Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I'm lost

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I'm lost

Unread postby Jim Burns » August 17th, 2007, 8:48 am

Previous employee took the backups and I've tried without success to clean this up. Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:03 AM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATP\Navigator\EZUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
F3 - REG:win.ini: load=??? ?
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan (User '?')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ATP EZUpdate Service (EZUpdateService) - Aircraft Technical Publishers - C:\Program Files\ATP\Navigator\EZUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe

--
End of file - 8775 bytes
Jim Burns
Active Member
 
Posts: 6
Joined: August 17th, 2007, 8:13 am
Advertisement
Register to Remove

Unread postby silver » August 18th, 2007, 1:12 am

Hi Jim Burns,

It appears that you have two antivirus programs running - Avast and PC Security Shield. Running one antivirus program is essential, but having two can cause conflicts, slow your system down, and even cause stability problems without improving your security. You should use just one antivirus program and if you want an "2nd opinion", use an online scanner like Kaspersky's.

Before proceeding, please remove one of these programs.
If you have any problems, please stop and let me know.

Please print/save a copy of these instructions because we will be using Safe Mode, during which time you won't have access to the internet.

Next we need to temporarily disable some protection software which might get in the way of changes we need to make:

Open AVG Antispyware and make sure the Status screen is selected
Next to Resident Shield press Change state so that the status reads inactive
Close AVG Antispyware

Temporarily disable Spybot's TeaTimer. This is a two step process.
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident TeaTimer and OK any prompts.
  • Use File, Exit to terminate Spybot.
  • Reboot your machine for the changes to take effect.

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
F3 - REG:win.ini: load=??? ?
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Make hidden/system files and folders visible:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK

Next, reboot your computer in Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8
A menu should appear, use the arrow keys to select Safe Mode and press enter

Use Windows Explorer to find and delete the following file:
C:\WINDOWS\system32\printer.exe

If you have trouble deleting it, please let me know in your next response.

Now reboot your computer normally.

Download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply


Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Getting better

Unread postby Jim Burns » August 20th, 2007, 1:02 pm

It seems to be getting a little quicker. I had to go into windows explorer to delete C:\windows\system32\printer.exe and it worked the second time. I am getting no response when I try and fix the control panel it and some other controls are still lost. When normal startup the windows file protection starts and it cannot start alot of dlls so I have had to cancel that part of it and also the Microsoft .NET framework has an unhandled exception occuring in a component in your application coming up. On top of all this the windows installer has gone out and I can't get it to download.

I really thank you for your help. Jim



Deckard's System Scanner v20070819.64
Run by User on 2007-08-20 11:23:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:58 AM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATP\Navigator\EZUpdateService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\deckardsdss.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User '?')
O4 - S-1-5-21-1202660629-1409082233-839522115-1003 Startup: system.exe (User '?')
O4 - Startup: system.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hpzsetup.LNK = E:\HPZstub.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ATP EZUpdate Service (EZUpdateService) - Aircraft Technical Publishers - C:\Program Files\ATP\Navigator\EZUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - Unknown owner - (no file)

