Tech Support Forum - View Single Post - Help! Constant Svchost.exe and DEP Error Messages

Raynman · 08-16-2008, 05:46 PM

Chemist,

I deleted DSS.exe from desktop. Then tried to delete Deckard folder from C: drive, but got error message, "Cannot delete 2704: Access is denied".

Ran ComboFix as instructed. When ComboFix rebooted my computer, I received the following message, "RTVScan.exe-Application error. Instruction at 0x0012e482 referenced memory at 0x00000000. The memory could not be read."

I successfully submitted the ComboFix file. I had to run ComboFix a second time since I forgot to save the first log. The ComboFix.txt file from the second run is provided below. HJT log is also provided below, as requested.

Thanks for your continued help!

Raynman

ComboFix 08-08-15.04 - Carli 2008-08-16 19:19:34.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1574 [GMT -4:00]
Running from: C:\Documents and Settings\Carli\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Carli\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\HP_Owner\Desktop\l2mfix.exe
C:\Documents and Settings\HP_Owner\drsmartload348a.exe
D:\R2NL.COM
G:\r2nl.com
H:\R2NL.COM
.

((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-10 20:31 . 2008-08-10 20:31 <DIR> d-------- C:\Deckard
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-10 17:36 . 2008-08-10 17:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-10 17:30 . 2008-08-10 17:30 <DIR> d-------- C:\WINDOWS\EHome
2008-08-10 17:24 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-10 16:40 . 2008-08-10 16:40 <DIR> d-------- C:\ie-spyad_zo
2008-08-10 16:10 . 2008-08-10 16:12 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-10 16:10 . 2008-08-14 21:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 13:01 . 2008-08-10 13:01 <DIR> d-------- C:\Program Files\Panda Security
2008-08-10 13:01 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-10 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-10 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-10 12:09 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-09 22:42 . 2008-04-23 00:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-09 22:42 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-09 22:42 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-09 22:42 . 2008-04-23 00:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-09 22:42 . 2008-04-23 00:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-09 22:42 . 2008-04-23 00:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-09 22:42 . 2008-04-23 00:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-09 22:42 . 2008-04-23 00:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-09 22:42 . 2008-04-22 03:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Corel
2008-07-26 14:41 . 2008-07-26 14:41 <DIR> d-------- C:\Program Files\Gamevance

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-05 15:46 2,276 -c--a-w C:\Documents and Settings\Chris\Application Data\wklnhst.dat
2008-08-03 18:07 --------- d-----w C:\Program Files\Apple Software Update
2008-08-03 18:04 --------- d-----w C:\Program Files\Safari
2008-07-19 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-17 14:59 --------- d-----w C:\Program Files\Yahoo!
2008-07-03 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 13:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-30 13:21 --------- d-----w C:\Documents and Settings\Administrator.YOUR-27E1513D96\Application Data\You've Got Pictures Screensaver
2008-06-30 10:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 10:18 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-06-30 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-30 01:55 --------- d-----w C:\Program Files\Lavasoft
2008-06-30 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 22:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 01:03 90,112 ----a-w C:\WINDOWS\DUMP54e6.tmp
2008-06-06 00:40 4,382 ----a-w C:\Documents and Settings\Carli\Application Data\wklnhst.dat
2006-03-11 13:45 7,634,340 ----a-w C:\Documents and Settings\HP_Owner\Install_AIM.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 13:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 14:03 114688]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 02:34 245760]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-05 01:46 172032]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-08-28 14:12 77824]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-07-24 19:08 26112]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 22:24 1169744]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 22:38 1945688]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 22:29 149024]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 14:45 67488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 13:00 531272]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 04:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-06-01 13:40:44 225280]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 20:31:20 4742184]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 20:31:20 4742184]

