Tech Support Forum - View Single Post

CurryMad · 08-07-2008, 02:23 PM

Hi,

Thanks for the reply.

Main.txt and extra.txt follow.........

Deckard's System Scanner v20071014.68
Run by Steve on 2008-08-07 21:13:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
22: 2008-08-07 20:13:31 UTC - RP145 - Deckard's System Scanner Restore Point
21: 2008-08-06 22:02:22 UTC - RP144 - System Checkpoint
20: 2008-08-05 21:12:51 UTC - RP143 - Installed AVG Free 8.0
19: 2008-08-05 20:04:06 UTC - RP142 - System Checkpoint
18: 2008-08-03 21:57:08 UTC - RP141 - Installed SUPERAntiSpyware Free Edition

-- First Restore Point --
1: 2008-07-16 08:24:07 UTC - RP124 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 5.36 GiB (less than 15%) free.

-- HijackThis (run as Steve.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:49, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Steve\Desktop\Apps Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Steve.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wserv32.exe
O4 - HKLM\..\RunServices: [Windows DLL Loader And Verifier] csrssd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wserv32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1201818639161
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201730311137
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downlo...2/axofupld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9807 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080804-182508-599 O23 - Service: OracleDEFAULT_HOMEXPSNMPPeerEncapsulator - Unknown owner - C:\oraxp\BIN\ENCSVC.EXE (file missing)
backup-20080804-182508-729 O23 - Service: OracleDEFAULT_HOMEXPSNMPPeerMasterAgent - Unknown owner - C:\oraxp\BIN\AGNTSVC.EXE (file missing)
backup-20080804-182508-819 O23 - Service: OracleDEFAULT_HOMEXPClientCache - Unknown owner - C:\oraxp\BIN\ONRSD.EXE (file missing)
backup-20080804-182508-840 O23 - Service: OracleDEFAULT_HOMEXPAgent - Unknown owner - C:\oraxp\bin\agntsrvc.exe (file missing)
backup-20080804-182508-897 O23 - Service: OracleDEFAULT_HOMEXPTNSListener - Unknown owner - C:\oraxp\BIN\TNSLSNR.exe (file missing)
backup-20080804-182508-960 O23 - Service: OracleServiceFRIDAYDB - Unknown owner - c:\oraxp\bin\ORACLE.EXE (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Hotkey - c:\windows\system32\drivers\hotkey.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 Wbutton - c:\windows\system32\drivers\wbutton.sys
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys <Not Verified; ; RadProbe>

S2 DVC150 (DVC 150B) - c:\windows\system32\drivers\dvc150b.sys <Not Verified; Cirrus Logic Inc.; Cirrus Logic USB-DVR2>
S3 gsplittm - c:\docume~1\steve\locals~1\temp\gsplittm.sys (file missing)
S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
S3 SE26bus (Sony Ericsson Device 038 Driver driver (WDM)) - c:\windows\system32\drivers\se26bus.sys <Not Verified; MCCI; Sony Ericsson Device 038 Driver>
S3 SE26mdfl (Sony Ericsson Device 038 USB WMC Modem Filter) - c:\windows\system32\drivers\se26mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC Modem Filter Driver>
S3 SE26mdm (Sony Ericsson Device 038 USB WMC Modem Driver) - c:\windows\system32\drivers\se26mdm.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC Data Modem>
S3 SE26mgmt (Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se26mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC Device Management>
S3 se26nd5 (Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS)) - c:\windows\system32\drivers\se26nd5.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB Ethernet Emulation>
S3 SE26obex (Sony Ericsson Device 038 USB WMC OBEX Interface) - c:\windows\system32\drivers\se26obex.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC OBEX Interface>
S3 se26unic (Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM)) - c:\windows\system32\drivers\se26unic.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB Ethernet Emulation>
S3 WscNetDr (MWL Filter Miniport) - c:\windows\system32\drivers\wscnetdr.sys <Not Verified; McAfee, Inc.; McAfee Wireless Home Network Security>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S2 RadClock - c:\windows\system32\radclock.exe <Not Verified; ; RadClock Module>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 OracleDEFAULT_HOMEXPAgent - c:\oraxp\bin\agntsrvc.exe (file missing)
S4 OracleDEFAULT_HOMEXPClientCache - c:\oraxp\bin\onrsd.exe (file missing)
S4 OracleDEFAULT_HOMEXPHTTPServer - "c:\oraxp\apache\apache\apache.exe" --ntservice (file missing)
S4 OracleDEFAULT_HOMEXPPagingServer - c:\oraxp/bin/pagntsrv.exe (file missing)
S4 OracleDEFAULT_HOMEXPSNMPPeerEncapsulator - c:\oraxp\bin\encsvc.exe (file missing)
S4 OracleDEFAULT_HOMEXPSNMPPeerMasterAgent - c:\oraxp\bin\agntsvc.exe (file missing)
S4 OracleDEFAULT_HOMEXPTNSListener - c:\oraxp\bin\tnslsnr (file missing)
S4 OracleMTSRecoveryService - c:\oraxp\bin\omtsreco.exe "oraclemtsrecoveryservice" (file missing)
S4 OracleServiceDATABASE - c:\oraxp\bin\oracle.exe database (file missing)
S4 OracleServiceFRIDAYDB - c:\oraxp\bin\oracle.exe fridaydb (file missing)
S4 OracleServicePA - c:\oraxp\bin\oracle.exe pa (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-08-03 16:10:16 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-08-03 16:10:15 332 --a------ C:\WINDOWS\Tasks\McQcTask.job