--
End of file - 7756 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070814-093144-582 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
backup-20070814-122209-307 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20070814-122209-352 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
backup-20070814-122209-780 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20070814-123636-104 O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~2\THESHI~1\FARPOP~1.DLL
backup-20070814-123636-169 O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~2\THESHI~1\IrlOnIE.dll
backup-20070814-123636-287 O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr212.dll
backup-20070814-123636-302 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070814-123636-358 O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
backup-20070814-123636-405 O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
backup-20070814-123636-500 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
backup-20070814-123636-648 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070814-123636-834 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
backup-20070814-123636-928 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
backup-20070814-152750-948 O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20070814-152828-125 O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20070815-122002-177 O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
backup-20070815-122002-782 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
backup-20070815-122002-992 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20070820-103333-200 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20070820-103333-365 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20070820-103333-543 F3 - REG:win.ini: load=??? ?
backup-20070820-103333-632 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20070820-103333-645 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070820-103333-729 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
backup-20070820-103333-865 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070820-110806-208 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20070820-110806-368 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
backup-20070820-110806-813 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 cmudax (C-Media High Definition Audio Interface) - system32\drivers\cmudax.sys (file missing)
3 FarStoneFireWallDrive - c:\windows\system32\drivers\fardrive.sys
3 GMSIPCI - d:\install\gmsipci.sys (file missing)
3 HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - system32\drivers\hdaudio.sys (file missing)
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\drivers\hdaudbus.sys (file missing)
3 NTACCESS - d:\ntaccess.sys (file missing)
3 s3chipid - c:\docume~1\user\locals~1\temp\s3chipid.sys (file missing)
3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
3 viagfx - system32\drivers\vtmini.sys (file missing)
3 VRcore - c:\windows\system32\drivers\vrcore.sys <Not Verified; HAURI, Inc. 1998-2003; >
3 VRFIL - c:\windows\system32\drivers\vrfil.sys <Not Verified; HAURI; VR Filter for Windows NT/2K/XP>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
2 EZUpdateService (ATP EZUpdate Service) - c:\program files\atp\navigator\ezupdateservice.exe <Not Verified; Aircraft Technical Publishers; EZ Update>
3 hpqcxs08 - c:\windows\system32\svchost.exe
2 hpqddsvc (HP CUE DeviceDiscovery Service) - c:\windows\system32\svchost.exe
2 Net Driver HPZ12 - c:\windows\system32\svchost.exe
2 NWCWorkstation (Client Service for NetWare) - c:\windows\system32\svchost.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2007-08-17 17:00:00 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-08-17 12:05:00 306 --a------ C:\WINDOWS\Tasks\WebReg Photosmart C4200 series.job
2007-08-17 08:57:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-17 03:30:00 408 --a------ C:\WINDOWS\Tasks\RegistryBot Scheduled Scan.job
2007-08-17 03:00:00 370 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2007-07-20 and 2007-08-20 -----------------------------

