Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Member bc633's Avatar
    Join Date
    Aug 2007
    Location
    Georgia
    Posts
    27
    Points
    0

    Default Installers runing at startup

    I have several installers that pop up during the startup of my computer. I cannot tell what the programs are. I have been noticing this for the past few months. Does not happen on any of my other computers. What type of program would have to install itself on every restart? I am posting a copy of my HJT log. Any help would be appreciated. Ok I was going to upload HJT log but I cannont for some reason. Says extension not allowed.

  2. #2
    Member bc633's Avatar
    Join Date
    Aug 2007
    Location
    Georgia
    Posts
    27
    Points
    0

    Default Here is hjt log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:53:46 AM, on 11/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\WINDOWS\ehome\RMSysTry.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DVRMSFileWatcherService - - c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    I have several installers that pop up during the startup of my computer. I cannot tell what the programs are
    Can you tell there names?

    BG

  4. #4
    Member bc633's Avatar
    Join Date
    Aug 2007
    Location
    Georgia
    Posts
    27
    Points
    0

    Default

    They flash up and dissappear very fast. annot see a name on them. Thanks for te reply.

  5. #5
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Are you having any problems ?

    Really don't have an idea of what you are getting, may be steamwiz will.

    I have one program that pops ups just for an instant- my UPS, guess to show me that it loading and ready for use.

    BG

  6. #6
    Member bc633's Avatar
    Join Date
    Aug 2007
    Location
    Georgia
    Posts
    27
    Points
    0

    Default

    Haven't really noticed any major problems. Just concerned me because I haven't seen these on other computers I have. Did not have this occurring after reformatting this one either. Didn't notice exactly when it started because this computer almost always stays on. Only rebooted when installing programs or updates.

  7. #7
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Go ahead and run this:

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.


    BG

  8. #8
    Member bc633's Avatar
    Join Date
    Aug 2007
    Location
    Georgia
    Posts
    27
    Points
    0

    Default

    Here is the log as requested

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/26/2007 at 06:06 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3350
    Trace Rules Database Version: 1349

    Scan type : Complete Scan
    Total Scan Time : 01:33:21

    Memory items scanned : 594
    Memory threats detected : 0
    Registry items scanned : 6528
    Registry threats detected : 0
    File items scanned : 89780
    File threats detected : 3

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\owner@tracking.foxnews[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Your hijackthis log's clean ...

    Like BG I don't think it's anything installing ... I turn off my computer when I'm not using it, so it might get turned on several times a day, I've noticed the first time I turn it on AVG checks for updates, If I turn it on later the same day, as it loads I get a quick flash of a box, most of the time it's so quick you can't make it out, but occasionally I see AVG ... So it could be any Innocent programs, checking for updates ...

    Let's see if this shows anything :-

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member bc633's Avatar
    Join Date
    Aug 2007
    Location
    Georgia
    Posts
    27
    Points
    0

    Default Combofix Log

    Combofix Log:

    ComboFix 07-11-29.3 - Owner 2007-11-28 23:47:42.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.199 [GMT -5:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
    .

