I just installed ad aware se today. Every time i try to use it a window comes up that says my computer has to shut down and it was initiated by NT AUTHORITY\SYSTEM. Lower in window it says Windows must restart DCOM Service Process Launcher terminated unexpectedly.
I never had a problem before. What can I do?
Thanks.......Paul
Full Version: Problems with ad aware pe
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
QUOTE(beachbum1944 @ Feb 21 2007, 10:36 PM) 
I just installed ad aware se today. Every time i try to use it a window comes up that says my computer has to shut down and it was initiated by NT AUTHORITY\SYSTEM. Lower in window it says Windows must restart DCOM Service Process Launcher terminated unexpectedly.
I never had a problem before. What can I do?
Thanks.......Paul
IThe ad aware is SE not PE
I never had a problem before. What can I do?
Thanks.......Paul
IThe ad aware is SE not PE
Sounds like ad-aware unloaded a (malware) module in the " DCOM Service Process Launcher" service causing it to crash, which causes the system to shutdown because this is a vital service.
Post a hijackthis log, and a comboscan log.
Post a hijackthis log, and a comboscan log.
QUOTE(Ai_Tak @ Feb 22 2007, 02:37 AM)
Sounds like ad-aware unloaded a (malware) module in the " DCOM Service Process Launcher" service causing it to crash, which causes the system to shutdown because this is a vital service.
Post a hijackthis log, and a comboscan log.
Where do I post the hijackthis log?
Post a hijackthis log, and a comboscan log.
Here, in this thread, your thread.
QUOTE(Ai_Tak @ Feb 22 2007, 06:49 AM)
Here, in this thread, your thread.
Ok. Here it is>
ComboScan v20070221.15 run by Paul on 2007-02-22 at 00:08:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Successfully created restore point.
Performed disk cleanup.
-- HijackThis (run as Paul.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:10:47 AM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\regyisre.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SHA256\secure.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\system32\acsbvcc.exe
C:\WINDOWS\system32\cmdupdlms.exe
C:\WINDOWS\system32\gdmvstat.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1107367472\ee\AOLSoftware.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\system32\smcrsmm.exe
C:\WINDOWS\system32\cxmdxcs.exe
C:\WINDOWS\BQTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\common files\aol\1107367472\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1107367472\ee\aolsoftware.exe
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDBOT83A\comboscan[1].exe
C:\Program Files\HijackThis\Paul.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Mucmlls] regyisre.exe
O4 - HKLM\..\Run: [WIZZ] C:\Program Files\WIZZ\dazzler.exe
O4 - HKLM\..\Run: [wise] C:\Program Files\Common files\clockwise.exe -boot
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\system32\winupd\wuauclt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SHA256] C:\Program Files\SHA256\secure.exe
O4 - HKLM\..\Run: [Recguard] C:\Program Files\HP\recguard.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REAL] C:\Program Files\REAL\realjbox.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerChute] C:\Program Files\APC_Power\Pwrchute.exe -boot_time
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ncsmmlg] C:\WINDOWS\system32\acsbvcc.exe
O4 - HKLM\..\Run: [mvcupdate] C:\WINDOWS\system32\cmdupdlms.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [miniport] C:\WINDOWS\system32\usb2chk.exe /start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LocalProxy] C:\Program Files\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kdmmcvs] C:\WINDOWS\system32\gdmvstat.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IPSecMon] C:\Program Files\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107367472\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\system32\realmon.exe /start
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [Dit] C:\WINDOWS\system32\dit.exe
