CiD popups (trent)

Welcome Guest ( Login | Register )

Recent Posts

Home » Windows & System Security » HiJack This Logs » CiD popups (trent)

11 posts, Page 1 of 2

1 2 »»

CiD popups (trent)

Rate Topic

Display Mode

Topic Options

Author

Message

Paintballfreak71

Posted 3/26/2008 6:25 PM

New Member

Group: Forum Members
Last Login: 3/27/2008 7:51 PM
Posts: 8, Visits: 14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:46 PM, on 3/26/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\OEM07Mon.exe
C:\Windows\System32\MediaButtons.exe
C:\Program Files\DELL\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\DELLOSD.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OEM07Mon.exe] C:\Windows\OEM07Mon.exe
O4 - HKLM\..\Run: [MediaButtons] C:\Windows\System32\MediaButtons.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Coal 32] "C:\ProgramData\dartregsregs.t2em0md"
O4 - HKCU\..\Run: [Grey pop cake audio] "C:\ProgramData\EQ STUPID SLOW.0hj1j"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Trent\AppData\Local\Temp\byvut.dll,#1
O4 - HKCU\..\Run: [Host Process] C:\Users\Trent\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1584324784-2898364789-997048515-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1584324784-2898364789-997048515-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Mcx1')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13955 bytes

Post #236826

Paintballfreak71

Posted 3/26/2008 6:27 PM

New Member

Group: Forum Members
Last Login: 3/27/2008 7:51 PM
Posts: 8, Visits: 14

that is my log, please tell me how to fix the problem

Post #236828

RichieUK

Posted 3/26/2008 6:36 PM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,425, Visits: 54,734

Please disable UAC [User Account Control].
1. Click Start and then click the picture at the top of the right column on the Start menu,this opens the User Accounts Control Panel.
2. Click Turn User Account Control on or off,you will have to respond to a UAC prompt to complete this action.
3. Clear the Use User Account Control (UAC) to help protect your computer check box and click OK.
4. Click Restart Now when prompted,after your computer restarts,UAC will be off.
You can repeat these steps to re-enable UAC,just click to select the check box in Step 3 when we've finished.

Download Deljob.exe and save it on your desktop.
Double click on Deljob.exe.
A log,(logit.txt) should open afterwards.
This log will be present on your desktop.
Post the contents of the logfile into your next reply.

Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program/system to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

_______________________________________________________________

ASAP & UNITE member since 2006

Post #236829

Paintballfreak71

Posted 3/26/2008 7:16 PM

New Member

Group: Forum Members
Last Login: 3/27/2008 7:51 PM
Posts: 8, Visits: 14

--------------------------------------------------------
No LOP job-files found
--------------------------------------------------------
Files in Windows Tasks folder

Norton Internet Security - Run Full System Scan - Trent.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C is OS
Volume Serial Number is CCB8-7A85

Directory of C:\ProgramData

03/14/2008 07:00 PM    <DIR>          2ACA5C~1     2ACA5CC3-0F83-453D-A079-1076FE1A8B65
12/03/2007 07:11 PM    <DIR>                       Adobe
12/25/2007 02:11 PM    <DIR>                       AOL
12/25/2007 02:14 PM    <DIR>          AOLOCP~1     AOL OCP
12/27/2007 05:39 PM    <DIR>                       Apple
12/27/2007 06:58 PM    <DIR>          APPLEC~1     Apple Computer
12/25/2007 12:21 PM    <DIR>                       ATI
03/23/2008 04:26 PM            24,592 DARTRE~1.F3S dartregsregs.f3sgf
03/23/2008 04:26 PM           245,776 DARTRE~1.T2E dartregsregs.t2em0md
03/23/2008 04:27 PM           188,432 EQSTUP~1.0HJ EQ STUPID SLOW.0hj1j
03/23/2008 04:27 PM    <DIR>          FLAWBI~1     Flaw bits
12/03/2007 07:09 PM    <DIR>                       Google
03/26/2008 05:16 PM    <DIR>                       Grisoft
12/03/2007 07:08 PM    <DIR>                       Gtek
12/03/2007 06:58 PM    <DIR>          INSTAL~1     InstallShield
12/03/2007 07:08 PM    <DIR>                       Intel
12/03/2007 06:56 PM    <DIR>                       Logitech
03/13/2008 02:58 PM    <DIR>          MICROS~2     Microsoft Help
03/23/2008 04:27 PM    <DIR>          PARTHI~1     Part Hide Grey Pop
12/03/2007 07:47 PM    <DIR>                       Roxio
03/14/2008 07:13 PM    <DIR>                       SeekmoSA
12/03/2007 07:00 PM    <DIR>          SINGLE~1     SingleClick Systems
12/03/2007 06:58 PM    <DIR>                       Sonic
12/03/2007 07:07 PM    <DIR>          SUPPOR~1     SupportSoft
03/24/2008 06:59 PM    <DIR>                       Symantec
12/26/2007 06:20 PM    <DIR>                       TEMP
12/25/2007 02:11 PM    <DIR>          VIEWPO~1     Viewpoint
12/03/2007 07:07 PM    <DIR>                       YAHOO
               3 File(s)        458,800 bytes
              25 Dir(s) 216,735,891,456 bytes free
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
All Users
Mcx1
Public
Trent
--------------------------------------------------------