2007-08-20 09:32:32 0 d-------- C:\Downloads
2007-08-20 09:32:32 0 d-------- C:\Documents and Settings\User\Application Data\GetRightToGo
2007-08-20 08:16:01 0 dr-h----- C:\Documents and Settings\User\Recent
2007-08-17 16:54:06 0 d-------- C:\movedfiles
2007-08-17 16:36:52 14848 --a------ C:\WINDOWS\system32\WinAvXX.exe <Not Verified; Microsoft Co; Anvivirus Application>
2007-08-16 13:10:20 0 d-------- C:\Program Files\Alwil Software
2007-08-15 16:39:34 0 d-------- C:\Documents and Settings\User\.housecall6.6
2007-08-14 16:06:16 0 d-------- C:\Documents and Settings\User\Application Data\Uniblue
2007-08-14 16:06:11 0 d-------- C:\Program Files\Uniblue
2007-08-14 09:57:45 0 d-------- C:\Documents and Settings\User\Application Data\Grisoft
2007-08-14 09:57:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-14 09:53:51 0 d-------- C:\Program Files\RogueRemover FREE
2007-08-13 15:32:34 179 --a------ C:\handle.dat
2007-08-13 12:03:08 0 d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-08-13 12:01:22 0 d-------- C:\Program Files\Lavasoft
2007-08-09 12:44:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-09 12:43:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-09 10:09:55 0 d-------- C:\Linkone
2007-08-09 10:09:52 0 d-------- C:\Program Files\Mincom
2007-08-09 09:41:07 0 d-------- C:\Documents and Settings\User\Application Data\Mincom
2007-08-09 09:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Mincom
2007-08-08 16:51:13 0 d-------- C:\Program Files\ACW
2007-08-08 12:20:53 0 d-------- C:\Documents and Settings\User\Application Data\RegistryBot
2007-08-07 19:51:27 0 d-------- C:\WINDOWS\setupupd
2007-08-07 18:30:36 53353 --a------ C:\WINDOWS\system\zip.dll
2007-08-07 18:30:36 53248 --a------ C:\WINDOWS\system\wtvh.dll
2007-08-07 18:30:36 73728 --a------ C:\WINDOWS\system\wtmulti.dll <Not Verified; WildTangent, Inc.; WildTangent Multiplayer>
2007-08-07 18:30:36 57344 --a------ C:\WINDOWS\system\WTHostCtl.dll <Not Verified; WildTangent; WTHostCtl Module>
2007-08-07 18:30:36 77885 --a------ C:\WINDOWS\system\WT12uien.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 45116 --a------ C:\WINDOWS\system\WT12SPWP.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 53308 --a------ C:\WINDOWS\system\WT12SPTP.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 114748 --a------ C:\WINDOWS\system\WT12SPML.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 28732 --a------ C:\WINDOWS\system\WT12spls.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 53308 --a------ C:\WINDOWS\system\WT12sphs.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 823352 --a------ C:\WINDOWS\system\WT12LI.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 53309 --a------ C:\WINDOWS\system\WT12ldzu.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 32829 --a------ C:\WINDOWS\system\WT12LDXX.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 53309 --a------ C:\WINDOWS\system\WT12ldxh.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 41021 --a------ C:\WINDOWS\system\WT12LDTR.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 53309 --a------ C:\WINDOWS\system\WT12ldtn.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 61501 --a------ C:\WINDOWS\system\WT12LDSV.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 86077 --a------ C:\WINDOWS\system\WT12LDSU.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 53309 --a------ C:\WINDOWS\system\WT12LDST.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 57405 --a------ C:\WINDOWS\system\WT12LDSL.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 53309 --a------ C:\WINDOWS\system\WT12LDRU.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 53309 --a------ C:\WINDOWS\system\WT12LDPO.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 53309 --a------ C:\WINDOWS\system\WT12LDPL.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:36 41021 --a------ C:\WINDOWS\system\WT12LDNO.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 389181 --a------ C:\WINDOWS\system\WT12LDNL.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 53309 --a------ C:\WINDOWS\system\WT12LDIT.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 41021 --a------ C:\WINDOWS\system\WT12LDIS.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 53309 --a------ C:\WINDOWS\system\WT12LDGR.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 53309 --a------ C:\WINDOWS\system\WT12LDGA.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 307261 --a------ C:\WINDOWS\system\WT12LDFR.