C:\Documents and Settings\Carli\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-05-27 20:04:55 947544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus USB.lnk - C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE [2007-08-26 07:30:30 258048]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 10:23:26 282624]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-29 03:40:52 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46731:TCP"= 46731:TCP:PORT_46731
"60107:TCP"= 60107:TCP:PORT_60107
"12396:TCP"= 12396:TCP:PORT_12396
"36520:TCP"= 36520:TCP:PORT_36520
"52800:TCP"= 52800:TCP:PORT_52800
"50423:TCP"= 50423:TCP:PORT_50423
"58880:TCP"= 58880:TCP:PORT_58880
"28676:TCP"= 28676:TCP:PORT_28676
"33882:TCP"= 33882:TCP:PORT_33882
"23184:TCP"= 23184:TCP:PORT_23184
"64543:TCP"= 64543:TCP:PORT_64543
"38379:TCP"= 38379:TCP:PORT_38379
"18707:TCP"= 18707:TCP:PORT_18707
"25040:TCP"= 25040:TCP:PORT_25040
"27547:TCP"= 27547:TCP:PORT_27547
"57492:TCP"= 57492:TCP:PORT_57492
"21076:TCP"= 21076:TCP:PORT_21076
"18351:TCP"= 18351:TCP:PORT_18351
"45894:TCP"= 45894:TCP:PORT_45894
"46919:TCP"= 46919:TCP:PORT_46919
"16741:TCP"= 16741:TCP:PORT_16741
"41155:TCP"= 41155:TCP:PORT_41155
"57720:TCP"= 57720:TCP:PORT_57720
"55924:TCP"= 55924:TCP:PORT_55924
"37891:TCP"= 37891:TCP:PORT_37891
"33523:TCP"= 33523:TCP:PORT_33523
"44177:TCP"= 44177:TCP:PORT_44177
"48649:TCP"= 48649:TCP:PORT_48649
"39626:TCP"= 39626:TCP:PORT_39626
"52572:TCP"= 52572:TCP:PORT_52572
"53996:TCP"= 53996:TCP:PORT_53996
"46566:TCP"= 46566:TCP:PORT_46566
"9591:TCP"= 9591:TCP:PORT_9591
"12835:TCP"= 12835:TCP:PORT_12835
"24958:TCP"= 24958:TCP:PORT_24958
"38180:TCP"= 38180:TCP:PORT_38180
"43821:TCP"= 43821:TCP:PORT_43821
"42395:TCP"= 42395:TCP:PORT_42395
"18591:TCP"= 18591:TCP:PORT_18591
"28030:TCP"= 28030:TCP:PORT_28030
"59132:TCP"= 59132:TCP:PORT_59132
"59590:TCP"= 59590:TCP:PORT_59590
"37861:TCP"= 37861:TCP:PORT_37861
"8985:TCP"= 8985:TCP:PORT_8985
"40339:TCP"= 40339:TCP:PORT_40339
"64305:TCP"= 64305:TCP:PORT_64305
"65009:TCP"= 65009:TCP:PORT_65009
"63645:TCP"= 63645:TCP:PORT_63645
"58870:TCP"= 58870:TCP:PORT_58870
"17066:TCP"= 17066:TCP:PORT_17066
"62837:TCP"= 62837:TCP:PORT_62837
"11713:TCP"= 11713:TCP:PORT_11713
"65224:TCP"= 65224:TCP:PORT_65224
"18908:TCP"= 18908:TCP:PORT_18908
"64520:TCP"= 64520:TCP:PORT_64520
"61239:TCP"= 61239:TCP:PORT_61239
"40778:TCP"= 40778:TCP:PORT_40778
"30200:TCP"= 30200:TCP:PORT_30200
"52008:TCP"= 52008:TCP:PORT_52008
"59334:TCP"= 59334:TCP:PORT_59334
"34528:TCP"= 34528:TCP:PORT_34528
"42707:TCP"= 42707:TCP:PORT_42707
"17453:TCP"= 17453:TCP:PORT_17453
"64540:TCP"= 64540:TCP:PORT_64540
"27094:TCP"= 27094:TCP:PORT_27094
"10102:TCP"= 10102:TCP:PORT_10102
"40255:TCP"= 40255:TCP:PORT_40255
"43296:TCP"= 43296:TCP:PORT_43296

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 07:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
S3 TIAcxubt;D-Link WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\tiacxubt.sys [2003-04-24 17:59]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;C:\WINDOWS\system32\Drivers\tiacxusb.sys [2003-04-29 10:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-08-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-08 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-01-18 18:24]

2005-11-29 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 23:24]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 19:23:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-16 19:29:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 23:28:51
ComboFix2.txt 2008-08-16 23:03:28
ComboFix3.txt 2008-08-16 22:20:14
ComboFix4.txt 2008-08-16 20:46:21

Pre-Run: 181,032,947,712 bytes free
Post-Run: 181,016,887,296 bytes free

261 --- E O F --- 2008-08-10 02:43:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:36 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Carli\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: D-Link AirPlus USB.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145380212593
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O24 - Desktop Component 0: (no name) - http://a943.ac-images.myspacecdn.com...a09620d8c6.jpg
O24 - Desktop Component 1: (no name) - http://artslivres.com/images/Resized...jpg&w=300&q=80
O24 - Desktop Component 3: Yahoo! - http://www.yahoo.com/