this is deljob log, will get the other up in a minute

Post #236833

RichieUK

Posted 3/26/2008 7:35 PM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,425, Visits: 54,734

Post the entire contents of C:\ComboFix.txt into your next reply when you're ready please.

_______________________________________________________________

ASAP & UNITE member since 2006

Post #236835

Paintballfreak71

Posted 3/26/2008 7:42 PM

New Member

Group: Forum Members
Last Login: 3/27/2008 7:51 PM
Posts: 8, Visits: 14

ComboFix 08-03-25.4 - Trent 2008-03-26 20:18:47.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1097 [GMT -4:00]
Running from: C:\Users\Trent\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Video Add-on
C:\ProgramData\SeekmoSA
C:\ProgramData\SeekmoSA\SeekmoSA.dat
C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat
C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht
C:\ProgramData\SeekmoSA\SeekmoSAau.dat
C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht
C:\Users\Trent\AppData\Roaming\Seekmo
C:\Users\Trent\AppData\Roaming\urlredir.cfg
C:\Windows\system32\qomno.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-26 17:16 . 2008-03-26 17:16 <DIR> d-------- C:\Users\Trent\AppData\Roaming\Grisoft
2008-03-26 17:16 . 2008-03-26 17:16 <DIR> d-------- C:\Users\All Users\Grisoft
2008-03-26 17:16 . 2008-03-26 17:16 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-26 17:16 . 2007-05-30 08:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-26 16:53 . 2008-03-26 16:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-25 08:15 . 2008-03-25 08:27 <DIR> d--hs---- C:\Users\Trent\!
2008-03-25 08:15 . 2008-03-25 08:15 3,545,428 --------- C:\Users\Trent\x1.dat
2008-03-25 08:14 . 2008-03-25 08:14 61,952 --a------ C:\Users\Trent\winlogon.exe
2008-03-24 21:33 . 2008-03-24 21:33 <DIR> d-------- C:\Program Files\Xvid
2008-03-24 21:33 . 2007-06-28 18:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-03-24 21:33 . 2007-06-28 18:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-03-24 21:33 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-03-23 16:27 . 2008-03-23 16:27 <DIR> d-------- C:\Users\All Users\Part Hide Grey Pop
2008-03-23 16:27 . 2008-03-23 16:27 <DIR> d-------- C:\ProgramData\Part Hide Grey Pop
2008-03-23 16:26 . 2008-03-23 16:27 <DIR> d-------- C:\Users\All Users\Flaw bits
2008-03-23 16:26 . 2008-03-23 16:27 <DIR> d-------- C:\ProgramData\Flaw bits
2008-03-14 19:16 . 2008-03-14 19:16 <DIR> d-------- C:\Windows\Sun
2008-03-14 19:16 . 2008-03-14 19:16 <DIR> d-------- C:\Windows\.jagex_cache_32
2008-03-14 19:00 . 2008-03-14 19:00 <DIR> d-------- C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-03-14 19:00 . 2008-03-14 19:00 <DIR> d-------- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-03-12 14:59 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 14:59 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
2008-03-04 06:53 . 2008-03-26 20:24 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-04 06:53 . 2008-03-04 06:53 1,409 --a------ C:\Windows\QTFont.for
2008-03-04 06:52 . 2008-03-04 06:52 <DIR> d-------- C:\Program Files\iTunes
2008-03-04 06:52 . 2008-03-04 06:52 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 22:59 --------- d-----w C:\ProgramData\Symantec
2008-03-14 00:04 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 18:58 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 03:17 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-11 03:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 20:46 --------- d-----w C:\Program Files\Java
2008-03-07 01:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-02-16 02:09 --------- d-----w C:\Program Files\DELL
2008-02-13 22:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 22:07 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 22:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 22:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 22:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 22:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 22:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 22:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 22:03 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 22:03 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 22:03 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 22:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 22:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 22:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 22:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 22:00 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 22:00 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 22:00 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 22:00 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 20:35 --------- d-----w C:\Program Files\QuickTime
2008-02-12 20:08 --------- d-----w C:\Users\Trent\AppData\Roaming\MySpace
2008-01-11 01:19 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-25 17:27 174 --sha-w C:\Program Files\desktop.ini
2007-12-03 22:56 76 --sh--r C:\Windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 14:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-07-11 10:15 198704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [ ]
"Coal 32"="C:\ProgramData\dartregsregs.t2em0md" [2008-03-23 16:26 245776]
"Grey pop cake audio"="C:\ProgramData\EQ STUPID SLOW.0hj1j" [2008-03-23 16:27 188432]
"Host Process"="C:\Users\Trent\svchost.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 18:23 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 02:03 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-13 06:18 4702208 C:\Windows\RtHDVCpl.exe]
"OEM07Mon.exe"="C:\Windows\OEM07Mon.exe" [2007-09-11 08:18 36864]
"MediaButtons"="C:\Windows\System32\MediaButtons.exe" [2007-09-20 21:14 2433024]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 14:35 90112]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 18:43 118784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 17:32 56080 C:\Windows\KHALMNPR.Exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-21 11:06 115816]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 15:40 16384]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 12:14 439512]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 12:18 215256]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-03 19:09 1862144]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [ ]

