1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

I think someone may have remote acess to my computer...

Discussion in 'Malware and Virus Removal Archive' started by Ayim, 2008/01/24.

  1. 2008/01/24
    Ayim

    Ayim Inactive Thread Starter

    Joined:
    2008/01/24
    Messages:
    2
    Likes Received:
    0
    My files on my desktop keep... copying themselfs and making dublicates randomly... ( not all of them, only like a 4-5) Like, this doesn't happen alot, maybe once every now and then but it's pretty weird.

    So it hasn't happened in a while, but then out of nowhere it did it again (today) and also, a website was randomly added to my favorites too (this is really weird) some how this site ( http://en.wikipedia.org/wiki/Fresh ) was added to my favorites, I never even been to that site before..

    so I have AVG / Zone alarm spybot and adaware, scanned with all of those nothing showed up (except some on adaware and stuff, they always do)

    any idea what it could be? Here's a hijackthis log if it helps

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 3:07:36 AM, on 1/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\PROGRA~1\Jetico\BCWipe\BCResident.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\ImageShack\QuickShot\QuickShot.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    E:\Useful Programs\HiJackThis_v2.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe "
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = %ProgramFiles%\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
    O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_30.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176081993796
    O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2007.4.4.cab
    O16 - DPF: {7D1AC43C-FDD7-4F4D-8A74-BD315320569B} (GSystemInfo Control) - http://www.ragnarok2.co.kr/cab1/GSystemInfo.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_35.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/eng/billard9_2_0_0_28.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 13623 bytes
     
    Ayim,
    #1
  2. 2008/01/24
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Ayim
    Welcome to Windowsbbs :)

    I'm not seeing anything in the HJT log.

    Can you tell me what these files are? Do you mean the icons?

    wikipedia.org, is a legitimate web site and I haven't heard of any problems with the site.

    Let's run a scan and look a little deeper. Please do the following.

    Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
    Note: You must be logged onto an account with administrator privileges to complete the following.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

    Please post the "main.txt" log only for now.

    Please let me know what files you are speaking of.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/01/25
    Ayim

    Ayim Inactive Thread Starter

    Joined:
    2008/01/24
    Messages:
    2
    Likes Received:
    0
    It just does it to random files/folders on my deaktop... It's weird, like these would randomly make copys of themselfs

    like I'd have these 4 icons/files on my desktop:

    PicturesFolder
    Core Temp.exe
    dss.exe
    Steam

    And then I'd come back and it'd be like this:

    PicturesFolder
    Core Temp.exe
    dss.exe
    Steam
    Shortcut to Core Temp.exe
    Shortcut to PicturesFolder

    --

    Here's "main.txt "
    ----------------

    Deckard's System Scanner v20071014.68
    Run by Owner on 2008-01-25 03:31:31
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    32: 2008-01-25 08:31:34 UTC - RP221 - Deckard's System Scanner Restore Point
    31: 2008-01-24 08:37:41 UTC - RP220 - Removed Ad-Aware 2007
    30: 2008-01-24 08:25:32 UTC - RP219 - Installed Ad-Aware 2007
    29: 2008-01-23 15:14:30 UTC - RP218 - System Checkpoint
    28: 2008-01-22 12:49:39 UTC - RP217 - System Checkpoint


    -- First Restore Point --
    1: 2007-12-28 22:28:33 UTC - RP190 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-01-25 03:33:46
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
    C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
    C:\Program Files\Grisoft\AVG Free\avgemc.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\WINDOWS\RTHDCPL.exe
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Jetico\BCWipe\BCResident.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.118.89.74:8080
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe "
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\w2pxdrv.dll
    O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
    O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_30.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} () - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176081993796
    O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2007.4.4.cab
    O16 - DPF: {7D1AC43C-FDD7-4F4D-8A74-BD315320569B} (GSystemInfo Control) - http://www.ragnarok2.co.kr/cab1/GSystemInfo.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_35.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} () - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} () - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/eng/billard9_2_0_0_28.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O20 - AppInit_DLLs: wbsys.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    --
    End of file - 14287 bytes

    -- File Associations -----------------------------------------------------------

    .bat - batfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Darkstar Icons\Darkstar.icl,41
    .inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
    .ini - inifile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Darkstar Icons\Darkstar.icl,33
    .js - unable to read key
    .js - unable to read key
    .txt - txtfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Darkstar Icons\Darkstar.icl,35


