Tech Support Forum banner
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter · #1 ·
[SOLVED] "not-a-virus" virus and "javaclass" trojan keep appearing on virus scans

Hello
I have been experiencing some problems with my computer recently. Firstly, my virus scanner (AVG) keeps on finding a virus called 'not-a-virus:RemoteAdmin.Win32.WinVNC-based.f' and some trojans called 'Trojan.JavaClass'. I have also been getting random pop-ups whenever I have been browsing the internet, and my computer seems to be running very sluggish, especially at startup.

I also believe that, last week, someone gained remote access to my computer, as all of a sudden, my mouse wouldn't move properly and the computer became really slow. This only stopped when I engaged the internet lock on my Zonealarm firewall.

Today, I was asked by Zonealarm to give a program called spoolsv.exe "access to privileged rights" which I have never seen before for this program. When I looked at the properties of spoolsv.exe, it said that it was created in 2006 but modified in 2005 (???), and so therefore didn't allow the program access. (I don't know if that has anything to do with the problems that I am having but thought I would mention it)

I have done "the 5 things you need to do" before posting a blog; here are the files requested:

Panda Scan:

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Carla Greenwood\Application Data\Mozilla\Firefox\Profiles\4n4qe3mx.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Carla Greenwood\Application Data\Mozilla\Firefox\Profiles\4n4qe3mx.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Carla Greenwood\Application Data\Mozilla\Firefox\Profiles\4n4qe3mx.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carla Greenwood\Cookies\carla [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Carla Greenwood\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][3].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][1].txt
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Desktop\EvID4226Patch223d-en\EvID4226Patch.exe


Deckard's System Scanner v20071014.68
Run by Chris Tunnicliffe on 2007-12-03 10:00:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Chris Tunnicliffe.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:54, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\mqsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Chris Tunnicliffe\Desktop\dss.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CHRIST~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected]
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?a4d23ea7722c49f9bdac14e535fefaf5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?a4d23ea7722c49f9bdac14e535fefaf5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Microgaming\Poker\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O15 - Trusted Zone: http://www.studivz.net
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/StanJamesGib/FlashAX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11291 bytes

-- Files created between 2007-11-03 and 2007-12-03 -----------------------------

2007-12-03 09:35:48 0 d-------- C:\Program Files\Trend Micro
2007-12-02 23:44:02 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-01 10:44:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-12-01 10:43:28 0 d-------- C:\WINDOWS\CSC
2007-11-30 18:27:50 0 d-------- C:\ie-spyad_zo
2007-11-30 18:19:41 0 d-------- C:\Program Files\SpywareBlaster
2007-11-30 13:13:07 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-26 23:56:40 0 d-------- C:\Microgaming
2007-11-23 14:52:29 0 d-------- C:\Program Files\QuickTime
2007-11-15 05:14:01 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\ppPokerDir
2007-11-12 23:58:06 0 d-------- C:\Program Files\PartyGaming
2007-11-08 02:16:44 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\dwhelper
2007-11-08 01:20:54 0 d-------- C:\Program Files\OxigenInstall
2007-11-07 12:58:02 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\VersionTracker Pro
2007-11-07 03:23:40 0 d-------- C:\Program Files\TechTracker
2007-11-07 03:14:43 0 d-------- C:\Program Files\Lavasoft
2007-11-07 03:14:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-07 03:14:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-04 22:52:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-11-04 22:52:22 0 d-------- C:\Program Files\Logitech
2007-11-04 22:52:22 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-11-04 18:20:51 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-04 18:20:51 3932160 --a------ C:\Documents and Settings\Chris Tunnicliffe\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2007-12-03 09:59:08 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\Skype
2007-12-03 09:57:45 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\MailFrontier
2007-12-03 09:57:29 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-03 09:57:16 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\AVG7
2007-12-03 09:28:31 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\Microgaming
2007-12-03 00:18:35 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-03 00:10:52 0 d-------- C:\Program Files\iTunes
2007-12-03 00:09:14 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-02 13:58:24 512 --a------ C:\ScanSectorLog.dat
2007-12-01 13:32:12 0 d-------- C:\Program Files\MSN Messenger
2007-11-22 02:55:48 0 d-------- C:\Program Files\Common Files\Real
2007-11-22 02:55:41 0 d-------- C:\Program Files\Common Files
2007-11-22 02:55:32 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\Real
2007-11-15 02:11:09 0 d-------- C:\Program Files\Dl_cats
2007-11-02 01:15:46 0 d-------- C:\Program Files\Skype
2007-11-02 01:15:40 0 d-------- C:\Program Files\Common Files\Skype
2007-11-01 17:17:37 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\Uniblue
2007-11-01 17:17:31 0 d-------- C:\Program Files\Uniblue
2007-11-01 16:53:09 0 d-------- C:\Program Files\DivX
2007-10-23 13:20:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-16 00:57:14 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\CyberLink
2007-10-16 00:57:08 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\HP
2007-10-12 04:29:32 0 d-------- C:\Program Files\iPod
2007-10-12 04:28:29 0 d-------- C:\Program Files\Apple Software Update
2007-10-12 04:27:51 0 d-------- C:\Program Files\Common Files\Apple
2007-10-10 04:16:58 1459 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 05:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 06:58]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [23/03/2006 13:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [23/03/2006 13:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [23/03/2006 13:17]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [02/06/2006 16:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2006 06:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [23/06/2006 14:43]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/06/2006 15:21]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [19/06/2006 10:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 10:23]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [09/02/2006 09:52]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [15/03/2006 21:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [15/03/2006 21:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [15/03/2006 21:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [15/03/2006 21:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [15/03/2006 21:00]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [08/09/2005 19:55]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [25/10/2007 13:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 20:16]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 05:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 13:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [13/09/2007 13:31]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [24/09/2005 17:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [07/11/2007 03:23:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"




-- End of Deckard's System Scanner: finished at 2007-12-03 10:03:06 ------------

Many thanks in advance for your help.
Chris
 

Attachments

1 - 5 of 5 Posts
Status
Not open for further replies.
Top