Our November Competition
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [In Progress] HiJackThis! Logs
Reload this Page alert of program already in use
Register for a Free Account

[In Progress] HiJackThis! Logs - alert of program already in use posted in the Security & Safety forums; hi..hoping you can help...when trying to install logitec webcam c200 i keep getting the message that the camera is already in use when i havent got other programs using it ...


Reply
Free PC Performance Scan
Page 1 of 3 1 23
Old 2 Weeks Ago   #1
Bronze Member
 
Join Date: Nov 2009
Posts: 9
PC Experience: Some Experience
Exclamation alert of program already in use
hi..hoping you can help...when trying to install logitec webcam c200 i keep getting the message that the camera is already in use when i havent got other programs using it at the time...when i went to logitec site they suggested i run a hijackthis program and it come up with a whole lot of stuff dont know what is good and what to get rid off....please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:46 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler. exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\JENNYB~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DVA Media - {0E2EE7BA-47EF-4D35-A1C3-45CA4762C7CC} - C:\WINDOWS\svpekgongpv.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4FA4D144-6D0A-4FB4-9A1B-6689681E2DBF} - C:\WINDOWS\system32\ljJBusPi.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Jenny Brown\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\ Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Jenny Brown\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\ Setup.exe" "/UPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46...abblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Luxor%20-...es/stg_drm.ocx
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176683742656
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197437375812
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://gamecenter.oberon-media.com/g...eb.1.0.0.9.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://msnau.oberon-media.com/online...jolauncher.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c2f139f1e00c5b64.spaces.l...d/MsnPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://arcade.ninemsn.com.au/online2...esLauncher.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://clubgames.pogo.com/online2/po...b.1.0.0.10.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Season%20.../armhelper.ocx
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://grandmondial.microgaming.com...al/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: eehymymu - eehymymu.dll (file missing)
O20 - Winlogon Notify: __c0042BE4 - __c0042BE4.dat (file missing)
O20 - Winlogon Notify: __c00B1CF3 - __c00B1CF3.dat (file missing)
O21 - SSODL: fkdnrwsv - {8F7D4BC3-9CFE-4738-A9E4-33AE49F9AFA2} - C:\WINDOWS\fkdnrwsv.dll (file missing)
O21 - SSODL: sxfnewqb - {360CFF1F-97BA-4932-8ABA-17386E2A7242} - C:\WINDOWS\sxfnewqb.dll (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9c603ec7f055e) (gupdate1c9c603ec7f055e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO. EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 16567 bytes
milkyoz is offline   Reply With Quote
Advertisement - Register to Remove

Old 2 Weeks Ago   #2
Tech Support Team
 
Wolfeymole's Avatar
 
Join Date: Nov 2006
Location: In the Slaughtered Lamb having a pint.
Posts: 4,483
PC Experience: Smarter than the average Bear
Default Re: alert of program already in use
Hello Milkyoz

Welcome to PC Help Forum.

Please click this link called Prework and follow the instructions and a member of the Security Team will assist you shortly.

Thank you.
__________________

If PCHF has helped you please consider a donation by clicking this link Donate
Wolfeymole is online now   Reply With Quote
Old 2 Weeks Ago   #3
Bronze Member
 