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
    R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
    R1 BCSWAP - c:\windows\system32\drivers\bcswap.sys <Not Verified; Jetico, Inc.; Jetico(R) BestCrypt(TM) Security System for Windows NT/2000/XP(TM)>
    R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
    R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
    R3 XDva037 - c:\windows\system32\xdva037.sys (file missing)

    S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
    S2 npkcrypt - c:\program files\mabinogi\npkcrypt.sys (file missing)
    S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
    S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
    S3 KProcWatch - c:\windows\system32\drivers\kprocwatch.sys (file missing)
    S3 L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
    S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
    S3 RivaTuner32 - c:\program files\rivatuner v2.06\rivatuner32.sys
    S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
    S3 UfasoftSnifDriver4 (Ufasoft Snif Driver v4) - c:\program files\ufasoft\sniffer\usft_sn4.sys (file missing)
    S3 vncdrv - c:\windows\system32\drivers\vncdrv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
    S3 XDva009 - c:\windows\system32\xdva009.sys (file missing)
    S3 XDva011 - c:\windows\system32\xdva011.sys (file missing)
    S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 bgsvcgen (B's Recorder GOLD Library General Service) - "c:\windows\system32\bgsvcgen.exe" <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
    R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
    R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&CBC4BCB&0&00
    Manufacturer: NVIDIA
    Name: NVIDIA nForce Networking Controller #2
    PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&CBC4BCB&0&00
    Service: NVENETFD


    -- Files created between 2007-12-25 and 2008-01-25 -----------------------------

    2008-01-25 00:19:23 0 d-------- C:\Program Files\Common Files\INCA Shared
    2008-01-24 07:10:50 0 d-------- C:\Program Files\Trend Micro
    2008-01-24 06:55:53 0 d--hs---- C:\Documents and Settings\Owner\Cookies
    2008-01-24 03:25:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-22 06:16:24 23 --a------ C:\WINDOWS\popcinfot.dat
    2008-01-19 05:29:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SwiftSwitch
    2008-01-19 05:29:02 0 d-------- C:\Program Files\SwiftSwitch
    2008-01-16 18:43:12 0 d-------- C:\Program Files\iTunes
    2008-01-16 18:43:05 0 d-------- C:\Program Files\Bonjour
    2008-01-16 18:42:49 0 d-------- C:\Program Files\Common Files\Apple
    2008-01-16 15:47:40 0 d-------- C:\Program Files\Audiosurf
    2008-01-16 13:44:29 0 d-------- C:\Program Files\QuickTime
    2008-01-16 13:43:13 0 d-------- C:\Program Files\Apple Software Update
    2008-01-16 13:43:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-01-13 19:55:28 0 d---s---- C:\Program Files\Mabinogi
    2008-01-07 14:25:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Music Recognition
    2008-01-07 09:09:12 0 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
    2008-01-07 09:06:23 0 d-------- C:\Nexon
    2008-01-03 17:22:27 0 d-------- C:\Program Files\Steam
    2007-12-28 13:00:44 0 d-------- C:\NVIDIA
    2007-12-28 12:50:42 0 dr-h----- C:\Documents and Settings\Owner\Recent
    2007-12-28 03:44:48 0 dr------- C:\Documents and Settings\Owner\Favorites
    2007-12-27 23:16:15 58652 --a------ C:\Program Files\AMVapp-uninst.exe
    2007-12-27 23:16:11 0 d-------- C:\Program Files\AMVAppg
    2007-12-26 22:57:20 0 d-------- C:\WINDOWS\nview


