Windows Media Player constantly open in the background?

thathagat · 25 Jul 2010

poobla5 said:

is this a virus perhaps taking advantage of WMP? I dont know. :S

well if you have a suspicion then you can try...
1)scanning with Hitman pro and Malwarebytes.
2)Post a Hijackthis log here and pm experts like Jacee or Corrine to have a look at it.

whs · 25 Jul 2010

Try this. Go into Services and disable the "Portable device enumerator service". Reboot and see whether that does it.

poobla5 · 25 Jul 2010

Here you go.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:22:08 PM, on 26/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrssta.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8377 bytes

Hopefully that can help my situation. Let me know if theres anything abnormal please

poobla5 · 25 Jul 2010

Also, about 5 minutes earlier I did a test and for some reason it was different. For exmaple, it said AVG Tray wasnt open when it was open the whole time (minimized in my taskbar) but as you can see in the log I posted above it says it was open. Also one log is 5000 something bytes and the one before was 8377 bytes? Anyway here is the previous log a few minutes before the one I just posted up there

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:56 PM, on 26/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrssta.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5429 bytes

zigzag3143 · 26 Jul 2010

poobla5 said:

Hi, thanks for your help.

I followed your instructions and could not find this "Roxio Burn Launcher" nor a Windows Media Player option in the start up tab.

Can we get screen shots of all the tabs uploaded to us????

Abhishek Ghosh · 26 Jul 2010

zigzag3143 said:

Can we get screen shots of all the tabs uploaded to us????

Good point mate.

@poobla5: Please run Windrows Genuine Validation tool> (Obviously you will pass) > Restart.

A friend of me had a problem something like you in Vista (HP lappy, OEM OS). What he did (wrongly), installed WMP again (I dont know why) from some tech magazine DVD. WMP was constantly checking for Genuine Validation in background. In told him to run WGA tool: it declared it was counterfeit copy! Calling MS helped to activate again his copy.

You can go to this site to check it: Genuine Microsoft Software

Jacee · 26 Jul 2010

Read this 'how to' What are wmpnscfg.exe and wmpnetwk.exe and Why Are They Running? - How-To Geek

Also, In your startup .... uncheck Java updater. That doesn't need to be running in the background.

File name: RoxioBurnLauncher.exe File size: 482.48 KB (494064 bytes) Md5: c09aee8c0bf3dbe298cbff97e305ddd8

Loading point information

Execution type:REGISTRY
Registry section:HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Entry desktop Disc Tool

poobla5 · 26 Jul 2010

Firstly I've already uploaded some screenshots on the previous page. In regards to having installed a counterfeit WMP, that is not at all the issue and everything is clear - I did a Windows Genuine Test as you instructed. Also, with Java Updater, that was enabled automatically and I thought it was the best thing? If there is an update wouldnt I want it automatically instead of being insecure when there is an update out but I dont know about it? Also is anybody able to give some insight into those hijack this logs? Thanks much for all your help

Jacee · 27 Jul 2010

1. Go HERE and download FileLister.

Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Note: Leave the FileLister.vbe file in the folder and run it from there.

Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

poobla5 · 28 Jul 2010

Done. However in the middle of the scan when it pops up the CMD, it gives me the message "Cannot find the files.txt file, do you want to create a new file?" and I click yes and it just brings up a blank notepad. Having said that the final result is still here, so that's kinda weird. Here you go.