C:\Users\Trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 22:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-05 18:54:24 727592]
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-12-03 18:56:38 696320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B3740027-0036-49BF-98E7-04F4F903D67B}"= C:\Windows\system32\qomno.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{26ADC61D-7E65-4B77-B234-AFCE0A4A12A8}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe BigGrin ell Network Assistant
"{01AABF3D-3872-495B-83F7-2E7D451FE3AE}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe BigGrin ell Network Assistant
"{2CE5C0EA-A80F-47CA-A43A-802950008D7C}"= TCP:10421:SingleClick Discovery Protocol
"{9388843C-ABF7-4E8C-9C24-F5BA154D29FE}"= UDP:139:NetBIOS File/Printer Sharing
"{01529DBC-4DAC-4385-B0B2-A7D386A392C0}"= TCP:10426:SingleClick ICC
"{42A9B7F3-1E92-46F6-840D-BCA4FD813B34}"= UDP:445:Microsoft Directory Services
"{EA65E4F0-5427-4838-A0A1-4351AD883A40}"= TCP:138:NetBIOS Datagram Service
"{D42F2BB9-113D-41F8-B184-4382EE16BDFA}"= TCP:137:NetBIOS Name Service
"{607CF6F2-87BF-42E9-AC5A-32CFE2AC006E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0BF102B7-2BCE-4FE5-9796-74AA098753CF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7A00D7C-2DC4-4D11-A41D-8B878EC75D94}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{DE815A1A-DA56-4CD9-966F-561C2F54CD58}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{8ECABA77-FB88-4032-A0F3-060547B9B334}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{D5D54AF3-DB63-4D2A-875D-65349D207620}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{037E0CD7-155E-4144-8196-939B9B31C545}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{B4F9BDAE-F29D-47CF-8EF6-945025111FD7}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2ABDA20B-7CAF-4B0B-801A-07B7C2DA8D55}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{DED8BD1E-42BD-4E4A-A21E-A4DE6DE1C494}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{013129DC-C202-4FB7-8C2D-BF5DC2E0A946}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{82322CD7-E3C6-4C55-97A0-713020AEECAB}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{0060F024-23F1-4580-8AC2-6162C56C4291}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{68BDCABD-CC49-4E94-AC07-072B2E11E655}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{913B8C2F-D545-4194-A495-77C71661B9C4}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{742C1371-8CA7-4DBB-954E-15C8053F5362}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{207D787A-6F43-4E77-A02C-D161A947A14F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2D34C5F4-8E64-4470-BBE3-1097D6F2521C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3830E041-1471-48AB-AF7B-E779E0DAF38E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2D42C912-8394-4ABB-BBBE-A5D7E978DFD2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ACE67183-9E4A-4DF3-8533-DB005A7CE86A}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
"{6FDF4B51-E7E5-4278-A939-7B9F2C5C2104}"= TCP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
"{E831C9B3-AC99-4CD9-937A-1E0E465BB369}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{93290905-1E90-4BD7-8F8A-19EE8287C210}"= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{9F9EED88-8078-4FB0-8BE1-0F43728CA4E1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E92D51D9-E5AC-446E-A912-224AF5A6B001}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-02-13 12:18]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 02:45]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 13:46]
R2 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 12:14]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 22:34]
R2 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 12:17]
R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-10-11 16:44]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-07-11 10:15]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-08 02:31]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-10-10 01:30]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-10-10 01:30]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-10-10 01:30]
R3 CXSONORA;AVerMedia 23885 AvStream Video Capture;C:\Windows\system32\drivers\A885VCap.sys [2007-10-10 05:07]
R3 DLXPDisplayName;DLXPDisplayName;C:\Windows\system32\DRIVERS\DLACPI.sys [2007-10-08 02:41]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-12-03 19:08]
R3 OEM07Vfx;Creative Camera OEM007 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM07Vfx.sys [2007-09-11 08:18]
R3 OEM07Vid;Creative Camera OEM007 Driver;C:\Windows\system32\DRIVERS\OEM07Vid.sys [2007-09-11 08:18]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 12:15]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-08 02:31]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 04:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 01:31:20 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Trent.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 20:24:48
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\DELLOSD.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehRecvr.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-03-26 20:32:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-27 00:32:24
.
2008-03-26 19:18:15 --- E O F ---