Join Date: Nov 2009
Posts: 9
PC Experience: Some Experience
Exclamation Re: alert of program already in use
hi...heres some more info thanks
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/01 20:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF755E000 Size: 57344 File Visible: - Signed: -
Status: -
Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xF7806000 Size: 23552 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF740F000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF795A000 Size: 11648 File Visible: - Signed: -
Status: -
Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xF7378000 Size: 101888 File Visible: - Signed: -
Status: -
Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xF793E000 Size: 19232 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA83F000 Size: 138496 File Visible: - Signed: -
Status: -
Name: agp440.sys
Image Path: agp440.sys
Address: 0xF767E000 Size: 42368 File Visible: - Signed: -
Status: -
Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xF768E000 Size: 44928 File Visible: - Signed: -
Status: -
Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xF7966000 Size: 12800 File Visible: - Signed: -
Status: -
Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xF75BE000 Size: 55168 File Visible: - Signed: -
Status: -
Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xF758E000 Size: 56960 File Visible: - Signed: -
Status: -
Name: aliide.sys
Image Path: aliide.sys
Address: 0xF7A42000 Size: 5248 File Visible: - Signed: -
Status: -
Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xF765E000 Size: 42752 File Visible: - Signed: -
Status: -
Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xF766E000 Size: 43008 File Visible: - Signed: -
Status: -
Name: amsint.sys
Image Path: amsint.sys
Address: 0xF7972000 Size: 12032 File Visible: - Signed: -
Status: -
Name: asc.sys
Image Path: asc.sys
Address: 0xF77D6000 Size: 26496 File Visible: - Signed: -
Status: -
Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xF780E000 Size: 22400 File Visible: - Signed: -
Status: -
Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xF7976000 Size: 14848 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7391000 Size: 96512 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7B9A000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xAA68B000 Size: 328576 File Visible: - Signed: -
Status: -
Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF7916000 Size: 21120 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7956000 Size: 16384 File Visible: - Signed: -
Status: -
Name: bcm4sbxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Address: 0xF76BE000 Size: 45312 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A64000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF794E000 Size: 12288 File Visible: - Signed: -
Status: -
Name: btkrnl.sys
Image Path: C:\WINDOWS\system32\DRIVERS\btkrnl.sys
Address: 0xF6D1E000 Size: 837920 File Visible: - Signed: -
Status: -
Name: btserial.sys
Image Path: C:\WINDOWS\system32\drivers\btserial.sys
Address: 0xF7856000 Size: 22432 File Visible: - Signed: -
Status: -
Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xF797E000 Size: 13952 File Visible: - Signed: -
Status: -
Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xF7A4C000 Size: 7680 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7248000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF76EE000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF761E000 Size: 53248 File Visible: - Signed: -
Status: -
Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF7A06000 Size: 13952 File Visible: - Signed: -
Status: -
Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xF7A4A000 Size: 6656 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7952000 Size: 10240 File Visible: - Signed: -
Status: -
Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xF7962000 Size: 14976 File Visible: - Signed: -
Status: -
Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xF734C000 Size: 179584 File Visible: - Signed: -
Status: -
Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xF796E000 Size: 14720 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF760E000 Size: 36352 File Visible: - Signed: -
Status: -
Name: DKbFltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
Address: 0xF789E000 Size: 16896 File Visible: - Signed: -
Status: -
Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xF7816000 Size: 20192 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF778E000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA673000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A6A000 Size: 8192 File Visible: No Signed: -
Status: -
Name: dvd43llh.sys
Image Path: C:\WINDOWS\System32\DRIVERS\dvd43llh.sys
Address: 0xF78B6000 Size: 18816 File Visible: - Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF6CF3000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7B4B000 Size: 4096 File Visible: - Signed: -
Status: -
Name: epm-psd.sys
Image Path: C:\WINDOWS\system32\drivers\epm-psd.sys
Address: 0xF7C1B000 Size: 4096 File Visible: - Signed: -
Status: -
Name: epm-shd.sys
Image Path: C:\WINDOWS\system32\drivers\epm-shd.sys
Address: 0xA99AF000 Size: 78208 File Visible: - Signed: -
Status: -
Name: Fastfat.sys
Image Path: Fastfat.sys
Address: 0xF72F6000 Size: 143744 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7278000 Size: 44544 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF732C000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A62000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF73C1000 Size: 125056 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6FF0000 Size: 163840 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA98EF000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7926000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA911F000 Size: 10368 File Visible: - Signed: -