    -- Find3M Report ---------------------------------------------------------------

    2008-01-25 00:19:23 0 d-------- C:\Program Files\Common Files
    2008-01-24 06:30:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
    2008-01-24 04:12:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
    2008-01-24 04:12:45 0 d-------- C:\Program Files\Lavasoft
    2008-01-24 03:37:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-24 03:36:07 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
    2008-01-23 22:05:35 0 d-------- C:\Program Files\OGPlanet
    2008-01-22 23:54:25 0 d-------- C:\Program Files\FlashFXP
    2008-01-19 05:38:48 0 d-------- C:\Program Files\mIRC
    2008-01-16 18:58:45 0 d-------- C:\Program Files\Conquer 2.0
    2008-01-16 18:43:16 0 d-------- C:\Program Files\iPod
    2008-01-16 15:33:45 0 d-------- C:\Program Files\PeerGuardian2
    2008-01-09 14:04:55 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-12-28 10:47:46 0 d-------- C:\Program Files\YAMB
    2007-12-28 10:47:45 0 d-------- C:\Program Files\Xvid
    2007-12-28 10:47:44 0 d-------- C:\Program Files\x264
    2007-12-28 10:47:40 0 d-------- C:\Program Files\Windows NT
    2007-12-28 10:47:38 0 d-------- C:\Program Files\Windows Media Connect 2
    2007-12-28 10:47:37 0 d-------- C:\Program Files\Windows Journal Viewer
    2007-12-28 10:47:37 0 d-------- C:\Program Files\Winamp
    2007-12-28 10:47:11 0 d-------- C:\Program Files\Ventrilo
    2007-12-28 10:47:08 0 d-------- C:\Program Files\SystemRequirementsLab
    2007-12-28 10:47:04 0 d-------- C:\Program Files\SpeedFan
    2007-12-28 10:46:49 0 d-------- C:\Program Files\RivaTuner v2.06
    2007-12-28 10:45:50 0 d-------- C:\Program Files\RivaTuner v2.05
    2007-12-28 10:45:50 0 d-------- C:\Program Files\RegCleaner
    2007-12-28 10:45:45 0 d-------- C:\Program Files\Real Alternative
    2007-12-28 10:44:49 0 d-------- C:\Program Files\Online Services
    2007-12-28 10:44:15 0 d-------- C:\Program Files\MSN Messenger
    2007-12-28 10:43:49 0 d-------- C:\Program Files\Movie Maker
    2007-12-28 10:42:02 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-28 10:42:01 0 d-------- C:\Program Files\Messenger Plus! Live
    2007-12-28 10:41:58 0 d-------- C:\Program Files\Messenger
    2007-12-28 10:41:57 0 d-------- C:\Program Files\megui
    2007-12-28 10:41:47 0 d-------- C:\Program Files\Media Player Classic
    2007-12-28 10:35:32 0 d-------- C:\Program Files\GetRight
    2007-12-28 10:24:18 0 d-------- C:\Program Files\FlashGet
    2007-12-28 10:24:16 0 d-------- C:\Program Files\Exact Audio Copy
    2007-12-28 10:18:28 0 d-------- C:\Program Files\DVD Decrypter
    2007-12-28 10:18:28 0 d-------- C:\Program Files\Driver Cleaner Pro
    2007-12-28 10:18:26 0 d-------- C:\Program Files\DivX
    2007-12-28 10:14:13 0 d-------- C:\Program Files\Common Files\SystemRequirementsLab
    2007-12-28 10:13:41 0 d-------- C:\Program Files\Common Files\Macromedia
    2007-12-28 10:13:35 0 d-------- C:\Program Files\Common Files\EasyInfo
    2007-12-28 10:12:32 0 d-------- C:\Program Files\Combined Community Codec Pack
    2007-12-28 10:12:30 0 d-------- C:\Program Files\Cheat Engine
    2007-12-28 10:12:30 0 d-------- C:\Program Files\CCleaner
    2007-12-28 10:07:24 0 d-------- C:\Program Files\Boris FX, Inc
    2007-12-28 10:06:42 0 d-------- C:\Program Files\BitTorrent
    2007-12-28 10:06:36 0 d-------- C:\Program Files\Azureus
    2007-12-28 10:06:35 0 d-------- C:\Program Files\AviSynth 2.5
    2007-12-28 10:06:13 0 d-------- C:\Program Files\AMVapp
    2007-12-28 10:06:07 0 d-------- C:\Program Files\AlienGUIse
    2007-12-28 09:42:50 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
    2007-12-28 09:42:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
    2007-12-28 09:42:49 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
    2007-12-28 09:42:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird
    2007-12-28 09:42:47 0 d-------- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
    2007-12-28 09:42:42 0 d-------- C:\Documents and Settings\Owner\Application Data\ProxyCap
    2007-12-28 09:42:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
    2007-12-28 09:42:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
    2007-12-28 09:41:42 0 d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
    2007-12-28 09:41:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
    2007-12-28 09:41:41 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
    2007-12-28 09:41:41 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRight
    2007-12-28 09:41:41 0 d-------- C:\Documents and Settings\Owner\Application Data\GanymedeNet
    2007-12-28 09:41:19 0 d-------- C:\Documents and Settings\Owner\Application Data\FLV Extract
    2007-12-28 09:41:17 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
    2007-12-28 09:41:16 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
    2007-12-28 09:41:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Bioshock
    2007-12-28 09:40:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
    2007-12-26 23:36:19 0 d-------- C:\Program Files\Common Files\Stardock
    2007-12-23 23:58:33 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-12-23 23:09:58 806912 --a------ C:\WINDOWS\system32\BCWipe.dll <Not Verified; Jetico, Inc.; Jetico, Inc. BCWipe>
    2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
    2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
    2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
    2007-12-01 11:25:25 0 d-------- C:\Program Files\bu
    2007-11-27 09:48:41 0 d-------- C:\Program Files\Activision
    2007-11-14 22:12:27 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
    2007-11-12 10:58:07 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
    2007-10-29 02:53:51 5377 --a------ C:\WINDOWS\mozver.dat
    2007-10-25 23:43:59 65536 --a------ C:\WINDOWS\IFinst27.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [03/28/2006 04:38 PM C:\WINDOWS\KHALMNPR.Exe]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/21/2007 08:48 AM]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/31/2005 10:57 AM]
    "IMEKRMIG6.1 "= "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/31/2005 10:57 AM]
    "MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/31/2005 10:57 AM]
    "PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/31/2005 10:58 AM]
    "PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/31/2005 10:58 AM]
    "Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [03/28/2006 04:38 PM C:\WINDOWS\KHALMNPR.Exe]
    "@ "=" " []
    "RTHDCPL "= "RTHDCPL.EXE" [09/11/2007 03:54 PM C:\WINDOWS\RTHDCPL.exe]
    "Alcmtr "= "ALCMTR.EXE" []
    "DiscWizardMonitor.exe "= "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [04/19/2007 09:24 PM]
    "AcronisTimounterMonitor "= "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [04/19/2007 09:38 PM]
    "Acronis Scheduler2 Service "= "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [04/19/2007 09:29 PM]
    "amd_dc_opt "= "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [07/23/2007 11:06 AM]
    "BCWipeTM Startup "= "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" [02/22/2007 07:01 AM]
    "ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
    "nwiz "= "nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igndlm.exe "= "C:\Program Files\IGN\Download Manager\dlm.exe" [03/05/2007 12:57 PM]
    "FreeRAM XP "= "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" []
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/31/2005 10:57 AM]
    "Steam "= "c:\program files\steam\steam.exe" [01/10/2008 07:45 PM]