+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 29/07/2010 10:07:48 AM

====== Running Processes ======

C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

====== BHO's ======
BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\Windows\system32\userinit.exe,
Winlogon\Shell = explorer.exe
AppInit_DLLs = avgrssta.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[Launch LgDeviceAgent] = "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
[Launch LCDMon] = "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
[Launch LGDCore] = "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
[RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

====== HKCU\~\Run Keys ======

[Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[msnmsgr] = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

====== DNS Info (List may be empty) ======

ICSDomain = mshome.net
SyncDomainWithMembership = 1
NV Hostname = PC-PC
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = PC-PC
UseDomainNameDevolution = 1
EnableICMPRedirect = 1
DeadGWDetectDefault = 1
DontAddDefaultGatewayDefault = 0
EnableWsd = 1
QualifyingDestinationThreshold = 3
OverrideDefaultAddressSelection = 1
DhcpNameServer = 192.168.1.1

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

15/07/2010 3:51:53 PM 1024 32 C:\.rnd
2/07/2010 2:26:16 PM 200704 C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
20/07/2010 1:00:45 PM 200704 C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
25/07/2010 1:15:41 AM 1861 C:\Windows\pss
12/07/2010 11:21:36 AM 17551 32 C:\Windows\DirectX.log
25/07/2010 1:34:13 AM 171828 32 C:\Windows\ntbtlog.txt
7/07/2010 11:12:57 AM 8136 32 C:\Windows\PFRO.log
7/07/2010 11:13:17 AM 1344 32 C:\Windows\setupact.log
7/07/2010 11:13:17 AM 0 32 C:\Windows\setuperr.log
9/06/2010 9:37:10 AM 84992 32 C:\Windows\System32\asycfilt.dll
9/06/2010 9:37:11 AM 366080 32 C:\Windows\System32\atmfd.dll
9/06/2010 9:37:11 AM 46080 32 C:\Windows\System32\atmlib.dll
25/07/2010 9:59:26 AM 42567 32 C:\Windows\System32\avgrep.txt
17/07/2010 9:13:46 AM 13048 32 C:\Windows\System32\avgrssta.dll
14/07/2010 10:37:30 AM 144384 32 C:\Windows\System32\cdd.dll
23/06/2010 12:42:37 PM 961024 32 C:\Windows\System32\CPFilters.dll
23/06/2010 12:43:57 PM 1942856 32 C:\Windows\System32\dfshim.dll
9/06/2010 9:37:12 AM 445952 32 C:\Windows\System32\iedkcs32.dll
9/06/2010 9:37:14 AM 12364288 32 C:\Windows\System32\ieframe.dll
9/06/2010 9:37:12 AM 64512 32 C:\Windows\System32\jsproxy.dll
23/06/2010 12:42:36 PM 258560 32 C:\Windows\System32\mpg2splt.ax
23/06/2010 12:43:57 PM 444752 32 C:\Windows\System32\mscoree.dll
23/06/2010 12:42:36 PM 552960 32 C:\Windows\System32\msdri.dll
9/06/2010 9:37:12 AM 82944 32 C:\Windows\System32\msfeedsbs.dll
9/06/2010 9:37:15 AM 9290240 32 C:\Windows\System32\mshtml.dll
23/06/2010 12:42:36 PM 288256 32 C:\Windows\System32\MSNP.ax
9/06/2010 9:37:12 AM 1026048 32 C:\Windows\System32\mstime.dll
23/06/2010 12:43:57 PM 48960 32 C:\Windows\System32\netfxperf.dll
23/06/2010 12:42:50 PM 1736608 32 C:\Windows\System32\ntdll.dll
23/06/2010 12:43:57 PM 320352 32 C:\Windows\System32\PresentationHost.exe
23/06/2010 12:43:57 PM 109912 32 C:\Windows\System32\PresentationHostProxy.dll
9/06/2010 9:37:12 AM 1493504 32 C:\Windows\System32\urlmon.dll
9/06/2010 9:37:10 AM 3122176 32 C:\Windows\System32\win32k.sys
9/06/2010 9:37:12 AM 1192960 32 C:\Windows\System32\wininet.dll

====== "\Administrator & All Users\Startup" Last 60 Days======

====== "\Program Files" Last 60 Days======

23/06/2010 12:51:31 PM 195920 C:\Program Files\Bonjour
26/07/2010 11:29:27 AM 6776128 C:\Program Files\Hitman Pro 3.5
23/06/2010 12:55:05 PM 1966616 C:\Program Files\iTunes
15/07/2010 3:47:36 PM 487877242 C:\Program Files\Tenable