Status: -
Name: hpn.sys
Image Path: hpn.sys
Address: 0xF7826000 Size: 25952 File Visible: - Signed: -
Status: -
Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xAA9B3000 Size: 721280 File Visible: - Signed: -
Status: -
Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xAAA64000 Size: 998656 File Visible: - Signed: -
Status: -
Name: HSFHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
Address: 0xAAB58000 Size: 218496 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA91EC000 Size: 264832 File Visible: - Signed: -
Status: -
Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF71C4000 Size: 8576 File Visible: - Signed: -
Status: -
Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xF77E6000 Size: 18560 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF76CE000 Size: 52480 File Visible: - Signed: -
Status: -
Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA3A000 Size: 925696 File Visible: - Signed: -
Status: -
Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA05000 Size: 217088 File Visible: - Signed: -
Status: -
Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E3000 Size: 139264 File Visible: - Signed: -
Status: -
Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xF702C000 Size: 1353696 File Visible: - Signed: -
Status: -
Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D5000 Size: 57344 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF76DE000 Size: 42112 File Visible: - Signed: -
Status: -
Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xF797A000 Size: 16000 File Visible: - Signed: -
Status: -
Name: int15.sys
Image Path: C:\Acer\Empowering Technology\eRecovery\int15.sys
Address: 0xA91DB000 Size: 69632 File Visible: - Signed: -
Status: -
Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7A44000 Size: 5504 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF76AE000 Size: 36352 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA861000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA908000 Size: 75264 File Visible: - Signed: -
Status: -
Name: irda.sys
Image Path: C:\WINDOWS\system32\DRIVERS\irda.sys
Address: 0xAA4A5000 Size: 88192 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF753E000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF78A6000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A3E000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA89DD000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6DFF000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF72DF000 Size: 92928 File Visible: - Signed: -
Status: -
Name: LVPr2Mon.sys
Image Path: C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
Address: 0xA8F1B000 Size: 18944 File Visible: - Signed: -
Status: -
Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xA99A7000 Size: 12544 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A66000 Size: 4224 File Visible: - Signed: -
Status: -
Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF78DE000 Size: 30080 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF78AE000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA8FBB000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF756E000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xF77DE000 Size: 17280 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA9C93000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA6DC000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7906000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF773E000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7A1A000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7298000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF72B2000 Size: 182656 File Visible: - Signed: -
Status: -
Name: NdisFilt.sys
Image Path: C:\WINDOWS\System32\Drivers\NdisFilt.sys
Address: 0xF7AA2000 Size: 4320 File Visible: - Signed: -
Status: -
Name: NdisIP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NdisIP.sys
Address: 0xA996B000 Size: 10880 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7A12000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xAA533000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6D07000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF776E000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7288000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA887000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF790E000 Size: 30848 File Visible: - Signed: -
Status: -
Name: NTIDrvr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
Address: 0xF7A52000 Size: 6144 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF6E3F000 Size: 2944 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF754E000 Size: 61696 File Visible: - Signed: -
Status: -
Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7B07000 Size: 4096 File Visible: - Signed: -
Status: -
Name: OsaFsLoc.sys
Image Path: C:\WINDOWS\system32\drivers\OsaFsLoc.sys
Address: 0xF71A4000 Size: 12032 File Visible: - Signed: -
Status: -
Name: osaio.sys
Image Path: C:\WINDOWS\system32\drivers\osaio.sys
Address: 0xF7A8E000 Size: 7296 File Visible: - Signed: -
Status: -
Name: osanbm.sys
Image Path: C:\WINDOWS\system32\drivers\osanbm.sys
Address: 0xF7BD9000 Size: 3520 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77C6000 Size: 19712 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF73FE000 Size: 68224 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B06000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77BE000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF73E0000 Size: 120192 File Visible: - Signed: -