-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-05 23:14:59 0 d--h----- C:\$AVG8.VAULT$
2008-08-05 22:13:24 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-05 22:13:23 0 d-------- C:\Documents and Settings\Steve\Application Data\AVGTOOLBAR
2008-08-05 22:12:52 0 d-------- C:\Program Files\AVG
2008-08-05 22:12:51 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-05 19:27:28 0 d-------- C:\Documents and Settings\Steve\Application Data\True Sword
2008-08-05 19:27:09 0 d-------- C:\Program Files\True Sword 5
2008-08-04 18:22:09 0 d-------- C:\Program Files\Trend Micro
2008-08-03 22:57:23 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-03 22:57:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-03 22:57:10 0 d-------- C:\Documents and Settings\Steve\Application Data\SUPERAntiSpyware.com
2008-08-03 22:56:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-03 18:32:38 0 d-------- C:\Documents and Settings\Steve\Application Data\Uniblue
2008-08-03 16:50:22 0 d-------- C:\Program Files\MSConfig CleanUp
2008-08-03 16:13:56 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-08-03 16:09:51 0 d-------- C:\Program Files\McAfee.com
2008-08-03 16:09:40 0 d-------- C:\Program Files\Common Files\McAfee
2008-08-03 16:09:15 0 d-------- C:\Program Files\McAfee
2008-08-03 13:37:13 0 d-------- C:\Program Files\iPod

-- Find3M Report ---------------------------------------------------------------

2008-08-05 23:15:03 0 d-------- C:\Program Files\Tiscali
2008-08-03 22:56:41 0 d-------- C:\Program Files\Common Files
2008-08-03 14:07:52 0 d-------- C:\Program Files\NCH Swift Sound
2008-08-03 14:03:11 0 d-------- C:\Program Files\Windows Live
2008-08-03 10:55:39 0 d-------- C:\Documents and Settings\Steve\Application Data\McAfee
2008-07-30 22:55:54 0 d-------- C:\Documents and Settings\Steve\Application Data\Skype
2008-07-28 17:59:57 0 d-------- C:\Documents and Settings\Steve\Application Data\skypePM
2008-06-25 19:27:56 0 d-------- C:\Documents and Settings\Steve\Application Data\RootsMagic
2008-06-25 19:09:21 0 d-------- C:\Program Files\RootsMagic
2008-06-21 16:56:09 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-21 16:54:03 0 d-------- C:\Program Files\Skype
2008-06-21 16:53:57 0 d-------- C:\Program Files\Common Files\Skype
2008-06-21 13:29:28 0 d-------- C:\Program Files\Microsoft LifeCam
2008-06-21 13:22:12 0 d-------- C:\Program Files\MSN Messenger
2008-06-21 13:20:43 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-14 17:52:43 71880 --a----c- C:\Documents and Settings\Steve\Application Data\GDIPFONTCACHEV1.DAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/08/2008 22:13 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/08/2008 22:13 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 19:12]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 05:42]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/08/2008 22:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/07/2007 21:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Update"=wserv32.exe
"Windows DLL Loader And Verifier"=csrssd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update"=wserv32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\System32\RadExe.dll [01/10/2004 21:34 204800]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
C:\Program Files\Launch Manager\CtrlVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
C:\Program Files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
C:\Program Files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
"C:\Program Files\Launch Manager\Wbutton.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2008-08-07 21:16:50 ------------