======"Drivers" Modified Last 60 Days======

1/01/2010 12:37:42 PM 269904 32 C:\Windows\System32\drivers\avgldx64.sys
1/01/2010 12:37:38 PM 35536 32 C:\Windows\System32\drivers\avgmfx64.sys
1/01/2010 12:37:31 PM 317520 32 C:\Windows\System32\drivers\avgtdia.sys
26/07/2010 11:30:35 AM 19528 32 C:\Windows\System32\drivers\hitmanpro35.sys
23/12/2009 1:41:45 AM 0 32 C:\Windows\System32\drivers\lvuvc.hs
15/07/2010 3:51:53 PM 53312 32 C:\Windows\System32\drivers\pssdk42.sys

====== Files Deleted under "%Temp%" ======

5 Files deleted

======"All Users\Application Data" Last 60 Days======

====== HKLM\~\ShellServiceObjectDelayLoad======

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -

====== HKLM\~\SharedTaskScheduler======

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

====== Services ( Services that are Whitelisted are not shown) ======

1394ohci (1394 OHCI Compliant Host Controller)- C:\Windows\system32\DRIVERS\1394ohci.sys - Manual/Stopped
AcpiPmi (ACPI Power Meter Driver)- C:\Windows\system32\DRIVERS\acpipmi.sys - Manual/Stopped
adp94xx (adp94xx)- C:\Windows\system32\DRIVERS\adp94xx.sys - Manual/Stopped
adpahci (adpahci)- C:\Windows\system32\DRIVERS\adpahci.sys - Manual/Stopped
amdide (amdide)- C:\Windows\system32\DRIVERS\amdide.sys - Manual/Stopped
amdsata (amdsata)- C:\Windows\system32\DRIVERS\amdsata.sys - Manual/Stopped
amdsbs (amdsbs)- C:\Windows\system32\DRIVERS\amdsbs.sys - Manual/Stopped
amdxata (amdxata)- C:\Windows\system32\DRIVERS\amdxata.sys - Boot/Running
AppID (AppID Driver)- C:\Windows\system32\drivers\appid.sys - Manual/Stopped
arcsas (arcsas)- C:\Windows\system32\DRIVERS\arcsas.sys - Manual/Stopped
AvgLdx64 (AVG Free AVI Loader Driver x64)- C:\Windows\system32\Drivers\avgldx64.sys - System/Running
AvgMfx64 (AVG Free On-access Scanner Minifilter Driver x64)- C:\Windows\system32\Drivers\avgmfx64.sys - System/Running
AvgTdiA (AVG Free Network Redirector x64)- C:\Windows\system32\Drivers\avgtdia.sys - System/Running
b06bdrv (Broadcom NetXtreme II VBD)- C:\Windows\system32\DRIVERS\bxvbda.sys - Manual/Stopped
b57nd60a (Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0)- C:\Windows\system32\DRIVERS\b57nd60a.sys - Manual/Stopped
blbdrive (blbdrive)- C:\Windows\system32\DRIVERS\blbdrive.sys - System/Running
bowser (Browser Support Driver)- C:\Windows\system32\DRIVERS\bowser.sys - Manual/Running
BrFiltLo (Brother USB Mass-Storage Lower Filter Driver)- C:\Windows\system32\DRIVERS\BrFiltLo.sys - Manual/Stopped
BrFiltUp (Brother USB Mass-Storage Upper Filter Driver)- C:\Windows\system32\DRIVERS\BrFiltUp.sys - Manual/Stopped
Brserid (Brother MFC Serial Port Interface Driver (WDM))- C:\Windows\system32\Drivers\Brserid.sys - Manual/Stopped