Status: -
Name: Pcouffin.sys
Image Path: C:\WINDOWS\System32\Drivers\Pcouffin.sys
Address: 0xF774E000 Size: 39488 File Visible: - Signed: -
Status: -
Name: perc2.sys
Image Path: perc2.sys
Address: 0xF781E000 Size: 27296 File Visible: - Signed: -
Status: -
Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xF7A4E000 Size: 5504 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAAB8E000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6C2E000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF78CE000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF762E000 Size: 45184 File Visible: - Signed: -
Status: -
Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xF75DE000 Size: 40320 File Visible: - Signed: -
Status: -
Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xF759E000 Size: 33152 File Visible: - Signed: -
Status: -
Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xF75FE000 Size: 45312 File Visible: - Signed: -
Status: -
Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xF75AE000 Size: 40448 File Visible: - Signed: -
Status: -
Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xF75EE000 Size: 49024 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF71B8000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasirda.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasirda.sys
Address: 0xF78BE000 Size: 19584 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF770E000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF771E000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF772E000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF78D6000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA74C000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A68000 Size: 4224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF76FE000 Size: 57600 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAA3A5000 Size: 49152 File Visible: No Signed: -
Status: -
Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAABB2000 Size: 4251648 File Visible: - Signed: -
Status: -
Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xAA54B000 Size: 13568 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF73A9000 Size: 98304 File Visible: - Signed: -
Status: -
Name: serscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serscan.sys
Address: 0xF7A54000 Size: 6784 File Visible: - Signed: -
Status: -
Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xF763E000 Size: 40960 File Visible: - Signed: -
Status: -
Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xF77CE000 Size: 19072 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF731A000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA97F5000 Size: 333952 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A56000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xF77F6000 Size: 28384 File Visible: - Signed: -
Status: -
Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xF77FE000 Size: 30688 File Visible: - Signed: -
Status: -
Name: symc810.sys
Image Path: symc810.sys
Address: 0xF796A000 Size: 16256 File Visible: - Signed: -
Status: -
Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xF77EE000 Size: 32640 File Visible: - Signed: -
Status: -
Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF6E40000 Size: 190592 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xAA465000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA8AF000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF78C6000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF775E000 Size: 40704 File Visible: - Signed: -
Status: -
Name: toside.sys
Image Path: toside.sys
Address: 0xF7A46000 Size: 4992 File Visible: - Signed: -
Status: -
Name: UBHelper.sys
Image Path: UBHelper.sys
Address: 0xF795E000 Size: 13952 File Visible: - Signed: -
Status: -
Name: ultra.sys
Image Path: ultra.sys
Address: 0xF75CE000 Size: 36736 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6BD0000 Size: 384768 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xAA963000 Size: 31616 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A50000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7896000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF779E000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6E6F000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF788E000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF78FE000 Size: 20992 File Visible: - Signed: -
Status: -
Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xF764E000 Size: 42240 File Visible: - Signed: -
Status: -
Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7A48000 Size: 5376 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7018000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF757E000 Size: 52352 File Visible: - Signed: -
Status: -
Name: w39n51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\w39n51.sys
Address: 0xF6E93000 Size: 1428096 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF77AE000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF792E000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xAA198000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xF7A02000 Size: 8832 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A40000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF71B0000 Size: 12032 File Visible: - Signed: -
Status: -
milkyoz is offline   Reply With Quote
Old 2 Weeks Ago   #4
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,176
PC Experience: PC Guru
Default Re: alert of program already in use
Hi milkyoz,