O4 - HKLM\..\Run: [ddsysmns] C:\WINDOWS\system32\smcrsmm.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [csmhtop] C:\WINDOWS\system32\cxmdxcs.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\system32\APVXDWIN.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Program Files\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [3capplnk] C:\Program Files\US Robotics\\3capplnk.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Fxhlo] C:\WINDOWS\System32\??oolsv.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Bidm] C:\Documents and Settings\Paul\Application Data\teta.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [ncsmmlg] C:\WINDOWS\system32\acsbvcc.exe
O4 - HKCU\..\Run: [kdmmcvs] C:\WINDOWS\system32\gdmvstat.exe
O4 - HKCU\..\Run: [mvcupdate] C:\WINDOWS\system32\cmdupdlms.exe
O4 - HKCU\..\Run: [ddsysmns] C:\WINDOWS\system32\smcrsmm.exe
O4 - HKCU\..\Run: [csmhtop] C:\WINDOWS\system32\cxmdxcs.exe
O4 - Startup: ZoneAlarm Pro.lnk = C:\RECYCLER\NPROTECT\00264741.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {04B6182D-FB75-11D4-90D2-0000B4948C7C} (cre8tiv 3Di ATL Control (Internet)) - http://www.quick-step.com/distribution/cre8tiv3dix.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-americas.ey.com/MAIL003/iNotes.cab
O16 - DPF: {3468FCFD-E656-47CF-838D-A350F84EB1CC} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-americas.ey.com/iNotes6.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107630782000
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebas...sCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://islandcam.columbiasussex.com/activex/AMC.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it...ivex_259_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D07CD8F-956C-459D-8DD7-F6388FD1F125}: NameServer = 85.255.116.62,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E1E97A4-C631-453E-A1CE-F98944E2D67F}: NameServer = 85.255.116.62,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{52EE73C2-2D5A-4D59-A59D-1612D977C4E5}: NameServer = 85.255.116.62,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{684771DF-F095-40A5-ACFD-81668CB4AC8B}: NameServer = 85.255.116.62,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{773FF399-B883-41C1-8523-ADC84BC0BD23}: NameServer = 85.255.116.62,85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.62 85.255.112.233
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.62 85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.62 85.255.112.233
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
-- File Associations ------------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------
1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\alcxwdm.sys
3S Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3S ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
2S ATIBTCAP (ATI TV Wonder Video Capture) - C:\WINDOWS\system32\drivers\atibtcap.sys
2S ATIBTXBAR (ATI TV Wonder Video Crossbar) - C:\WINDOWS\system32\drivers\atibtxbr.sys
2S ATIVTUTW (ATI TV Wonder TV Tuner) - C:\WINDOWS\system32\drivers\ativtutw.sys
2S ATIVXSTW (ATI TV Wonder Audio Crossbar) - C:\WINDOWS\system32\drivers\ativxstw.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
3S ctac32k (Creative AC3 Software Decoder) - C:\WINDOWS\system32\drivers\ctac32k.sys
3S ctaud2k (Creative Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\ctaud2k.sys
3S ctdvda2k (Creative DVD-Audio Device Driver) - C:\WINDOWS\system32\drivers\ctdvda2k.sys (not found)
3S ctprxy2k (Creative Proxy Driver) - C:\WINDOWS\system32\drivers\ctprxy2k.sys
3S ctsfm2k (Creative SoundFont Management Device Driver) - C:\WINDOWS\system32\drivers\ctsfm2k.sys
3S emupia (E-mu Plug-in Architecture Driver) - C:\WINDOWS\system32\drivers\emupia2k.sys
1S EXAMPLE - C:\WINDOWS\system32\main.sys
3S FilterService (Filter Service) - C:\WINDOWS\system32\drivers\filter.sys
3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S ha10kx2k (Creative Hardware Abstract Layer Driver) - C:\WINDOWS\system32\drivers\ha10kx2k.sys
3S hap16v2k (Creative P16V HAL Driver) - C:\WINDOWS\system32\drivers\HAP16V2K.SYS
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3R HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3R HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