--
End of file - 11138 bytes

08-16-2008, 05:46 PM	#7 (permalink)
Raynman Registered User Join Date: Apr 2006 Posts: 13 OS: XP	Re: Help! Constant Svchost.exe and DEP Error Messages Chemist, I deleted DSS.exe from desktop. Then tried to delete Deckard folder from C: drive, but got error message, "Cannot delete 2704: Access is denied". Ran ComboFix as instructed. When ComboFix rebooted my computer, I received the following message, "RTVScan.exe-Application error. Instruction at 0x0012e482 referenced memory at 0x00000000. The memory could not be read." I successfully submitted the ComboFix file. I had to run ComboFix a second time since I forgot to save the first log. The ComboFix.txt file from the second run is provided below. HJT log is also provided below, as requested. Thanks for your continued help! Raynman ComboFix 08-08-15.04 - Carli 2008-08-16 19:19:34.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1574 [GMT -4:00] Running from: C:\Documents and Settings\Carli\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Carli\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Documents and Settings\HP_Owner\Desktop\l2mfix.exe C:\Documents and Settings\HP_Owner\drsmartload348a.exe D:\R2NL.COM G:\r2nl.com H:\R2NL.COM . ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))) . 2008-08-10 20:31 . 2008-08-10 20:31 <DIR> d-------- C:\Deckard 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-10 17:36 . 2008-08-10 17:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-10 17:30 . 2008-08-10 17:30 <DIR> d-------- C:\WINDOWS\EHome 2008-08-10 17:24 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-10 16:40 . 2008-08-10 16:40 <DIR> d-------- C:\ie-spyad_zo 2008-08-10 16:10 . 2008-08-10 16:12 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-10 16:10 . 2008-08-14 21:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-10 13:01 . 2008-08-10 13:01 <DIR> d-------- C:\Program Files\Panda Security 2008-08-10 13:01 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-10 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-08-10 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-08-10 12:09 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-09 22:42 . 2008-04-23 00:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-09 22:42 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-09 22:42 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-09 22:42 . 2008-04-23 00:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-09 22:42 . 2008-04-23 00:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-09 22:42 . 2008-04-23 00:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-09 22:42 . 2008-04-23 00:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-09 22:42 . 2008-04-23 00:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-09 22:42 . 2008-04-22 03:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Corel 2008-07-26 14:41 . 2008-07-26 14:41 <DIR> d-------- C:\Program Files\Gamevance . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-08 19:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-08-05 15:46 2,276 -c--a-w C:\Documents and Settings\Chris\Application Data\wklnhst.dat 2008-08-03 18:07 --------- d-----w C:\Program Files\Apple Software Update 2008-08-03 18:04 --------- d-----w C:\Program Files\Safari 2008-07-19 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-17 14:59 --------- d-----w C:\Program Files\Yahoo! 2008-07-03 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-30 13:38 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-30 13:21 --------- d-----w C:\Documents and Settings\Administrator.YOUR-27E1513D96\Application Data\You've Got Pictures Screensaver 2008-06-30 10:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-30 10:18 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-06-30 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-30 01:55 --------- d-----w C:\Program Files\Lavasoft 2008-06-30 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-29 22:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 01:03 90,112 ----a-w C:\WINDOWS\DUMP54e6.tmp 2008-06-06 00:40 4,382 ----a-w C:\Documents and Settings\Carli\Application Data\wklnhst.dat 2006-03-11 13:45 7,634,340 ----a-w C:\Documents and Settings\HP_Owner\Install_AIM.exe 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 13:59 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 14:03 114688] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 02:34 245760] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-05 01:46 172032] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-08-28 14:12 77824] "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-07-24 19:08 26112] "DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 22:24 1169744] "AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 22:38 1945688] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 22:29 149024] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 14:45 67488] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 13:00 