Thread: update.exe
View Single Post
Old 02-21-2007, 09:29 PM   #4 (permalink)
mightymax_81
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
hi again.
these are the results of the scans....


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:11:49 22/02/2007

+ Scan result:



C:\Documents and Settings\max\Application Data\TuneUp Software\TuneUp Utilities\Backups\00000033.rcb/00000054.fil -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000018.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000015.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000015.exe/ffext.mod/{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000016.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000016.exe/search.dl~ -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000016.exe/whse.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Recycled\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000002.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP2\A0000162.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP3\A0000187.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP4\A0000257.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP5\A0000326.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000414.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000415.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000416.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000417.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000418.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000419.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP8\A0001224.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP8\A0001225.dll -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000013.exe -> Adware.Whenu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\svchosts.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Documents and Settings\max\Application Data\TuneUp Software\TuneUp Utilities\Backups\00000033.rcb/00000073.fil -> Downloader.Small.buy : Cleaned with backup (quarantined).


::Report end






SDFix: Version 1.66

Run by max - 22/02/2007 @ 11:14:26.73

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001377

COM+ Messages Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\unsvchosts.lzma - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Documents and Settings\\MAX\\Desktop\\dota\\Frozen Throne.exe"="C:\\Documents and Settings\\MAX\\Desktop\\dota\\Frozen Throne.exe:*:Enabled:Frozen Throne"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\NTICDMK32.dll
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT5.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp

Add/Remove Programs List:

Adobe Acrobat 7.0 Professional
Adobe Photoshop CS2
Adobe Shockwave Player
Agere Systems AC'97 Modem
Alien Shooter
AVG Anti-Spyware 7.5
CCleaner (remove only)
DC++ 0.680
DivX Content Uploader
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Indeor Software
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Launch Manager
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
PCWH
Registry Mechanic 6.0
Satellite TV for PC Elite 4.8.8.0
Adobe Flash Player 9 ActiveX
Skype (BETA)
WARP13
Norton SystemWorks 2005 (Symantec Corporation)
Theme Creator Pro 3.1.260 SR-1
TravelMate 290
TVAnts 1.0
TVUPlayer 2.3.0.0
VideoLAN VLC media player 0.8.2
Wallpaper Calendar
Winamp (remove only)
Windows XP Service Pack 2
WinRAR archiver
Microsoft User-Mode Driver Framework Feature Pack 1.0
XviD 1.1 final uninstall
Yahoo! Toolbar
Yahoo! Messenger
Yahoo! Install Manager
YAMAHA ATS-MA5-SMAF
Google Toolbar for Internet Explorer
Adobe Photoshop CS2
Internet Worm Protection
Google Toolbar for Firefox
SymNet
WinPatrol
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
DFX for Windows Media Player
EasyGPRS
Norton CleanSweep
ChrisTV Professional 4.99
PowerDVD
MSXML 4.0 SP2 Parser and SDK
Norton SystemWorks 2005
Nokia Nseries Skin for Microsoft Windows Media Player
SPBBC
Adobe Stock Photos 1.0
DivX Codec
Intel(R) Extreme Graphics 2 Driver
DivX Player
Adobe Common File Installer
NSW_DRM_COLLECTION
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Noiseware Community Edition
Norton SystemWorks
ALPS Touch Pad Driver
Adobe Acrobat 7.0 Professional
DivX Converter
DivX Web Player
Adobe Bridge 1.0
Norton AntiVirus 2005
TuneUp Utilities 2007
Symantec Network Drivers Update
Microsoft .NET Framework 1.1
MSRedist
Nero 7 Demo
Symantec Script Blocking Installer
Google Toolbar for Internet Explorer
ccCommon
Norton AntiVirus Parent MSI
Beyond TV DVD Burning Foundation
Adobe Help Center 1.0
Huge Pine USB to UART Driver
QuickTime
Guitar Pro 4
Norton WMI Update
Realtek AC'97 Audio

Finished








Incident Status Location

Potentially unwanted tool:application/need2find Not disinfected hkey_local_machine\software\Need2Find
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}
Dialer:dialer.min Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/whenusearch Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\SYSTEM32\ACTSKN45.OCX
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MAX\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MAX\Cookies\max@atdmt[2].txt
Potentially unwanted tool:Application/ErrorGuard Not disinfected C:\Program Files\DC++\Downloads\TAB\setuperrorguard.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\APPS\Process.exe
Adware:Adware/Gator Not disinfected D:\SOFTWARE\CODEC\DivXPro511Adware.exe[Gain_Trickler.exe]
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\SOFTWARE\mIRC\sysreset_2.53.exe[addons\moo.dll]






Logfile of HijackThis v1.99.1
Scan saved at 12:24:54, on 22/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
mightymax_81 is offline   Reply With Quote