3S IPFilter (Microsoft IntelliPoint Features driver) - C:\WINDOWS\system32\drivers\ipfilter.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S KMW_SYS (Kensington MouseWorks Mouse filter driver) - C:\WINDOWS\system32\drivers\KMW_SYS.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3S ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3S NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3S ossrv (Creative OS Services Driver) - C:\WINDOWS\system32\drivers\ctoss2k.sys
2R PfModNT - C:\WINDOWS\system32\drivers\pfmodnt.sys
3R Point32 (Microsoft IntelliPoint Filter Driver) - C:\WINDOWS\system32\drivers\point32.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S QV2KUX (Casio Digital Camera) - C:\WINDOWS\system32\drivers\qv2kux.sys
3R RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtnicxp.sys
3S rtl8029 (Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver) - C:\WINDOWS\system32\DRIVERS\RTL8029.SYS (not found)
3S rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys
3R SAVRT - C:\Program Files\Norton AntiVirus\savrt.sys
1R SAVRTPEL - C:\Program Files\Norton AntiVirus\Savrtpel.sys
0R sisagp (SiS AGP Filter) - C:\WINDOWS\system32\drivers\sisagp.sys
0R SiSide - C:\WINDOWS\system32\drivers\siside.sys
0R sisidex - C:\WINDOWS\system32\drivers\sisidex.sys
0R sisperf (Add Performance Filter Driver) - C:\WINDOWS\system32\drivers\sisperf.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3S STV680 (USB Dual-mode Camera) - C:\WINDOWS\system32\drivers\stv680.sys
3S STV680m (USB Dual-mode Cameram) - C:\WINDOWS\system32\drivers\stv680m.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3S VIAudio (VIA AC'97 Audio Controller (WDM)) - C:\WINDOWS\system32\drivers\viaudios.sys
3R wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\drivers\wanatw4.sys
3S WINFLASH - C:\WINDOWS\System32\Drivers\Winflash.sys (not found)
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
2R AOL ACS (AOL Connectivity Service) - "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
2R AOL TopSpeedMonitor (AOL TopSpeed Monitor) - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
2S AOLService (AOL Spyware Protection Service) - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2S Ati HotKey Poller - C:\WINDOWS\System32\Ati2evxx.exe
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R CCALib8 (Canon Camera Access Library 8) - C:\Program Files\Canon\CAL\CALMAIN.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S iPodService - C:\Program Files\iPod\bin\iPodService.exe
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2R MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
2R navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
3R Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
3S SAVScan - "C:\Program Files\Norton AntiVirus\SAVScan.exe"
2S SBService (ScriptBlocking Service) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2R SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
-- Scheduled Tasks --------------------------------------------------------------
2007-02-22 00:06:00 492 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (CC895107-A-Paul).job<MCAFEE~1.JOB>
2007-02-21 22:10:02 340 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job<HPUSGD~1.JOB>
2007-02-21 14:59:07 528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Paul.job<NORTON~1.JOB>
2007-02-20 22:11:09 318 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY36L110G6D7.job<HPDARC~1.JOB>
-- Files created between 2007-01-22 and 2007-02-22 ------------------------------
2007-02-22 00:10:28 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-21 16:15:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-21 15:35:11 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-21 15:12:04 0 d-------- C:\Documents and Settings\Paul\Application Data\Talkback
2007-02-21 15:01:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2007-02-21 14:56:48 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~2>