Post #236836

RichieUK

Posted 3/26/2008 7:55 PM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,425, Visits: 54,734

Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\ProgramData\dartregsregs.f3sgf
C:\ProgramData\dartregsregs.t2em0md
C:\ProgramData\EQ STUPID SLOW.0hj1j
C:\ProgramData\Flaw bits
C:\ProgramData\Part Hide Grey Pop
C:\Users\All Users\Part Hide Grey Pop
C:\Users\All Users\Flaw bits
C:\ProgramData\Viewpoint
C:\Program Files\Viewpoint
C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

Return to OTMoveIt, right click on the "Paste Custom List of Files/Folders to Move" window under the "yellow" bar at the bottom,and choose Paste,see image below:

Click the red Moveit! button

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt by clicking on the "Exit" button.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Copy and paste ALL the following text in the code box below into Notepad.
Click on Start/All Programs/Accessories/Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop

and agree to merge the information into the registry,then restart your pc.

REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Coal 32"=-
"Grey pop cake audio"=-
"Host Process"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B3740027-0036-49BF-98E7-04F4F903D67B}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ACE67183-9E4A-4DF3-8533-DB005A7CE86A}"=-
"{6FDF4B51-E7E5-4278-A939-7B9F2C5C2104}"=-

Also post a new Hijackthis log please.

_______________________________________________________________

ASAP & UNITE member since 2006

Post #236837

Paintballfreak71

Posted 3/26/2008 8:08 PM

New Member

Group: Forum Members
Last Login: 3/27/2008 7:51 PM
Posts: 8, Visits: 14

I forgot to post the results before I clicked to reboot, so this is what it came up with the second time I did it.

[Custom Input]
< C:\ProgramData\dartregsregs.f3sgf >
File/Folder C:\ProgramData\dartregsregs.f3sgf not found.
< C:\ProgramData\dartregsregs.t2em0md >
File/Folder C:\ProgramData\dartregsregs.t2em0md not found.
< C:\ProgramData\EQ STUPID SLOW.0hj1j >
File/Folder C:\ProgramData\EQ STUPID SLOW.0hj1j not found.
< C:\ProgramData\Flaw bits >
File/Folder C:\ProgramData\Flaw bits not found.
< C:\ProgramData\Part Hide Grey Pop >
File/Folder C:\ProgramData\Part Hide Grey Pop not found.
< C:\Users\All Users\Part Hide Grey Pop >
File/Folder C:\Users\All Users\Part Hide Grey Pop not found.
< C:\Users\All Users\Flaw bits >
File/Folder C:\Users\All Users\Flaw bits not found.
< C:\ProgramData\Viewpoint >
File/Folder C:\ProgramData\Viewpoint not found.
< C:\Program Files\Viewpoint >
C:\Program Files\Viewpoint moved successfully.
< C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 >
File/Folder C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 not found.
< C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 >
File/Folder C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03262008_210452

Post #236839

RichieUK

Posted 3/26/2008 8:10 PM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,425, Visits: 54,734

Thats ok,follow the rest of the steps please.

_______________________________________________________________

ASAP & UNITE member since 2006

Post #236840

Paintballfreak71

Posted 3/26/2008 8:17 PM

New Member

Group: Forum Members
Last Login: 3/27/2008 7:51 PM
Posts: 8, Visits: 14

Ok, here is the HijackThis log after the fix.reg and the restarting of my computer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:41 PM, on 3/26/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\OEM07Mon.exe
C:\Windows\System32\MediaButtons.exe
C:\Program Files\DELL\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\System32\DELLOSD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OEM07Mon.exe] C:\Windows\OEM07Mon.exe
O4 - HKLM\..\Run: [MediaButtons] C:\Windows\System32\MediaButtons.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1584324784-2898364789-997048515-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 12421 bytes

Post #236841

« Prev Topic | Next Topic »

11 posts, Page 1 of 2

1 2 »»

All times are GMT -6:00, Time now is 6:30am