    2007-11-26 16:26 . 2007-11-26 18:25 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-26 16:26 . 2007-11-26 16:26 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2007-11-26 16:26 . 2007-11-26 16:26 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-26 12:08 . 2007-11-26 12:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-11-26 12:06 . 2007-11-26 12:17 d-------- C:\Documents and Settings\Owner\.housecall6.6
    2007-11-26 11:11 . 2007-11-26 11:11 d-------- C:\WINDOWS\LastGood
    2007-11-26 11:11 . 2007-11-26 11:29 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2007-11-25 23:37 . 2007-11-25 23:37 d-------- C:\Documents and Settings\Owner\Application Data\TuneUp Software
    2007-11-25 23:36 . 2007-11-26 11:50 d-------- C:\Program Files\TuneUp Utilities 2007
    2007-11-25 23:36 . 2007-11-25 23:36 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-11-25 22:24 . 2007-11-26 11:46 d-------- C:\Program Files\File Shredder
    2007-11-16 16:43 . 2007-11-26 11:47 d-------- C:\Program Files\iTunes
    2007-11-16 16:43 . 2007-11-16 16:43 d-------- C:\Program Files\iPod
    2007-11-16 16:43 . 2007-11-16 16:43 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
    2007-11-16 16:43 . 2007-11-25 23:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-11-16 16:43 . 2007-11-16 16:43 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-11-16 16:42 . 2007-11-16 16:42 d-------- C:\Program Files\QuickTime
    2007-11-16 16:42 . 2007-11-16 16:43 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-16 16:41 . 2007-11-16 16:41 d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-11-16 16:41 . 2007-11-16 16:41 d-------- C:\Program Files\Common Files\Apple
    2007-11-16 16:41 . 2007-11-16 16:41 d-------- C:\Program Files\Apple Software Update
    2007-11-16 16:41 . 2007-11-16 16:41 d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-16 16:41 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2007-11-02 09:39 . 2007-11-02 09:39 d-------- C:\Program Files\dillSoft.com

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-29 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-29 01:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-27 13:00 --------- d-----w C:\Program Files\KingdomSteward
    2007-11-26 21:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-26 16:50 --------- d-----w C:\Program Files\Windows Defender
    2007-11-26 16:50 --------- d-----w C:\Program Files\Norton Internet Security
    2007-11-26 16:47 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-11-26 16:46 --------- d-----w C:\Program Files\Google
    2007-11-26 16:46 --------- d-----w C:\Program Files\ffdshow
    2007-11-26 16:45 --------- d-----w C:\Program Files\DVRMSToolbox
    2007-11-26 16:45 --------- d-----w C:\Program Files\Digital Media Reader
    2007-11-26 16:43 --------- d-----w C:\Program Files\BigFix
    2007-11-26 16:43 --------- d-----w C:\Program Files\7-Zip
    2007-11-25 22:12 1,562 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2007-11-21 01:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\ieSpell
    2007-11-04 02:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
    2007-10-15 17:59 --------- d-----w C:\Program Files\MIKSOFT
    2007-10-15 16:03 --------- d-----w C:\Program Files\Dragon Global
    2007-10-15 16:02 --------- d-----w C:\Program Files\Common Files\Moonlight
    2007-10-15 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVRMSToolbox
    2007-10-15 14:42 --------- d-----w C:\Program Files\AviSynth 2.5
    2007-10-15 14:41 --------- d-----w C:\Program Files\eRightSoft
    2007-10-15 14:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-09 19:52 --------- d-----w C:\Program Files\Java
    2007-10-03 22:34 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-03 22:34 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-03 22:34 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-03 22:34 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-03 22:34 --------- d-----w C:\Program Files\Symantec
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 07:52]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:56]
    "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50]
    "CHotkey"="zHotkey.exe" [2004-05-17 20:30 C:\WINDOWS\zHotkey.exe]
    "ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 C:\WINDOWS\ShowWnd.exe]
    "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-01 14:00]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 13:55]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22]
    "AlcFDMonitor"="C:\WINDOWS\ALCFDRTM.EXE" [2007-08-27 21:15]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-21 09:24 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 14:32 C:\WINDOWS\ALCWZRD.EXE]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2007-08-22 02:22:03]
    Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Reminder"=%WINDIR%\Creator\Remind_XP.exe

    R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
    R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
    S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
    S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    QWAVE QWAVE

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    *Newly Created Service* - PROCEXP90
    *Newly Created Service* - SASDIFSV
    *Newly Created Service* - SASENUM
    *Newly Created Service* - SASKUTIL
    *Newly Created Service* - TMCOMM
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-26 04:37:32 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2007-11-28 06:36:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-11-16 12:50:06 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-28 23:49:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-28 23:50:11
    .
    --- E O F ---

Page 1 of 2 12 LastLast