2007-02-21 14:56:25 83664 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-02-21 14:56:25 110352 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-21 14:52:16 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-21 14:51:52 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-02-21 14:51:52 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-02-21 14:51:34 0 d-------- C:\Program Files\Picasa2
2007-02-21 14:43:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-02-20 22:41:03 0 d-------- C:\Install ICQ<INSTAL~3>
2007-02-20 22:40:56 0 d-------- C:\Install iTunes<INSTAL~2>
2007-02-20 22:40:46 0 d-------- C:\Install AOL Communicator<INSTAL~1>
2007-02-20 22:40:43 0 d-------- C:\aolextras<AOLEXT~1>
2007-02-20 22:38:03 0 d-------- C:\Program Files\America Online 9.0b<AMERIC~1.0B>
2007-02-19 20:20:30 71890 --a------ C:\WINDOWS\hresfefew.exe<HRESFE~1.EXE>
2007-02-19 20:05:23 74805 --a------ C:\WINDOWS\rgregewgewfw.exe<RGREGE~1.EXE>
2007-02-19 19:50:15 71715 --a------ C:\WINDOWS\gfeanjnk.exe
2007-02-19 19:36:58 71931 --a------ C:\WINDOWS\hgrefwegfewfw.exe<HGREFW~1.EXE>
2007-02-19 18:49:37 74267 --a------ C:\WINDOWS\htrewnkjnkmfe.exe<HTREWN~1.EXE>
2007-02-19 12:48:40 0 d-------- C:\Program Files\PCPitstop<PCPITS~1>
2007-02-19 12:45:40 0 d-------- C:\WINDOWS\CAVTemp
2007-02-19 12:20:03 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-02-19 12:20:01 0 d-------- C:\Program Files\CA
2007-02-19 04:15:32 74267 --a------ C:\WINDOWS\hgrefrefe.exe<HGREFR~1.EXE>
2007-02-19 03:28:35 74805 --a------ C:\WINDOWS\bvgnknkmde.exe<BVGNKN~1.EXE>
2007-02-19 02:45:30 71890 --a------ C:\WINDOWS\bvneknmkf.exe<BVNEKN~1.EXE>
2007-02-19 02:31:37 71931 --a------ C:\WINDOWS\gbbjnkmnfew.exe<GBBJNK~1.EXE>
2007-02-19 02:20:08 71715 --a------ C:\WINDOWS\bvebjnkj.exe
2007-02-19 01:11:22 20480 --a------ C:\WINDOWS\system32\msnetax.dll
2007-02-19 01:11:02 91648 --a------ C:\WINDOWS\comio32.dll
2007-02-19 01:10:58 54784 --a------ C:\WINDOWS\system32\instcat.dll
2007-02-18 20:44:14 0 d-------- C:\Program Files\AOL Companion<AOLCOM~1>
2007-02-18 20:44:03 0 d-------- C:\Program Files\Learn2.com
2007-02-18 20:42:44 1060864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-02-18 20:42:13 0 d-------- C:\Program Files\America Online 9.0a<AMERIC~1.0A>
2007-02-16 22:03:55 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-02-15 20:36:15 0 d-------- C:\Program Files\Common Files\bak
2007-02-15 20:36:14 0 d-------- C:\WINDOWS\system32\bak
2007-02-13 01:20:09 1231 --a------ C:\WINDOWS\unins000.dat
2007-02-08 21:09:09 0 d-------- C:\Documents and Settings\Paul\Application Data\Viewpoint<VIEWPO~1>
2007-02-08 01:15:36 0 d-------- C:\Documents and Settings\Paul\Application Data\Canon
2007-02-02 01:14:51 5632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-02-02 01:14:49 159232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-02-02 01:05:35 0 d-------- C:\Documents and Settings\Paul\Application Data\ZoomBrowser EX<ZOOMBR~1>
2007-02-02 00:53:48 0 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser<ZOOMBR~1>
2007-02-02 00:53:20 0 d-------- C:\Program Files\Common Files\Canon
2007-02-01 01:12:37 0 d-------- C:\Program Files\SpyMarshal<SPYMAR~1>
2007-02-01 01:12:28 1395659 --a------ C:\Documents and Settings\Paul\Application Data\Install.dat
2007-02-01 01:12:11 0 --a------ C:\WINDOWS\system32\kernel32.exe
2007-02-01 00:33:38 0 d-------- C:\Program Files\VideoBox
2007-01-30 01:06:07 33024 --a------ C:\WINDOWS\system32\main.sys
2007-01-27 10:41:03 0 d-------- C:\WINDOWS\Prefetch
2007-01-27 10:30:00 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-01-27 10:25:03 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-01-27 10:19:47 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-01-27 10:19:46 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-01-26 22:02:37 135168 -ra------ C:\WINDOWS\system32\igfxres.dll
2007-01-26 22:00:25 40960 -ra------ C:\WINDOWS\system32\ialmuTRK.dll
2007-01-26 22:00:25 40960 -ra------ C:\WINDOWS\system32\ialmuTHA.dll
2007-01-26 22:00:25 40960 -ra------ C:\WINDOWS\system32\ialmuSVE.dll
2007-01-26 22:00:25 40960 -ra------ C:\WINDOWS\system32\ialmuRUS.dll
2007-01-26 22:00:25 40960 -ra------ C:\WINDOWS\system32\ialmuPTG.dll
2007-01-26 22:00:25 40960 -ra------ C:\WINDOWS\system32\ialmuPTB.dll