A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)



Please download Malwarebytes' Anti-Malware by clicking the link below:
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.


Please include MBAM log, C:\ComboFix.txt and a new HijackThis log for further review, so that we may continue cleansing the system.


Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
chiaz is offline   Reply With Quote
Old 2 Weeks Ago   #5
Bronze Member
 
Join Date: Nov 2009
Posts: 9
PC Experience: Some Experience
Exclamation requested scan results
hi...here are the 2 scan results you asked for...waiting to find out whats next..thanks

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.358 [GMT 10.5:30]
Running from: c:\documents and settings\xxxxxxxx\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\xxxxxxxxxxxx\Desktopblackbird.jpg
c:\documents and settings\xxxxxxxxxxxx\DesktopEditorFKWP1.5.exe
c:\documents and settings\xxxxxxxxxxxx\DesktopEditorFKWP2.0.exe
c:\documents and settings\xxxxxxxxxxx\Desktopfilemanagerclient.exe
c:\documents and settings\xxxxxxxxxx\Desktopfkwp1.5.exe
c:\documents and settings\xxxxxxxxxx\Desktopfkwp2.0.exe
c:\documents and settings\xxxxxxxxxx\Desktopfwebd.exe
c:\documents and settings\xxxxxxxxxxx\DesktopFWebdEditor.exe
c:\documents and settings\xxxxxxxxx\DesktopTrojan.Win32.BlackBird.e xe
c:\documents and settings\xxxxxxxxxx\Desktopvirii
c:\documents and settings\xxxxxxxxx\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe
c:\documents and settings\xxxxxxx\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe
c:\documents and settings\xxxxxxx\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe
c:\documents and settings\xxxxxxx\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe
c:\documents and settings\xxxxxxx\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe
c:\documents and settings\xxxxxxx\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\iPsuBJjl.ini
c:\windows\system32\iPsuBJjl.ini2
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32akttzn.exe
c:\windows\system32anticipator.dll
c:\windows\system32awtoolb.dll
c:\windows\system32bdn.com
c:\windows\system32bsva-egihsg52.exe
c:\windows\system32dpcproxy.exe
c:\windows\system32emesx.dll
c:\windows\system32h@tkeysh@@k.dll
c:\windows\system32hoproxy.dll
c:\windows\system32hxiwlgpm.dat
c:\windows\system32hxiwlgpm.exe
c:\windows\system32medup012.dll
c:\windows\system32medup020.dll
c:\windows\system32msgp.exe
c:\windows\system32msnbho.dll
c:\windows\system32mssecu.exe
c:\windows\system32msvchost.exe
c:\windows\system32mtr2.exe
c:\windows\system32mwin32.exe
c:\windows\system32netode.exe
c:\windows\system32newsd32.exe
c:\windows\system32psof1.exe
c:\windows\system32psoft1.exe
c:\windows\system32regc64.dll
c:\windows\system32regm64.dll
c:\windows\system32Rundl1.exe
c:\windows\system32smp
c:\windows\system32smp\msrc.exe
c:\windows\system32sncntr.exe
c:\windows\system32ssurf022.dll
c:\windows\system32ssvchost.com
c:\windows\system32ssvchost.exe
c:\windows\system32sysreq.exe
c:\windows\system32taack.dat
c:\windows\system32taack.exe
c:\windows\system32temp#01.exe
c:\windows\system32thun.dll
c:\windows\system32thun32.dll
c:\windows\system32VBIEWER.OCX
c:\windows\system32vbsys2.dll
c:\windows\system32vcatchpi.dll
c:\windows\system32winlogonpc.exe
c:\windows\system32winsystem.exe
c:\windows\system32WINWGPX.EXE
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_SFC
-------\Service_NPF
-------\Service_sfc