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 401469 --a------ C:\WINDOWS\system\WT12LDES.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 409661 --a------ C:\WINDOWS\system\WT12LDEN.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 65597 --a------ C:\WINDOWS\system\WT12LDDK.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 389181 --a------ C:\WINDOWS\system\WT12LDDE.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 61501 --a------ C:\WINDOWS\system\WT12LDCZ.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 53309 --a------ C:\WINDOWS\system\WT12LDCA.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 217149 --a------ C:\WINDOWS\system\Wt12ldaf.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:35 278528 --a------ C:\WINDOWS\system\WT12COD.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:34 71 --a------ C:\WINDOWS\system\wt3d.dll
2007-08-07 18:30:34 294970 --a------ C:\WINDOWS\system\WT12cbe.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:34 19456 --a------ C:\WINDOWS\system\WndFrame.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:34 98304 --a------ C:\WINDOWS\system\WireControl.dll <Not Verified; ; WireControl Module>
2007-08-07 18:30:34 57344 --a------ C:\WINDOWS\system\winman.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:34 393216 --a------ C:\WINDOWS\system\Win.dll <Not Verified; EarthLink, Inc.; EarthLink COmmon>
2007-08-07 18:30:34 712704 --a------ C:\WINDOWS\system\webdriver.dll <Not Verified; WildTangent, Inc.; WildTangent WebDriver>
2007-08-07 18:30:34 737280 --a------ C:\WINDOWS\system\wdengine.dll <Not Verified; WildTangent; WebDriver 3D Engine Library>
2007-08-07 18:30:34 20563 --a------ C:\WINDOWS\system\w2k_lsa_auth.dll
2007-08-07 18:30:34 57442 --a------ C:\WINDOWS\system\verify.dll
2007-08-07 18:30:34 159744 --a------ C:\WINDOWS\system\VBE6INTL.DLL <Not Verified; Microsoft Corporation; Visual Basic Environment>
2007-08-07 18:30:33 507904 --a------ C:\WINDOWS\system\Utils.dll <Not Verified; EarthLink, Inc.; EarthLink COmmon>
2007-08-07 18:30:33 26624 --a------ C:\WINDOWS\system\TxtSpyNT.dll <Not Verified; GTek technologies; GTek technologies TxtSpyNT>
2007-08-07 18:30:33 13824 --a------ C:\WINDOWS\system\TreeView.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:33 32256 --a------ C:\WINDOWS\system\tranenyp.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:33 16384 --a------ C:\WINDOWS\system\tooltip.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:33 24576 --a------ C:\WINDOWS\system\ToolBar.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:33 14336 --a------ C:\WINDOWS\system\TabCtrl.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:33 22528 --a------ C:\WINDOWS\system\Sysinfo.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:33 4096 --a------ C:\WINDOWS\system\svgrsrc.dll <Not Verified; Adobe Systems Inc.; Adobe SVG Viewer>
2007-08-07 18:30:33 10752 --a------ C:\WINDOWS\system\sversion.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:33 12288 --a------ C:\WINDOWS\system\SVEDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:33 24576 --a------ C:\WINDOWS\system\SVE_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:33 77824 --a------ C:\WINDOWS\system\SVE_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:32 1164800 --a------ C:\WINDOWS\system\SV21WR32.DLL <Not Verified; ViewPort Development AB; Synex ViewPort>
2007-08-07 18:30:32 110592 --a------ C:\WINDOWS\system\SPSRXUI.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2007-08-07 18:30:32 22016 --a------ C:\WINDOWS\system\Speach.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:32 98304 --a------ C:\WINDOWS\system\Sound.dll <Not Verified; WildTangent, Inc.; WildTangent WebDriver>
2007-08-07 18:30:32 320512 --a------ C:\WINDOWS\system\SNBD6W9S.DLL <Not Verified; SnowBound; SnowBound Image Format Library/Windows NT>
2007-08-07 18:30:32 27136 --a------ C:\WINDOWS\system\slider.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:32 52736 --a------ C:\WINDOWS\system\sharedat.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:32 57344 --a------ C:\WINDOWS\system\SGML PlugIn.dll <Not Verified; Innotech Solutions Pty Ltd; LinkOne>
2007-08-07 18:30:31 655360 --a------ C:\WINDOWS\system\SetupKrn.dll <Not Verified; EarthLink, Inc.; EarthLink TotalAccess>
2007-08-07 18:30:31 282756 --a------ C:\WINDOWS\system\setup.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:31 20992 --a------ C:\WINDOWS\system\Scroll.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:31 28672 --a------ C:\WINDOWS\system\s8023ps.dll