2007-01-26 22:00:25 40960 -ra------ C:\WINDOWS\system32\ialmuPLK.dll
2007-01-26 22:00:25 40960 -ra------ C:\WINDOWS\system32\ialmuNOR.dll
2007-01-26 22:00:25 61440 -ra------ C:\WINDOWS\system32\iAlmCoIn_v4384.dll<IALMCO~1.DLL>
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuNLD.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuKOR.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuJPN.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuITA.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuHUN.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuHEB.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuFRC.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuFRA.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuFIN.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuESP.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuENG.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuELL.dll
2007-01-26 22:00:24 40960 -ra------ C:\WINDOWS\system32\ialmuDEU.dll
2007-01-26 22:00:23 40960 -ra------ C:\WINDOWS\system32\ialmuDAN.dll
2007-01-26 22:00:23 40960 -ra------ C:\WINDOWS\system32\ialmuCSY.dll
2007-01-26 22:00:22 524288 -ra------ C:\WINDOWS\system32\igldev32.dll
2007-01-26 22:00:22 114688 -ra------ C:\WINDOWS\system32\ialmudlg.exe
2007-01-26 22:00:22 40960 -ra------ C:\WINDOWS\system32\ialmuCHT.dll
2007-01-26 22:00:22 40960 -ra------ C:\WINDOWS\system32\ialmuCHS.dll
2007-01-26 22:00:22 40960 -ra------ C:\WINDOWS\system32\ialmuARB.dll
2007-01-26 22:00:22 40960 -ra------ C:\WINDOWS\system32\ialmuARA.dll
2007-01-26 22:00:21 2310144 -ra------ C:\WINDOWS\system32\iglicd32.dll
2007-01-26 22:00:20 102400 -ra------ C:\WINDOWS\system32\igfxext.exe
2007-01-26 22:00:20 40960 -ra------ C:\WINDOWS\system32\igfxexps.dll
2007-01-26 22:00:20 49152 -ra------ C:\WINDOWS\system32\ialmrem.dll
2007-01-26 22:00:19 1503232 -ra------ C:\WINDOWS\system32\igfxress.dll
2007-01-26 22:00:19 23564 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-01-26 22:00:18 114688 -ra------ C:\WINDOWS\system32\igfxzoom.exe
2007-01-26 22:00:18 23564 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-01-26 22:00:18 86016 -ra------ C:\WINDOWS\system32\igfxdo.dll
2007-01-26 22:00:18 135168 -ra------ C:\WINDOWS\system32\igfxdev.dll
2007-01-26 22:00:18 23564 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-01-26 22:00:17 446464 -ra------ C:\WINDOWS\system32\igfxcfg.exe
2007-01-26 22:00:16 159744 -ra------ C:\WINDOWS\system32\igfxsrvc.exe
2007-01-26 22:00:16 147456 -ra------ C:\WINDOWS\system32\igfxpph.dll
2007-01-26 22:00:15 57344 -ra------ C:\WINDOWS\system32\igfxsrvc.dll
2007-01-26 22:00:15 73728 -ra------ C:\WINDOWS\system32\hccutils.dll
2007-01-26 22:00:15 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-01-26 22:00:09 899706 -ra------ C:\WINDOWS\system32\ialmdd5.dll
2007-01-26 22:00:05 117371 -ra------ C:\WINDOWS\system32\ialmdnt5.dll
2007-01-26 22:00:05 212218 -ra------ C:\WINDOWS\system32\ialmdev5.dll
2007-01-26 22:00:03 36990 -ra------ C:\WINDOWS\system32\ialmrnt5.dll
2007-01-26 22:00:02 1052732 -ra------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-01-26 21:59:29 135168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-01-26 21:59:28 10518528 -r------- C:\WINDOWS\system32\RTLCPL.exe
2007-01-26 21:58:19 78720 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-01-26 21:58:16 0 d-------- C:\Program Files\Realtek AC97<REALTE~2>
2007-01-26 21:58:14 0 d-------- C:\WINDOWS\OPTIONS
2007-01-26 21:52:11 0 d-------- C:\Program Files\Intel
-- Find3M Report ----------------------------------------------------------------
2007-02-21 18:08:40 0 d-------- C:\Program Files\SHA256
2007-02-21 16:15:38 0 d-------- C:\Documents and Settings\Paul\Application Data\Lavasoft
2007-02-21 16:15:31 0 d-------- C:\Program Files\Lavasoft
2007-02-21 15:49:13 0 d-------- C:\Program Files\Google
2007-02-21 15:18:31 0 d-------- C:\Program Files\WIZZ
2007-02-21 15:11:24 0 d-------- C:\Documents and Settings\Paul\Application Data\Mozilla
2007-02-21 15:02:12 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 14:57:34 0 d-------- C:\Program Files\Symantec
2007-02-20 22:43:17 0 d-------- C:\Program Files\Common Files\AOL