08-07-2008, 02:23 PM	#3 (permalink)
CurryMad Registered User Join Date: Aug 2008 Posts: 18 OS: XP SP2	Re: wserv32.exe and csrssd.exe Hi, Thanks for the reply. Main.txt and extra.txt follow......... Deckard's System Scanner v20071014.68 Run by Steve on 2008-08-07 21:13:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 22: 2008-08-07 20:13:31 UTC - RP145 - Deckard's System Scanner Restore Point 21: 2008-08-06 22:02:22 UTC - RP144 - System Checkpoint 20: 2008-08-05 21:12:51 UTC - RP143 - Installed AVG Free 8.0 19: 2008-08-05 20:04:06 UTC - RP142 - System Checkpoint 18: 2008-08-03 21:57:08 UTC - RP141 - Installed SUPERAntiSpyware Free Edition -- First Restore Point -- 1: 2008-07-16 08:24:07 UTC - RP124 - System Checkpoint Backed up registry hives. Performed disk cleanup. System Drive C: has 5.36 GiB (less than 15%) free. -- HijackThis (run as Steve.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:15:49, on 07/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Steve\Desktop\Apps Downloads\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Steve.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunServices: [Microsoft Update] wserv32.exe O4 - HKLM\..\RunServices: [Windows DLL Loader And Verifier] csrssd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wserv32.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/ O15 - Trusted Zone: http://.mcafee.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1201818639161 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201730311137 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downlo...2/axofupld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 9807 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080804-182508-599 O23 - Service: OracleDEFAULT_HOMEXPSNMPPeerEncapsulator - Unknown owner - C:\oraxp\BIN\ENCSVC.EXE (file missing) backup-20080804-182508-729 O23 - Service: OracleDEFAULT_HOMEXPSNMPPeerMasterAgent - Unknown owner - C:\oraxp\BIN\AGNTSVC.EXE (file missing) backup-20080804-182508-819 O23 - Service: OracleDEFAULT_HOMEXPClientCache - Unknown owner - C:\oraxp\BIN\ONRSD.EXE (file missing) backup-20080804-182508-840 O23 - Service: OracleDEFAULT_HOMEXPAgent - Unknown owner - C:\oraxp\bin\agntsrvc.exe (file missing) backup-20080804-182508-897 O23 - Service: OracleDEFAULT_HOMEXPTNSListener - Unknown owner - C:\oraxp\BIN\TNSLSNR.exe (file missing) backup-20080804-182508-960 O23 - Service: OracleServiceFRIDAYDB - Unknown owner - c:\oraxp\bin\ORACLE.EXE (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 Hotkey - c:\windows\system32\drivers\hotkey.sys R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI> R1 Wbutton - c:\windows\system32\drivers\wbutton.sys R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> R3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys <Not Verified; ; RadProbe> S2 DVC150 (DVC 150B) - c:\windows\system32\drivers\dvc150b.sys <Not Verified; Cirrus Logic Inc.; Cirrus Logic USB-DVR2> S3 gsplittm - c:\docume~1\steve\locals~1\temp\gsplittm.sys (file missing) S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device> S3 SE26bus (Sony Ericsson Device 038 Driver driver (WDM)) - c:\windows\system32\drivers\se26bus.sys <Not Verified; MCCI; Sony Ericsson Device 038 Driver> S3 SE26mdfl (Sony Ericsson Device 038 USB WMC Modem Filter) - c:\windows\system32\drivers\se26mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC Modem Filter Driver> S3 SE26mdm (Sony Ericsson Device 038 USB WMC Modem Driver) - c:\windows\system32\drivers\se26mdm.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC Data Modem> S3 SE26mgmt (Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se26mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC Device Management> S3 se26nd5 (Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS)) - c:\windows\system32\drivers\se26nd5.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB Ethernet Emulation> S3 SE26obex (Sony Ericsson Device 038 USB WMC OBEX Interface) - c:\windows\system32\drivers\se26obex.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC OBEX Interface> S3 se26unic (Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM)) - c:\windows\system32\drivers\se26unic.