2007-08-07 18:30:31 24576 --a------ C:\WINDOWS\system\s8023Pps.dll
2007-08-07 18:30:31 20579 --a------ C:\WINDOWS\system\rmi.dll
2007-08-07 18:30:31 106600 --a------ C:\WINDOWS\system\RegUtils.dll
2007-08-07 18:30:31 45568 --a------ C:\WINDOWS\system\RegComm.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:31 33280 --a------ C:\WINDOWS\system\Reg.dll <Not Verified; ; Reg Dynamic Link Library>
2007-08-07 18:30:31 24576 --a------ C:\WINDOWS\system\rDRM0302.dll <Not Verified; WildTangent Inc; WildTangent Inc DRM3>
2007-08-07 18:30:31 159744 --a------ C:\WINDOWS\system\rdriver.dll
2007-08-07 18:30:31 12288 --a------ C:\WINDOWS\system\PTBDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:31 24576 --a------ C:\WINDOWS\system\PTB_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:31 86016 --a------ C:\WINDOWS\system\PTB_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:31 86016 --a------ C:\WINDOWS\system\PNC802_3.dll <Not Verified; Intel(R) Corporation; Intel(R) Network Configuration Services>
2007-08-07 18:30:31 36352 --a------ C:\WINDOWS\system\plugdll.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:31 22528 --a------ C:\WINDOWS\system\playback.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:31 303104 --a------ C:\WINDOWS\system\PDF PlugIn.dll <Not Verified; Mincom Limited.; LinkOne>
2007-08-07 18:30:31 745472 --a------ C:\WINDOWS\system\PCM802_3.dll <Not Verified; Intel(R) Corporation; Intel(R) Network Configuration Services>
2007-08-07 18:30:30 499712 --a------ C:\WINDOWS\system\OWCI10.DLL <Not Verified; Microsoft Corporation; Microsoft Office XP>
2007-08-07 18:30:30 77824 --a------ C:\WINDOWS\system\OUPEng.dll
2007-08-07 18:30:30 168448 --a------ C:\WINDOWS\system\OSDiag.dll <Not Verified; ; OSDIAG Dynamic Link Library>
2007-08-07 18:30:30 32768 --a------ C:\WINDOWS\system\objpscnv.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:30 32768 --a------ C:\WINDOWS\system\objps8.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:30 32768 --a------ C:\WINDOWS\system\objps7.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:30 32768 --a------ C:\WINDOWS\system\objectps.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:30 155648 --a------ C:\WINDOWS\system\ObjectBundle.dll <Not Verified; WildTangent, Inc.; WildTangent WebDriver>
2007-08-07 18:30:30 28160 --a------ C:\WINDOWS\system\objctdll.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:30 177152 --a------ C:\WINDOWS\system\nsvplayx_vp5_mp3.dll <Not Verified; * * *; NsvPlayX ActiveX Control Module>
2007-08-07 18:30:30 32768 --a------ C:\WINDOWS\system\npWTHost.dll <Not Verified; WildTangent; WildTangent Netscape Webdriver Host>
2007-08-07 18:30:30 65636 --a------ C:\WINDOWS\system\NPOJI610.dll <Not Verified; JavaSoft / Sun Microsystems, Inc.; Java Plug-in>
2007-08-07 18:30:30 65636 --a------ C:\WINDOWS\system\NPJPI142.dll <Not Verified; JavaSoft / Sun Microsystems, Inc.; Java Plug-in>
2007-08-07 18:30:30 65636 --a------ C:\WINDOWS\system\NPJava32.dll <Not Verified; JavaSoft / Sun Microsystems, Inc.; Java Plug-in>
2007-08-07 18:30:30 65636 --a------ C:\WINDOWS\system\NPJava14.dll <Not Verified; JavaSoft / Sun Microsystems, Inc.; Java Plug-in>
2007-08-07 18:30:30 65636 --a------ C:\WINDOWS\system\NPJava13.dll <Not Verified; JavaSoft / Sun Microsystems, Inc.; Java Plug-in>
2007-08-07 18:30:30 65636 --a------ C:\WINDOWS\system\NPJava12.dll <Not Verified; JavaSoft / Sun Microsystems, Inc.; Java Plug-in>
2007-08-07 18:30:30 65636 --a------ C:\WINDOWS\system\NPJava11.dll <Not Verified; JavaSoft / Sun Microsystems, Inc.; Java Plug-in>
2007-08-07 18:30:30 12288 --a------ C:\WINDOWS\system\NORDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:30 24576 --a------ C:\WINDOWS\system\NOR_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:30 77824 --a------ C:\WINDOWS\system\NOR_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:30 12288 --a------ C:\WINDOWS\system\NLDDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:30 28672 --a------ C:\WINDOWS\system\NLD_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:30 86016 --a------ C:\WINDOWS\system\NLD_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:30 32869 --a------ C:\WINDOWS\system\nio.dll
2007-08-07 18:30:30 43008 --a------ C:\WINDOWS\system\niceeff.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:30 12288 --a------ C:\WINDOWS\system\NetClose.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:30 57444 --a------ C:\WINDOWS\system\net.dll