((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.
2009-11-01 20:59 . 2009-11-01 20:59 -------- d-----w- c:\documents and settings\xxxxxx\Application Data\Malwarebytes
2009-11-01 20:59 . 2009-09-10 04:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 20:59 . 2009-11-01 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 20:59 . 2009-11-01 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-01 20:59 . 2009-09-10 04:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 08:45 . 2009-11-01 08:45 -------- d-----w- c:\program files\Trend Micro
2009-11-01 08:34 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-11-01 08:34 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2.dll
2009-11-01 08:33 . 2009-04-30 23:03 6754712 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2009-11-01 08:33 . 2009-04-30 22:57 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2009-11-01 08:33 . 2009-04-30 22:39 34068 ----a-r- c:\windows\system32\Repository.reg
2009-11-01 08:33 . 2009-04-30 23:01 265496 ----a-r- c:\windows\system32\drivers\lvrs.sys
2009-11-01 08:33 . 2009-04-30 23:00 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys
2009-11-01 08:33 . 2009-04-30 22:57 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2009-11-01 08:32 . 2009-04-30 23:03 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2009-11-01 08:31 . 2009-11-01 08:31 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-11-01 08:23 . 2009-11-01 08:23 134 ----a-w- c:\documents and settings\xxxxxx\Local Settings\Application Data\fusioncache.dat
2009-11-01 08:22 . 2009-11-01 08:23 61456 ----a-w- c:\documents and settings\xxxxxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-01 05:26 . 2009-11-01 05:26 -------- d-----w- c:\documents and settings\xxxxxxxx\Local Settings\Application Data\LogiShrd
2009-11-01 05:25 . 2009-11-01 05:25 -------- d-----w- c:\documents and settings\xxxxxxx\Application Data\Leadertech
2009-11-01 05:22 . 2009-11-01 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-11-01 05:21 . 2009-11-01 05:21 -------- d-----w- c:\program files\Logitech
2009-11-01 05:16 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-06 07:10 . 2009-10-06 07:10 -------- d-----w- c:\documents and settings\xxxxxxxx\Tracing
2009-10-06 07:09 . 2009-10-06 07:09 -------- d-----w- c:\program files\Microsoft
2009-10-06 07:08 . 2009-10-06 07:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-06 07:08 . 2009-10-06 07:08 -------- d-----w- c:\program files\Windows Live
2009-10-06 07:05 . 2009-10-06 07:05 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-04 04:48 . 2009-10-04 04:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-04 04:48 . 2009-10-04 04:48 -------- d-----w- c:\documents and settings\xxxxxx\Application Data\skypePM
2009-10-04 04:46 . 2009-10-04 04:46 -------- d-----w- c:\documents and settings\xxxxxxx\Application Data\Skype
2009-10-04 04:20 . 2009-10-04 04:20 -------- d-----w- c:\program files\Common Files\Skype
2009-10-04 04:20 . 2009-10-04 04:20 -------- d-----r- c:\program files\Skype
2009-10-04 04:19 . 2009-10-04 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-04 04:04 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-10-04 04:04 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-10-04 04:04 . 2004-08-03 18:30 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-10-04 04:04 . 2004-08-03 18:30 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-10-04 04:04 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-10-04 04:04 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-10-04 04:04 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-10-04 04:04 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-10-02 21:53 . 2009-09-30 23:59 195440 ------w- c:\windows\system32\MpSigStub.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-01 21:44 . 2009-07-29 22:16 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-01 08:34 . 2009-11-01 05:25 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-01 08:32 . 2009-11-01 05:23 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-27 21:50 . 2009-09-27 21:50 -------- d-----w- c:\documents and settings\xxxxxxx\Application Data\HpUpdate
2009-09-13 00:11 . 2008-10-26 04:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-13 00:11 . 2008-10-26 04:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-13 00:11 . 2008-10-26 04:07 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-11 14:18 . 2004-08-03 19:30 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-03 18:30 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-03 18:30 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-03 18:30 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 08:54 . 2004-08-03 18:30 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 08:54 . 2004-08-03 18:30 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 08:54 . 2007-04-15 23:36 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 08:54 . 2004-08-03 18:30 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 08:54 . 2004-08-03 18:30 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 08:54 . 2004-08-03 18:30 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 08:53 . 2004-08-03 18:30 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 08:53 . 2007-12-12 23:13 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 08:53 . 2007-07-30 08:48 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 08:53 . 2004-08-03 18:30 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 08:01 . 2004-08-03 18:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-09-28 05:32 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-09-28 05:05 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-08-03 18:30 . 2004-08-03 18:30 94784 --sh--w- c:\windows\twain.dll
2006-02-16 12:03 . 2006-02-16 12:03 1216 --sh--w- c:\windows\Twunk_16.dll
2006-02-16 12:03 . 2006-02-16 12:03 1216 --sh--w- c:\windows\Twunk_32.dll
2008-04-14 00:12 . 2004-08-03 18:30 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12 . 2004-08-03 18:30 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-03 18:30 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-03 18:30 11776 --sh--w- c:\windows\system32\regsvr32.exe
2008-04-14 00:12 . 2004-08-03 19:30 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-03 18:30 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-03 18:30 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:11 . 2004-08-03 18:30 1028096 --sha-w- c:\windows\system32\mfc42.dll
.
------- Sigcheck -------
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
c:\windows\system32\sfcfiles.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-03-27 39408]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-03 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-18 69632]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-01-09 589824]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-20 53248]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-02 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-21 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-25 413696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-18 15797248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-25 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-2 618557]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-13 00:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/10/2008 2:37 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/10/2008 2:37 PM 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 6:19 PM 13592]
S2 gupdate1c9c603ec7f055e;Google Update Service (gupdate1c9c603ec7f055e);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 9:44 AM 133104]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
.
Contents of the 'Scheduled Tasks' folder
2009-11-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 07:50]
2009-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:04]
2009-11-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 23:10]
2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 23:14]
2009-11-01 c:\windows\Tasks\User_Feed_Synchronization-{5CCC53F5-C8B7-405F-A7E4-894494349A84}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:01]
2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 23:14]
.
.
------- Supplementary Scan -------
.
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://gamecenter.oberon-media.com/gameshell/games/channel--110005373/lc--en/room--462eec9e-a9e5-4e06-9348-ec50507a57f7/online/dream_chronicles/en/dreamweb.1.0.0.9.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://arcade.ninemsn.com.au/online2/MSN_INTL_AUSTRALIA/mystery_solitaire/SpinTopGamesLauncher.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{4FA4D144-6D0A-4FB4-9A1B-6689681E2DBF} - c:\windows\system32\ljJBusPi.dll
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-RunOnce-SymLnch - c:\documents and settings\Jenny Brown\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\ Support\SymLnch\SymLnch.exe
Notify-eehymymu - eehymymu.dll