BrSerWdm (Brother WDM Serial driver)- C:\Windows\system32\Drivers\BrSerWdm.sys - Manual/Stopped
BrUsbMdm (Brother MFC USB Fax Only Modem)- C:\Windows\system32\Drivers\BrUsbMdm.sys - Manual/Stopped
BrUsbSer (Brother MFC USB Serial WDM Driver)- C:\Windows\system32\Drivers\BrUsbSer.sys - Manual/Stopped
circlass (Consumer IR Devices)- C:\Windows\system32\DRIVERS\circlass.sys - Manual/Stopped
CLFS (Common Log (CLFS))- C:\Windows\system32\CLFS.sys - Boot/Running
CNG (CNG)- C:\Windows\system32\Drivers\cng.sys - Boot/Running
CompositeBus (Composite Bus Enumerator Driver)- C:\Windows\system32\DRIVERS\CompositeBus.sys - Manual/Stopped
DfsC (DFS Namespace Client Driver)- C:\Windows\system32\Drivers\dfsc.sys - System/Running
discache (System Attribute Cache)- C:\Windows\system32\drivers\discache.sys - System/Running
DXGKrnl (LDDM Graphics Subsystem)- C:\Windows\system32\drivers\dxgkrnl.sys - Manual/Stopped
ebdrv (Broadcom NetXtreme II 10 GigE VBD)- C:\Windows\system32\DRIVERS\evbda.sys - Manual/Stopped
elxstor (elxstor)- C:\Windows\system32\DRIVERS\elxstor.sys - Manual/Stopped
ErrDev (Microsoft Hardware Error Device Driver)- C:\Windows\system32\DRIVERS\errdev.sys - Manual/Stopped
FileInfo (File Information FS MiniFilter)- C:\Windows\system32\drivers\fileinfo.sys - Boot/Running
Filetrace (Filetrace)- C:\Windows\system32\drivers\filetrace.sys - Manual/Stopped
FsDepends (File System Dependency Minifilter)- C:\Windows\system32\drivers\FsDepends.sys - Manual/Stopped
fvevol (Bitlocker Drive Encryption Filter Driver)- C:\Windows\system32\DRIVERS\fvevol.sys - Boot/Running
gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms)- C:\Windows\system32\DRIVERS\gagp30kx.sys - Manual/Stopped
hcw85cir (Hauppauge Consumer Infrared Receiver)- C:\Windows\system32\drivers\hcw85cir.sys - Manual/Stopped
HidBth (Microsoft Bluetooth HID Miniport)- C:\Windows\system32\DRIVERS\hidbth.sys - Manual/Stopped
HidIr (Microsoft Infrared HID Driver)- C:\Windows\system32\DRIVERS\hidir.sys - Manual/Stopped
HpSAMD (HpSAMD)- C:\Windows\system32\DRIVERS\HpSAMD.sys - Manual/Stopped
hwpolicy (Hardware Policy Driver)- C:\Windows\system32\drivers\hwpolicy.sys - Boot/Running
iaStorV (iaStorV)- C:\Windows\system32\DRIVERS\iaStorV.sys - Manual/Stopped
IPMIDRV (IPMIDRV)- C:\Windows\system32\DRIVERS\IPMIDrv.sys - Manual/Stopped
iScsiPrt (iScsiPort Driver)- C:\Windows\system32\DRIVERS\msiscsi.sys - Manual/Stopped
KSecPkg (KSecPkg)- C:\Windows\system32\Drivers\ksecpkg.sys - Boot/Running
L1E (NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller)- C:\Windows\system32\DRIVERS\L1E62x64.sys - Manual/Stopped
LGBusEnum (Logitech GamePanel Virtual Bus Enumerator Driver)- C:\Windows\system32\drivers\LGBusEnum.sys - Manual/Stopped