2007-08-07 18:30:30 31744 --a------ C:\WINDOWS\system\MultiZip.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:29 24576 --a------ C:\WINDOWS\system\msddsui.dll <Not Verified; Microsoft Corporation; Microsoft Development Environment>
2007-08-07 18:30:29 22528 --a------ C:\WINDOWS\system\mscorsecr.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>
2007-08-07 18:30:29 41472 --a------ C:\WINDOWS\system\mouse.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:29 32768 --a------ C:\WINDOWS\system\menu.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:29 53760 --a------ C:\WINDOWS\system\MDT2QDUI.DLL <Not Verified; Microsoft Corporation; Microsoft Design Tools>
2007-08-07 18:30:29 64272 --a------ C:\WINDOWS\system\MDT2FWUI.DLL <Not Verified; Microsoft Corporation; Microsoft Design Tools>
2007-08-07 18:30:29 14336 --a------ C:\WINDOWS\system\MDT2DDUI.DLL <Not Verified; Microsoft Corporation; Microsoft Design Tools>
2007-08-07 18:30:29 56832 --a------ C:\WINDOWS\system\MDT2DBUI.DLL <Not Verified; Microsoft Corporation; Microsoft Design Tools>
2007-08-07 18:30:29 221184 --a------ C:\WINDOWS\system\MDPlugin.dll <Not Verified; Musicmatch, Inc.; Dell DJ plug-in for Musicmatch Jukebox>
2007-08-07 18:30:29 192512 --a------ C:\WINDOWS\system\mainrENU.dll <Not Verified; ; MainrENU Dynamic Link Library>
2007-08-07 18:30:29 64512 --a------ C:\WINDOWS\system\MacroFuncs.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:29 31232 --a------ C:\WINDOWS\system\listview.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:29 16896 --a------ C:\WINDOWS\system\Let.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:29 23552 --a------ C:\WINDOWS\system\LangMan.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:29 12288 --a------ C:\WINDOWS\system\KORDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:29 20480 --a------ C:\WINDOWS\system\KOR_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:29 49152 --a------ C:\WINDOWS\system\KOR_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:29 18432 --a------ C:\WINDOWS\system\Keyboard.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:28 1208439 --a------ C:\WINDOWS\system\jvm.dll
2007-08-07 18:30:28 139373 --a------ C:\WINDOWS\system\jsound.dll
2007-08-07 18:30:28 12288 --a------ C:\WINDOWS\system\JPNDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:28 20480 --a------ C:\WINDOWS\system\JPN_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:28 49152 --a------ C:\WINDOWS\system\JPN_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:28 73832 --a------ C:\WINDOWS\system\jpishare.dll <Not Verified; ; Java Plug-in>
2007-08-07 18:30:28 86116 --a------ C:\WINDOWS\system\jpinsp.dll <Not Verified; JavaSoft / Sun Microsystems, Inc.; Java Plug-in>
2007-08-07 18:30:28 45156 --a------ C:\WINDOWS\system\jpins7.dll
2007-08-07 18:30:28 41060 --a------ C:\WINDOWS\system\jpins6.dll
2007-08-07 18:30:28 28772 --a------ C:\WINDOWS\system\jpins4.dll
2007-08-07 18:30:28 94312 --a------ C:\WINDOWS\system\jpiexp32.dll <Not Verified; JavaSoft / Sun Microsystems; JavaSoft / Sun Microsystems -- Java(TM) Plug-in>
2007-08-07 18:30:28 82024 --a------ C:\WINDOWS\system\jpicom32.dll <Not Verified; ; JPICom Module>
2007-08-07 18:30:28 122981 --a------ C:\WINDOWS\system\jpeg.dll
2007-08-07 18:30:28 102494 --a------ C:\WINDOWS\system\jdwp.dll
2007-08-07 18:30:28 24576 --a------ C:\WINDOWS\system\jDRM0302.dll <Not Verified; WildTangent Inc; WildTangent Inc DRM3>
2007-08-07 18:30:28 167936 --a------ C:\WINDOWS\system\jdriver.dll
2007-08-07 18:30:28 49267 --a------ C:\WINDOWS\system\JdbcOdbc.dll
2007-08-07 18:30:28 61533 --a------ C:\WINDOWS\system\jcov.dll
2007-08-07 18:30:28 20581 --a------ C:\WINDOWS\system\jawt.dll
2007-08-07 18:30:28 36864 --a------ C:\WINDOWS\system\javawspl.dll
2007-08-07 18:30:28 139264 --a------ C:\WINDOWS\system\JavaWebStart.dll <Not Verified; Sun Microsystems, Inc.; JavaWebStart Module>
2007-08-07 18:30:28 98408 --a------ C:\WINDOWS\system\java.dll
2007-08-07 18:30:28 20600 --a------ C:\WINDOWS\system\jaas_nt.dll