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB Ethernet Emulation> S3 WscNetDr (MWL Filter Miniport) - c:\windows\system32\drivers\wscnetdr.sys <Not Verified; McAfee, Inc.; McAfee Wireless Home Network Security> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; > S2 RadClock - c:\windows\system32\radclock.exe <Not Verified; ; RadClock Module> S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S4 OracleDEFAULT_HOMEXPAgent - c:\oraxp\bin\agntsrvc.exe (file missing) S4 OracleDEFAULT_HOMEXPClientCache - c:\oraxp\bin\onrsd.exe (file missing) S4 OracleDEFAULT_HOMEXPHTTPServer - "c:\oraxp\apache\apache\apache.exe" --ntservice (file missing) S4 OracleDEFAULT_HOMEXPPagingServer - c:\oraxp/bin/pagntsrv.exe (file missing) S4 OracleDEFAULT_HOMEXPSNMPPeerEncapsulator - c:\oraxp\bin\encsvc.exe (file missing) S4 OracleDEFAULT_HOMEXPSNMPPeerMasterAgent - c:\oraxp\bin\agntsvc.exe (file missing) S4 OracleDEFAULT_HOMEXPTNSListener - c:\oraxp\bin\tnslsnr (file missing) S4 OracleMTSRecoveryService - c:\oraxp\bin\omtsreco.exe "oraclemtsrecoveryservice" (file missing) S4 OracleServiceDATABASE - c:\oraxp\bin\oracle.exe database (file missing) S4 OracleServiceFRIDAYDB - c:\oraxp\bin\oracle.exe fridaydb (file missing) S4 OracleServicePA - c:\oraxp\bin\oracle.exe pa (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-08-03 16:10:16 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job 2008-08-03 16:10:15 332 --a------ C:\WINDOWS\Tasks\McQcTask.job -- Files created between 2008-07-07 and 2008-08-07 ----------------------------- 2008-08-05 23:14:59 0 d--h----- C:\$AVG8.VAULT$ 2008-08-05 22:13:24 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-05 22:13:23 0 d-------- C:\Documents and Settings\Steve\Application Data\AVGTOOLBAR 2008-08-05 22:12:52 0 d-------- C:\Program Files\AVG 2008-08-05 22:12:51 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-08-05 19:27:28 0 d-------- C:\Documents and Settings\Steve\Application Data\True Sword 2008-08-05 19:27:09 0 d-------- C:\Program Files\True Sword 5 2008-08-04 18:22:09 0 d-------- C:\Program Files\Trend Micro 2008-08-03 22:57:23 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-03 22:57:10 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-08-03 22:57:10 0 d-------- C:\Documents and Settings\Steve\Application Data\SUPERAntiSpyware.com 2008-08-03 22:56:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-03 18:32:38 0 d-------- C:\Documents and Settings\Steve\Application Data\Uniblue 2008-08-03 16:50:22 0 d-------- C:\Program Files\MSConfig CleanUp 2008-08-03 16:13:56 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL> 2008-08-03 16:09:51 0 d-------- C:\Program Files\McAfee.com 2008-08-03 16:09:40 0 d-------- C:\Program Files\Common Files\McAfee 2008-08-03 16:09:15 0 d-------- C:\Program Files\McAfee 2008-08-03 13:37:13 0 d-------- C:\Program Files\iPod -- Find3M Report --------------------------------------------------------------- 2008-08-05 23:15:03 0 d-------- C:\Program Files\Tiscali 2008-08-03 22:56:41 0 d-------- C:\Program Files\Common Files 2008-08-03 14:07:52 0 d-------- C:\Program Files\NCH Swift Sound 2008-08-03 14:03:11 0 d-------- C:\Program Files\Windows Live 2008-08-03 10:55:39 0 d-------- C:\Documents and Settings\Steve\Application Data\McAfee 2008-07-30 22:55:54 0 d-------- C:\Documents and Settings\Steve\Application Data\Skype 2008-07-28 17:59:57 0 d-------- C:\Documents and Settings\Steve\Application Data\skypePM 2008-06-25 19:27:56 0 d-------- C:\Documents and Settings\Steve\Application Data\RootsMagic 2008-06-25 19:09:21 0 d-------- C:\Program Files\RootsMagic 2008-06-21 16:56:09 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-21 16:54:03 0 d-------- C:\Program Files\Skype 2008-06-21 16:53:57 0 d-------- C:\Program Files\Common Files\Skype 2008-06-21 13:29:28 0 d-------- C:\Program Files\Microsoft LifeCam 2008-06-21 13:22:12 0 d-------- C:\Program Files\MSN Messenger 2008-06-21 13:20:43 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-14 17:52:43 71880 --a----c- C:\Documents and Settings\Steve\Application Data\GDIPFONTCACHEV1.DAT -- Registry Dump --------------------------------------------------------------- Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] 26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 05/08/2008 22:13 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/08/2008 22:13 2055960] [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 19:12] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 05:42] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/08/2008 22:12] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/07/2007 21:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Microsoft Update"=wserv32.exe "Windows DLL Loader And Verifier"=csrssd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Microsoft Update"=wserv32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\System32\RadExe.dll [01/10/2004 21:34 204800] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA] atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG] LTSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000] C:\WINDOWS\vVX3000.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) "AVGEMS"=2 (0x2) "Avg7UpdSvc"=2 (0x2) "Avg7Alrt"=2 (0x2) -- End of Deckard's System Scanner: finished at 2008-08-07 21:16:50 ------------