LGVirHid (Logitech Gamepanel Virtual HID Device Driver)- C:\Windows\system32\drivers\LGVirHid.sys - Manual/Stopped
lltdio (Link-Layer Topology Discovery Mapper I/O Driver)- C:\Windows\system32\DRIVERS\lltdio.sys - Auto/Running
LSI_FC (LSI_FC)- C:\Windows\system32\DRIVERS\lsi_fc.sys - Manual/Stopped
LSI_SAS (LSI_SAS)- C:\Windows\system32\DRIVERS\lsi_sas.sys - Manual/Stopped
LSI_SAS2 (LSI_SAS2)- C:\Windows\system32\DRIVERS\lsi_sas2.sys - Manual/Stopped
LSI_SCSI (LSI_SCSI)- C:\Windows\system32\DRIVERS\lsi_scsi.sys - Manual/Stopped
luafv (UAC File Virtualization)- C:\Windows\system32\drivers\luafv.sys - Auto/Running
LVPr2M64 (Logitech LVPr2M64 Driver)- C:\Windows\system32\DRIVERS\LVPr2M64.sys - Manual/Running
LVRS64 (Logitech RightSound Filter Driver)- C:\Windows\system32\DRIVERS\lvrs64.sys - Manual/Stopped
LVUVC64 (Logitech QuickCam Pro 9000(UVC))- C:\Windows\system32\DRIVERS\lvuvc64.sys - Manual/Stopped
megasas (megasas)- C:\Windows\system32\DRIVERS\megasas.sys - Manual/Stopped
MegaSR (MegaSR)- C:\Windows\system32\DRIVERS\MegaSR.sys - Manual/Stopped
mpio (mpio)- C:\Windows\system32\DRIVERS\mpio.sys - Manual/Stopped
mpsdrv (Windows Firewall Authorization Driver)- C:\Windows\system32\drivers\mpsdrv.sys - Manual/Running
mrxsmb10 (SMB 1.x MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb10.sys - Manual/Running
mrxsmb20 (SMB 2.0 MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb20.sys - Manual/Running
msahci (msahci)- C:\Windows\system32\DRIVERS\msahci.sys - Manual/Stopped
msdsm (msdsm)- C:\Windows\system32\DRIVERS\msdsm.sys - Manual/Stopped
mshidkmdf (Pass-through HID to KMDF Filter Driver)- C:\Windows\system32\drivers\mshidkmdf.sys - Manual/Stopped
msisadrv (msisadrv)- C:\Windows\system32\DRIVERS\msisadrv.sys - Boot/Running
MsRPC (MsRPC)- C:\Windows\system32\drivers\MsRPC.sys - Manual/Stopped
MTConfig (Microsoft Input Configuration Driver)- C:\Windows\system32\DRIVERS\MTConfig.sys - Manual/Stopped
MTsensor (ATK0110 ACPI UTILITY)- C:\Windows\system32\DRIVERS\ASACPI.sys - Manual/Stopped
NativeWifiP (NativeWiFi Filter)- C:\Windows\system32\DRIVERS\nwifi.sys - Manual/Stopped
NdisCap (NDIS Capture LightWeight Filter)- C:\Windows\system32\DRIVERS\ndiscap.sys - Manual/Stopped
nfrd960 (nfrd960)- C:\Windows\system32\DRIVERS\nfrd960.sys - Manual/Stopped
nsiproxy (NSI proxy service driver.)- C:\Windows\system32\drivers\nsiproxy.sys - System/Running
nvlddmkm (nvlddmkm)- C:\Windows\system32\DRIVERS\nvlddmkm.sys - Manual/Stopped
pcw (Performance Counters for Windows Driver)- C:\Windows\system32\drivers\pcw.sys - Boot/Running
PEAUTH (PEAUTH)- C:\Windows\system32\drivers\peauth.sys - Auto/Running
PSSDK42 (PSSDK42)- \??\C:\Windows\system32\Drivers\pssdk42.sys - Manual/Stopped