2007-02-20 22:40:03 0 d-------- C:\Program Files\AOL Toolbar<AOLTOO~1>
2007-02-20 22:38:52 0 d-------- C:\Program Files\Common Files\aolshare
2007-02-19 12:44:47 0 d-------- C:\Program Files\Common Files\Scanner
2007-02-15 21:08:22 0 d-------- C:\Program Files\US Robotics<USROBO~1>
2007-02-15 21:08:22 0 d-------- C:\Program Files\Real
2007-02-15 21:08:22 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-15 21:08:22 0 d-------- C:\Program Files\Microsoft IntelliType Pro<MI558C~1>
2007-02-15 21:08:22 0 d-------- C:\Program Files\Microsoft IntelliPoint<MIFB84~1>
2007-02-15 21:08:22 0 d-------- C:\Program Files\LocalProxy<LOCALP~1>
2007-02-15 21:08:22 0 d-------- C:\Program Files\HP
2007-02-15 21:08:22 0 d-------- C:\Program Files\Common Files\VPN Network<VPNNET~1>
2007-02-15 21:08:22 0 d-------- C:\Program Files\APC_Power<APC_PO~1>
2007-02-15 21:08:22 0 d-------- C:\Program Files\AdsBlocker<ADSBLO~1>
2007-02-15 21:08:21 0 d-------- C:\Program Files\iTunes
2007-02-15 21:08:21 0 d-------- C:\Program Files\America Online 9.0<AMERIC~1.0>
2007-02-15 21:06:21 23564 --a------ C:\WINDOWS\system32\realmon.exe
2007-02-15 21:06:21 23564 --a------ C:\WINDOWS\system32\APVXDWIN.EXE
2007-02-13 01:20:06 0 d-------- C:\Program Files\Yahoo!
2007-02-08 01:41:57 1440054 --a------ C:\Documents and Settings\Paul\Application Data\ZBWallpaper_1.bmp<ZBWALL~2.BMP>
2007-02-06 16:57:35 0 d-------- C:\Program Files\Java
2007-02-05 13:22:06 0 d-------- C:\Documents and Settings\Paul\Application Data\AdobeUM
2007-02-03 18:00:44 1440054 --a------ C:\Documents and Settings\Paul\Application Data\ZBWallpaper.bmp<ZBWALL~1.BMP>
2007-02-02 10:59:47 0 d-------- C:\Program Files\Ahead
2007-02-02 02:32:08 0 d-------- C:\Program Files\Kazaa Lite<KAZAAL~1>
2007-02-02 00:55:50 0 d-------- C:\Program Files\Canon
2007-02-02 00:55:02 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-27 10:32:15 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-01-27 10:30:59 23372 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2006-12-26 12:24:32 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000B-00001102-00000004-00531102}.dat<DVCSTA~2.DAT>
2006-12-26 12:24:32 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000B-00001102-00000004-00531102}.dat<DVCSTA~1.DAT>
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"wininet32"="C:\\WINDOWS\\wininet32.exe"
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""
"Fxhlo"="C:\\WINDOWS\\System32\\??oolsv.exe"
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"Bidm"="C:\\Documents and Settings\\Paul\\Application Data\\teta.exe"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0\\AOL.EXE\" -b"
"ncsmmlg"="C:\\WINDOWS\\system32\\acsbvcc.exe"
"kdmmcvs"="C:\\WINDOWS\\system32\\gdmvstat.exe"
"mvcupdate"="C:\\WINDOWS\\system32\\cmdupdlms.exe"
"ddsysmns"="C:\\WINDOWS\\system32\\smcrsmm.exe"
"csmhtop"="C:\\WINDOWS\\system32\\cxmdxcs.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Mucmlls"="regyisre.exe"
"WIZZ"="C:\\Program Files\\WIZZ\\dazzler.exe"
"wise"="C:\\Program Files\\Common files\\clockwise.exe -boot"
"WINDVDPatch"="CTHELPER.EXE"
"Windows Update AutoUpdate Client"="C:\\WINDOWS\\system32\\winupd\\wuauclt.exe "
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"SHA256"="C:\\Program Files\\SHA256\\secure.exe"
"Recguard"="C:\\Program Files\\HP\\recguard.exe "
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"REAL"="C:\\Program Files\\REAL\\realjbox.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\bak\\qttask.exe\" -atboottime"
"QD FastAndSafe"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PowerChute"="C:\\Program Files\\APC_Power\\Pwrchute.exe -boot_time"
"POINTER"="point32.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ncsmmlg"="C:\\WINDOWS\\system32\\acsbvcc.exe"
"mvcupdate"="C:\\WINDOWS\\system32\\cmdupdlms.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"miniport"="C:\\WINDOWS\\system32\\usb2chk.exe /start"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"LocalProxy"="C:\\Program Files\\LocalProxy\\proxy4free.exe"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"kdmmcvs"="C:\\WINDOWS\\system32\\gdmvstat.exe"