531272] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 04:07 61952 C:\WINDOWS\system32\HdAShCut.exe] C:\Documents and Settings\Chris\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2008-06-01 13:40:44 225280] Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 20:31:20 4742184] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448] Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 20:31:20 4742184] C:\Documents and Settings\Carli\Start Menu\Programs\Startup\ MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-05-27 20:04:55 947544] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ D-Link AirPlus USB.lnk - C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE [2007-08-26 07:30:30 258048] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 10:23:26 282624] Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-29 03:40:52 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "vidc.3IV2"= 3ivxVfWCodec_dec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "46731:TCP"= 46731:TCP:PORT_46731 "60107:TCP"= 60107:TCP:PORT_60107 "12396:TCP"= 12396:TCP:PORT_12396 "36520:TCP"= 36520:TCP:PORT_36520 "52800:TCP"= 52800:TCP:PORT_52800 "50423:TCP"= 50423:TCP:PORT_50423 "58880:TCP"= 58880:TCP:PORT_58880 "28676:TCP"= 28676:TCP:PORT_28676 "33882:TCP"= 33882:TCP:PORT_33882 "23184:TCP"= 23184:TCP:PORT_23184 "64543:TCP"= 64543:TCP:PORT_64543 "38379:TCP"= 38379:TCP:PORT_38379 "18707:TCP"= 18707:TCP:PORT_18707 "25040:TCP"= 25040:TCP:PORT_25040 "27547:TCP"= 27547:TCP:PORT_27547 "57492:TCP"= 57492:TCP:PORT_57492 "21076:TCP"= 21076:TCP:PORT_21076 "18351:TCP"= 18351:TCP:PORT_18351 "45894:TCP"= 45894:TCP:PORT_45894 "46919:TCP"= 46919:TCP:PORT_46919 "16741:TCP"= 16741:TCP:PORT_16741 "41155:TCP"= 41155:TCP:PORT_41155 "57720:TCP"= 57720:TCP:PORT_57720 "55924:TCP"= 55924:TCP:PORT_55924 "37891:TCP"= 37891:TCP:PORT_37891 "33523:TCP"= 33523:TCP:PORT_33523 "44177:TCP"= 44177:TCP:PORT_44177 "48649:TCP"= 48649:TCP:PORT_48649 "39626:TCP"= 39626:TCP:PORT_39626 "52572:TCP"= 52572:TCP:PORT_52572 "53996:TCP"= 53996:TCP:PORT_53996 "46566:TCP"= 46566:TCP:PORT_46566 "9591:TCP"= 9591:TCP:PORT_9591 "12835:TCP"= 12835:TCP:PORT_12835 "24958:TCP"= 24958:TCP:PORT_24958 "38180:TCP"= 38180:TCP:PORT_38180 "43821:TCP"= 43821:TCP:PORT_43821 "42395:TCP"= 42395:TCP:PORT_42395 "18591:TCP"= 18591:TCP:PORT_18591 "28030:TCP"= 28030:TCP:PORT_28030 "59132:TCP"= 59132:TCP:PORT_59132 "59590:TCP"= 59590:TCP:PORT_59590 "37861:TCP"= 37861:TCP:PORT_37861 "8985:TCP"= 8985:TCP:PORT_8985 "40339:TCP"= 40339:TCP:PORT_40339 "64305:TCP"= 64305:TCP:PORT_64305 "65009:TCP"= 65009:TCP:PORT_65009 "63645:TCP"= 63645:TCP:PORT_63645 "58870:TCP"= 58870:TCP:PORT_58870 "17066:TCP"= 17066:TCP:PORT_17066 "62837:TCP"= 62837:TCP:PORT_62837 "11713:TCP"= 11713:TCP:PORT_11713 "65224:TCP"= 65224:TCP:PORT_65224 "18908:TCP"= 18908:TCP:PORT_18908 "64520:TCP"= 64520:TCP:PORT_64520 "61239:TCP"= 61239:TCP:PORT_61239 "40778:TCP"= 40778:TCP:PORT_40778 "30200:TCP"= 30200:TCP:PORT_30200 "52008:TCP"= 52008:TCP:PORT_52008 "59334:TCP"= 59334:TCP:PORT_59334 "34528:TCP"= 34528:TCP:PORT_34528 "42707:TCP"= 42707:TCP:PORT_42707 "17453:TCP"= 17453:TCP:PORT_17453 "64540:TCP"= 64540:TCP:PORT_64540 "27094:TCP"= 27094:TCP:PORT_27094 "10102:TCP"= 10102:TCP:PORT_10102 "40255:TCP"= 40255:TCP:PORT_40255 "43296:TCP"= 43296:TCP:PORT_43296 R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 07:12] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46] S3 TIAcxubt;D-Link WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\tiacxubt.sys [2003-04-24 17:59] S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;C:\WINDOWS\system32\Drivers\tiacxusb.sys [2003-04-29 10:49] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contents of the 'Scheduled Tasks' folder 2008-08-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-08 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2007-01-18 18:24] 2005-11-29 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 23:24] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 19:23:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\NavLogon.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-08-16 19:29:07 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-16 23:28:51 ComboFix2.txt 2008-08-16 23:03:28 ComboFix3.txt 2008-08-16 22:20:14 ComboFix4.txt 2008-08-16 20:46:21 Pre-Run: 181,032,947,712 bytes free Post-Run: 181,016,887,296 bytes free 261 --- E O F --- 2008-08-10 02:43:27 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:37:36 PM, on 8/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Documents and Settings\Carli\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: D-Link AirPlus USB.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145380212593 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O24 - Desktop Component 0: (no name) - http://a943.ac-images.myspacecdn.com...a09620d8c6.jpg O24 - Desktop Component 1: (no name) - http://artslivres.com/images/Resized...jpg&w=300&q=80 O24 - Desktop Component 3: Yahoo! - http://www.yahoo.com/ -- End of file - 11138 bytes