ql2300 (ql2300)- C:\Windows\system32\DRIVERS\ql2300.sys - Manual/Stopped
ql40xx (ql40xx)- C:\Windows\system32\DRIVERS\ql40xx.sys - Manual/Stopped
QWAVEdrv (QWAVE driver)- C:\Windows\system32\drivers\qwavedrv.sys - Manual/Stopped
RasAgileVpn (WAN Miniport (IKEv2))- C:\Windows\system32\DRIVERS\AgileVpn.sys - Manual/Stopped
rdpbus (Remote Desktop Device Redirector Bus Driver)- C:\Windows\system32\DRIVERS\rdpbus.sys - Manual/Stopped
RDPENCDD (RDP Encoder Mirror Driver)- C:\Windows\system32\drivers\rdpencdd.sys - System/Running
RDPREFMP (Reflector Display Driver used to gain access to graphics data)- C:\Windows\system32\drivers\rdprefmp.sys - System/Running
rdyboost (ReadyBoost)- C:\Windows\system32\drivers\rdyboost.sys - Boot/Running
rspndr (Link-Layer Topology Discovery Responder)- C:\Windows\system32\DRIVERS\rspndr.sys - Auto/Running
s3cap (s3cap)- C:\Windows\system32\DRIVERS\vms3cap.sys - Manual/Stopped
sbp2port (sbp2port)- C:\Windows\system32\DRIVERS\sbp2port.sys - Manual/Stopped
scfilter (Smart card PnP Class Filter Driver)- C:\Windows\system32\DRIVERS\scfilter.sys - Manual/Stopped
sermouse (Serial Mouse Driver)- C:\Windows\system32\DRIVERS\sermouse.sys - Manual/Stopped
sffdisk (SFF Storage Class Driver)- C:\Windows\system32\DRIVERS\sffdisk.sys - Manual/Stopped
sffp_mmc (SFF Storage Protocol Driver for MMC)- C:\Windows\system32\DRIVERS\sffp_mmc.sys - Manual/Stopped
sffp_sd (SFF Storage Protocol Driver for SDBus)- C:\Windows\system32\DRIVERS\sffp_sd.sys - Manual/Stopped
SiSRaid2 (SiSRaid2)- C:\Windows\system32\DRIVERS\SiSRaid2.sys - Manual/Stopped
SiSRaid4 (SiSRaid4)- C:\Windows\system32\DRIVERS\sisraid4.sys - Manual/Stopped
spldr (Security Processor Loader Driver)- C:\Windows\system32\drivers\spldr.sys - Boot/Running
srv2 (Server SMB 2.xxx Driver)- C:\Windows\system32\DRIVERS\srv2.sys - Manual/Running
srvnet (srvnet)- C:\Windows\system32\DRIVERS\srvnet.sys - Manual/Running
stexstor (stexstor)- C:\Windows\system32\DRIVERS\stexstor.sys - Manual/Stopped
storflt (Disk Virtual Machine Bus Acceleration Filter Driver)- C:\Windows\system32\DRIVERS\vmstorfl.sys - Boot/Running
storvsc (storvsc)- C:\Windows\system32\DRIVERS\storvsc.sys - Manual/Stopped
TCPIP6 (Microsoft IPv6 Protocol Driver)- C:\Windows\system32\DRIVERS\tcpip.sys - Manual/Stopped
tcpipreg (TCP/IP Registry Compatibility)- C:\Windows\system32\drivers\tcpipreg.sys - Auto/Running
tdx (NetIO Legacy TDI Support Driver)- C:\Windows\system32\DRIVERS\tdx.sys - System/Running
tssecsrv (Remote Desktop Services Security Filter Driver)- C:\Windows\system32\DRIVERS\tssecsrv.sys - Manual/Stopped
tunnel (Microsoft Tunnel Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunnel.sys - Manual/Stopped
uagp35 (Microsoft AGPv3.5 Filter)- C:\Windows\system32\DRIVERS\uagp35.sys - Manual/Stopped