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"IPSecMon"="C:\\Program Files\\Common files\\VPN Network\\IPSecMon.exe /vpncheck"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1107367472\\ee\\AOLSoftware.exe"
"EXSHOW95.EXE"="EXSHOW95.EXE"
"eTrust Realtime Monitor"="C:\\WINDOWS\\system32\\realmon.exe /start"
"ErrorGuard"="C:\\Program Files\\ErrorGuard\\ErrorGuard.Exe"
"Dit"="C:\\WINDOWS\\system32\\dit.exe "
"ddsysmns"="C:\\WINDOWS\\system32\\smcrsmm.exe"
"CTHelper"="CTHELPER.EXE"
"csmhtop"="C:\\WINDOWS\\system32\\cxmdxcs.exe"
"BurnQuick Queue"="C:\\WINDOWS\\BQTray.exe"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"Apvxdwin"="C:\\WINDOWS\\system32\\APVXDWIN.EXE "
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AdsBlocker"="C:\\Program Files\\AdsBlocker\\stopAds.exe"
"3capplnk"="C:\\Program Files\\US Robotics\\\\3capplnk.exe "
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdyqu.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=" "
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=dword:00000000
"Btn_Search"=dword:00000000
"NoBandCustomize"=dword:00000000
"NoToolbarCustomize"=dword:00000000
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.weightwatchers.com/images/1033/...explan_home.gif
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.thepreismans.com/IMG_7849%20resize.JPG
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ http://img.photobucket.com/albums/v98/mama...ke/05_30_77.jpg
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ http://i69.photobucket.com/albums/i55/tyrsam/DSC00293-1.jpg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\instcat
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
-- End of ComboScan: finished at 2007-02-22 at 00:11:23 -------------------------
Very messed up. A few things need to be taken care of before we even continue.
First download LSPFix.
Run LSPFix and choose to remove only msnetax.dll (moved to the right) and click finish; after that reboot right away.
You are infected with the fake codec trojan (aka zlob, aka trojan.flush, aka wareout, aka kedr).
Here is a tool that can deal with the fake codec trojan most of the time:
http://downloads.subratam.org/Fixwareout.exe
Post the log from it.
First download LSPFix.
Run LSPFix and choose to remove only msnetax.dll (moved to the right) and click finish; after that reboot right away.
You are infected with the fake codec trojan (aka zlob, aka trojan.flush, aka wareout, aka kedr).
Here is a tool that can deal with the fake codec trojan most of the time:
http://downloads.subratam.org/Fixwareout.exe
Post the log from it.
QUOTE(Ai_Tak @ Feb 22 2007, 06:58 AM)
Very messed up. A few things need to be taken care of before we even continue.
First download LSPFix.
Run LSPFix and choose to remove only msnetax.dll (moved to the right) and click finish; after that reboot right away.
You are infected with the fake codec trojan (aka zlob, aka trojan.flush, aka wareout, aka kedr).
Here is a tool that can deal with the fake codec trojan most of the time:
http://downloads.subratam.org/Fixwareout.exe
Post the log from it.
First download LSPFix.
Run LSPFix and choose to remove only msnetax.dll (moved to the right) and click finish; after that reboot right away.
You are infected with the fake codec trojan (aka zlob, aka trojan.flush, aka wareout, aka kedr).
Here is a tool that can deal with the fake codec trojan most of the time:
http://downloads.subratam.org/Fixwareout.exe
Post the log from it.
I ran Lspfix and it said no problems. It did list 4 things on the left including msnetax.dll. Should I still remove it and ifso, do I copy and pastye to the right side?
Check the "I know what I am doing" box, select "msnetax.dll" and click the >> button, then click finish.
QUOTE(Ai_Tak @ Feb 22 2007, 07:16 AM)
Check the "I know what I am doing" box, select "msnetax.dll" and click the >> button, then click finish.
AI TAK, just wanted to say thanks for your help. I followed your instructions and I lost my operating system. Completely lost windows XP. Thanks again
What do you mean lost? What are the symptoms?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.