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-02 08:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4246408867-2773501912-3843895074-1006\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1152)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler. exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\system32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
c:\windows\system32\igfxext.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\docume~1\JENNYB~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\HPZinw12.exe
.
************************************************** ************************
.
Completion time: 2009-11-01 8:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 21:50
Pre-Run: 1,165,787,136 bytes free
Post-Run: 2,739,109,888 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 133850701AA1DC8166C9E5FAFF250DF6
Malwarebytes' Anti-Malware 1.41
Database version: 3080
Windows 5.1.2600 Service Pack 3
2/11/2009 7:43:58 AM
mbam-log-2009-11-02 (07-43-58).txt
Scan type: Quick Scan
Objects scanned: 129144
Time elapsed: 12 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 7
Registry Data Items Infected: 4
Folders Infected: 5
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stfngdvw.bqxp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stfngdvw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wininetapp.wininet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wininetapp.wininet.1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6edcaa62-21a4-421d-a1ed-298f480c3050} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6efb1cab-d26f-4255-b8f9-8fcef22d7c1e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e2ee7ba-47ef-4d35-a1c3-45ca4762c7cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{230fab55-749b-485d-9b09-9179e022591f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{0e2ee7ba-47ef-4d35-a1c3-45ca4762c7cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{826a5ed9-1316-4efd-87f8-aa400c5d551a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0e2ee7ba-47ef-4d35-a1c3-45ca4762c7cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\ac cessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\mslAgent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinPC AntiVirus (Rogue.WinPCAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Service s\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Service s\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0042be4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b1cf3 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\fkdnrwsv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\sxfnewqb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32ps1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winSystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
milkyoz is offline   Reply With Quote
Old 2 Weeks Ago   #6
Mod Team Leader
 
smokeycheech's Avatar
 
Join Date: Dec 2005
Location: Skynet HQ (kinda near PCHF bunker)
Posts: 2,188
PC Experience: Learning more every day!
Default Re: alert of program already in use
Hello Milky, I have merged your new thread with your original one

Please try to keep to one thread per issue, this minimizes confusion

Regards,

Smokeycheech
__________________
If an elephant never forgets, how come they never win mastermind?
smokeycheech is online now   Reply With Quote
Old 2 Weeks Ago   #7
Bronze Member
 
Join Date: Nov 2009
Posts: 9
PC Experience: Some Experience
Smile Re: alert of program already in use
hi...ok sorry..new to all of this ..thanks
Comments on this post
smokeycheech agrees: No problem mate :)
milkyoz is offline   Reply With Quote

Reply
Page 1 of 3 1 23

Bookmarks

Tags
alert, program, requested, results, scan
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Pending: help! keep getting security alert... m diggity [Pending] HJT Logs 2 10-09-2009 05:22 AM
Pending: Virus Alert TheLastGentleman Spyware / AdWare 3 10-02-2008 12:41 PM
Fixed: Virus Alert!!! HELP naqeeb23 [Fixed] Hijackthis! Logs 8 10-01-2008 11:38 PM
Pending: system alert bubbleuk Spyware / AdWare 3 08-18-2007 03:43 PM
Help! Virus Alert! tim98042 Anti-Virus 1 03-08-2006 11:07 PM

« explorer.exe slowing computer down | unable to complete step 1 of prework »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 07:40 PM.
Powered by vBulletin
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2