uliagpkx (Uli AGP Bus Filter)- C:\Windows\system32\DRIVERS\uliagpkx.sys - Manual/Stopped
umbus (UMBus Enumerator Driver)- C:\Windows\system32\DRIVERS\umbus.sys - Manual/Stopped
UmPass (Microsoft UMPass Driver)- C:\Windows\system32\DRIVERS\umpass.sys - Manual/Stopped
USBAAPL64 (Apple Mobile USB Driver)- C:\Windows\system32\Drivers\usbaapl64.sys - Manual/Stopped
usbcir (eHome Infrared Receiver (USBCIR))- C:\Windows\system32\DRIVERS\usbcir.sys - Manual/Stopped
usbvideo (USB Video Device (WDM))- C:\Windows\system32\Drivers\usbvideo.sys - Manual/Stopped
vdrvroot (Microsoft Virtual Drive Enumerator Driver)- C:\Windows\system32\DRIVERS\vdrvroot.sys - Boot/Running
vhdmp (vhdmp)- C:\Windows\system32\DRIVERS\vhdmp.sys - Manual/Stopped
vmbus (Virtual Machine Bus)- C:\Windows\system32\DRIVERS\vmbus.sys - Manual/Stopped
VMBusHID (VMBusHID)- C:\Windows\system32\DRIVERS\VMBusHID.sys - Manual/Stopped
volmgr (Volume Manager Driver)- C:\Windows\system32\DRIVERS\volmgr.sys - Boot/Running
volmgrx (Dynamic Volume Manager)- C:\Windows\system32\drivers\volmgrx.sys - Boot/Running
vpcbus (Virtual PC Host Bus Service)- C:\Windows\system32\DRIVERS\vpchbus.sys - Manual/Stopped
vpcnfltr (Virtual PC Network Filter Driver)- C:\Windows\system32\DRIVERS\vpcnfltr.sys - System/Running
vpcusb (USB Virtualization Connector Service)- C:\Windows\system32\DRIVERS\vpcusb.sys - Manual/Stopped
vpcuxd (USB Virtualization Stub Service)- C:\Windows\system32\DRIVERS\vpcuxd.sys - Manual/Stopped
vpcvmm (Virtual PC Virtual Machine Monitor)- C:\Windows\system32\drivers\vpcvmm.sys - System/Running
vsmraid (vsmraid)- C:\Windows\system32\DRIVERS\vsmraid.sys - Manual/Stopped
vwifibus (Virtual WiFi Bus Driver)- C:\Windows\system32\drivers\vwifibus.sys - Manual/Stopped
WacomPen (Wacom Serial Pen HID Driver)- C:\Windows\system32\DRIVERS\wacompen.sys - Manual/Stopped
Wanarpv6 (Remote Access IPv6 ARP Driver)- C:\Windows\system32\DRIVERS\wanarp.sys - System/Running
Wdf01000 (Kernel Mode Driver Frameworks service)- C:\Windows\system32\drivers\Wdf01000.sys - Boot/Running
WfpLwf (WFP Lightweight Filter)- C:\Windows\system32\DRIVERS\wfplwf.sys - System/Running
WIMMount (WIMMount)- C:\Windows\system32\drivers\wimmount.sys - Manual/Stopped
WinUsb (WinUsb)- C:\Windows\system32\DRIVERS\WinUsb.sys - Manual/Stopped
WmiAcpi (Microsoft Windows Management Interface for ACPI)- C:\Windows\system32\DRIVERS\wmiacpi.sys - Manual/Stopped

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 4294 MB

Boot Info

OS Type: Microsoft Windows 7 Professional
Build: 6.1.7600
Service Pack: 0.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==

Ive also got "Hidden" and "UNI" files if you need them too from the program I ran.