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 6:16:50 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [8/29/2007 12:25:15 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 12/20/2001 11:34 PM 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=wbsys.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages "= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
    backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
    "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
    C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap]
    C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Spooler "=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3555dc9f-5adb-11db-96e9-806d6172696f}]
    AutoRun\command- D:\Autorun.exe

    *Newly Created Service* - EVERESTDRIVER
    *Newly Created Service* - XDVA037



    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    7862 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-01-25 03:34:35 ------------







    --
    --


    if nothing is wrong with that, then maybe it's just some program conflict or something, I dunno =\
     
    Ayim,
    #3
  5. 2008/01/25
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Ayim

    Having any p2p file sharing apps such as Limewire, BitTorrent uTorrent, Azureus etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
    I strongly recommend removing any P2P applications.

    Please do these in the order given.


    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    Messenger Plus! Live

    Please note any other programs that you dont recognize in that list and post them in your next response


    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

    C:\Program Files\Messenger Plus! Live


    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    C:\WINDOWS\popcinfot.dat
    C:\WINDOWS\IFinst27.exe


    You have a broken file association. The following will fix it.

    ** dss.exe must be on the desktop for the following command to work. **

    Highlight and copy the bolded command below.

    "%userprofile%\desktop\dss.exe" /daft
    • Click Start>Run and paste the command in, then hit enter.
    • An interface of Deckards file association fix will open.
    • Click Scan.
    • .bat .inf .ini .txt and .js should come up in the list.
    • Check the box next to each, then click Fix.
    • Exit when complete.


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Reboot you computer.


    Please run a on-line scan here.

    Please do an online scan with Kaspersky WebScanner

    Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

    You will be promted to install an ActiveX component from Kaspersky, Click Yes or Install.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results and I new dss log.

    Thanks
    Geri
     
    Geri,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...