyware\Quarantine\' does not exist.
Event Record #/Type3557 / Warning
Event Submitted/Written: 02/11/2008 03:34:49 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type3552 / Warning
Event Submitted/Written: 02/11/2008 09:11:16 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type3550 / Error
Event Submitted/Written: 02/11/2008 08:58:27 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 8024402f, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type52246 / Warning
Event Submitted/Written: 02/11/2008 05:51:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ODDGOD127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ODDGOD127 can't undo changes that you allow.
For more information please see the following:
%ODDGOD1275
Scan ID: {A6D138E4-FA8E-4F5B-9C32-9F3FC365F94B}
User: ODDGOD1\Administrator
Name: %ODDGOD1271
ID: %ODDGOD1272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ODDGOD1276
Alert Type: %ODDGOD1278
Detection Type: 1.1.1593.02
Event Record #/Type52245 / Warning
Event Submitted/Written: 02/11/2008 05:51:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ODDGOD127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ODDGOD127 can't undo changes that you allow.
For more information please see the following:
%ODDGOD1275
Scan ID: {9656573B-ED69-4F38-8871-2422D21BEECA}
User: ODDGOD1\Administrator
Name: %ODDGOD1271
ID: %ODDGOD1272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ODDGOD1276
Alert Type: %ODDGOD1278
Detection Type: 1.1.1593.02
Event Record #/Type52244 / Warning
Event Submitted/Written: 02/11/2008 05:51:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ODDGOD127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ODDGOD127 can't undo changes that you allow.
For more information please see the following:
%ODDGOD1275
Scan ID: {9BE63E5C-7B89-404E-86C5-F90DCA6BED74}
User: ODDGOD1\Administrator
Name: %ODDGOD1271
ID: %ODDGOD1272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ODDGOD1276
Alert Type: %ODDGOD1278
Detection Type: 1.1.1593.02
Event Record #/Type52243 / Warning
Event Submitted/Written: 02/11/2008 05:51:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ODDGOD127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ODDGOD127 can't undo changes that you allow.
For more information please see the following:
%ODDGOD1275
Scan ID: {A405684F-FE1F-49CB-A5D7-E8A802B647E0}
User: ODDGOD1\Administrator
Name: %ODDGOD1271
ID: %ODDGOD1272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ODDGOD1276
Alert Type: %ODDGOD1278
Detection Type: 1.1.1593.02
Event Record #/Type52242 / Warning
Event Submitted/Written: 02/11/2008 05:51:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ODDGOD127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ODDGOD127 can't undo changes that you allow.
For more information please see the following:
%ODDGOD1275
Scan ID: {6DF80D7B-6F6B-4424-B948-CF293F50C421}
User: ODDGOD1\Administrator
Name: %ODDGOD1271
ID: %ODDGOD1272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ODDGOD1276
Alert Type: %ODDGOD1278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-02-11 17:53:16 ------------
-
I'LL BE BACK IN A FEW HOURS. HERE IS THE HIJACKTHIS LOGFILE DSS CREATED:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:19 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\Administrator.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll (file missing)
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Æǵµ¶óTV¹Ì´Ï] C:\Program Files\PandoraTVMini\MiniUpdate.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
--
End of file - 10539 bytes
-
Also I need this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
-
HERE IT IS:
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager 2.0 (Remove Only)
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.8
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Flash Player
ArcSoft PhotoImpression
ASUS Probe V2.23.03
ATI Display Driver
CloneCD
Core FTP LE 1.3c
Creative DVD Audio Plugin for Audigy Series
dBpowerAMP Music Converter
DiscWizard for Windows
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
DVDFab Decrypter 3.0.1.8 Beta
Ease Audio Converter 3.70
eIMAGE Recovery
EPSON Copy Utility
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
EPSON User's Guide
Express Burn
Express Rip
FLV Player 1.3.3
Free Download Manager 2.0 - FreewareFiles.com Edition
GetRight
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
HyperCam 2
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterVideo Disc Master 2
InterVideo DVDCopy 2 for AsusTek
InterVideo WinDVD 5
InterVideo WinDVD Creator 2
IsoBuster 1.8
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
LiveAdvisor (Symantec Corporation)
LiveUpdate
Macromedia Shockwave Player
Maia Mechanics Imaging
MailFrontier Desktop
MaxBlast 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola SM56 Speakerphone Modem
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Ultra Edition
Olympus Digital Wave Player
Palm Desktop
Panasonic Office Add-in
Paragon Partition Manager 7.0 Demo
Partition Commander
PC Inspector File Recovery
PDF Settings
Post-it® Software Notes Lite
PowerDVD
QuickTime
RealPlayer
RealSpeak_Solo_Common_for_Panasonic
RealSpeak_Solo_English_for_Panasonic
RecordPad Sound Recorder
Riva FLV Encoder 2.0
Riva FLV Player
Roxio Easy DVD Copy
SAMSUNG CDMA Modem Driver Set
Samsung Contacts Copier
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
SAPI5_Common
SAPI5_English
ScanToWeb
Second Copy (7.0)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Sencesa Flash Player
Skype™ 3.6
Slide
SolidConverterPDF
Sony Sound Forge 8.0a
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPERAntiSpyware Professional
Switch
Symantec WinFax PRO 10.0
Ulead DVD MovieFactory 3 Disc Creator
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Voice Editing
WavePad Uninstall
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
ZoneAlarm Security Suite
-
I Also Tried Renaming The Exe File Of Superantivirus And Did The Scan In Safe Mode With No Networking. Same Result, Pc Turns Off.
-
The tool below is a very specialized tool, that has already been renamed. If this does not work then maybe you should be looking in the direction of a reformat. This is acting like the Bagle worm, which prevents scanners from working, just like on your PC.
Follow directions precisely and be sure to turn off ALL malware scanners before running combo-fix, that includes anti-virus, spyware scanners etc. or it can cause problems, just don't be connected to internet while doing this. Pull the plug, wire whatever you have to do.
If you have previously downloaded ComboFix,please delete that version now.
Now download http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe and save to your desktop:
Note:
It is IMPORTANT that it is saved directly to your desktop
Close any open browsers.
Disconnect from the Internet.
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Disable your antivirus program and any realtime malware scanners now
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Re-enable your anti-virus and re-connect back to the internet and post the combofix log.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