2007-08-07 18:30:28 172032 --a------ C:\WINDOWS\system\IUserCnv.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:28 176128 --a------ C:\WINDOWS\system\iuser.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:27 188416 --a------ C:\WINDOWS\system\IUser8.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:27 188416 --a------ C:\WINDOWS\system\IUser7.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:27 135168 --a------ C:\WINDOWS\system\ITNGRAM.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2007-08-07 18:30:27 12288 --a------ C:\WINDOWS\system\ITADiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:27 28672 --a------ C:\WINDOWS\system\ITA_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:27 90112 --a------ C:\WINDOWS\system\ITA_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:27 409600 --a------ C:\WINDOWS\system\ISRT.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:27 237568 --a------ C:\WINDOWS\system\IScript8.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:27 233472 --a------ C:\WINDOWS\system\IScript7.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:27 237568 --a------ C:\WINDOWS\system\iscript.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:27 266240 --a------ C:\WINDOWS\system\IScrCnv.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:27 24704 --a------ C:\WINDOWS\system\ioser12.dll
2007-08-07 18:30:26 696320 --a------ C:\WINDOWS\system\iKernel.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:26 110592 --a------ C:\WINDOWS\system\IGLZW.dll <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-08-07 18:30:26 180224 --a------ C:\WINDOWS\system\iGdiCnv.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:26 163972 --a------ C:\WINDOWS\system\iGdi.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:26 413696 --a------ C:\WINDOWS\system\iANS8023.dll <Not Verified; Intel(R) Corporation; Intel(R) Network Configuration Services>
2007-08-07 18:30:26 266240 --a------ C:\WINDOWS\system\HTML PlugIn.dll <Not Verified; Mincom Limited.; LinkOne>
2007-08-07 18:30:25 1963008 --a------ C:\WINDOWS\system\hpzui3xu.dll <Not Verified; Hewlett-Packard Corporation; HP UI>
2007-08-07 18:30:24 2954752 --a------ C:\WINDOWS\system\hpzst3xu.dll <Not Verified; Hewlett-Packard Corporation; HP LaserJet Generic String Table>
2007-08-07 18:30:24 557056 --a------ C:\WINDOWS\system\hpzss3xu.dll <Not Verified; Hewlett-Packard Corporation; HP LaserJet Services String Table>
2007-08-07 18:30:22 72192 --a------ C:\WINDOWS\system\hpzpr3xu.dll <Not Verified; Hewlett Packard Corporation; HP Print Preview>
2007-08-07 18:30:21 515584 --a------ C:\WINDOWS\system\hpzev3xu.dll <Not Verified; Hewlett-Packard Corporation; HP Doc Event Dialogs>
2007-08-07 18:30:20 1055232 --a------ C:\WINDOWS\system\hpz3r3xu.dll <Not Verified; Hewlett Packard Corporation; HP PCL 3 Render>
2007-08-07 18:30:20 1264640 --a------ C:\WINDOWS\system\hpz3a3xu.dll <Not Verified; Hewlett-Packard Corporation; Hewlett-Packard Corporation DeskJet Services>
2007-08-07 18:30:20 49247 --a------ C:\WINDOWS\system\hprof.dll
2007-08-07 18:30:20 28780 --a------ C:\WINDOWS\system\hpi.dll
2007-08-07 18:30:20 16384 --a------ C:\WINDOWS\system\hpfrs3xu.dll <Not Verified; Hewlett-Packard Company; HP Printing System for Windows>
2007-08-07 18:30:17 7718400 --a------ C:\WINDOWS\system\hpfig3xu.dll <Not Verified; Hewlett-Packard Company; HP DeskJet>
2007-08-07 18:30:17 177152 --a------ C:\WINDOWS\system\hpfie3xu.dll <Not Verified; Hewlett-Packard Company; HP DeskJet>
2007-08-07 18:30:17 659456 --a------ C:\WINDOWS\system\hpcdmc32.dll <Not Verified; HP; DMC>
2007-08-07 18:30:16 1323008 --a------ C:\WINDOWS\system\hpbcfgre.dll <Not Verified; ; hpbcfgre Dynamic Link Library>
2007-08-07 18:30:16 53760 --a------ C:\WINDOWS\system\hooks.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:16 24576 --a------ C:\WINDOWS\system\Hm8023ps.dll
2007-08-07 18:30:16 72704 --a------ C:\WINDOWS\system\HHSETUP.DLL <Not Verified; Microsoft Corporation; HTML Help hhsetup>
2007-08-07 18:30:16 434176 --a------ C:\WINDOWS\system\HamPci.dll <Not Verified; Intel(R) Corporation; Intel(R) Network Configuration Services>
2007-08-07 18:30:16 33280 --a------ C:\WINDOWS\system\glftypes.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:16 15872 --a------ C:\WINDOWS\system\glfman.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:15 1847296 --a------ C:\WINDOWS\system\gear12d.dll <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-08-07 18:30:15 12288 --a------ C:\WINDOWS\system\FRADiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:15 28672 --a------ C:\WINDOWS\system\FRA_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:15 90112 --a------ C:\WINDOWS\system\FRA_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:13 450669 --a------ C:\WINDOWS\system\FP4AWEC.DLL <Not Verified; Microsoft Corporation; Microsoft® FrontPage® 2000>
2007-08-07 18:30:13 65645 --a------ C:\WINDOWS\system\FP4ANWI.DLL <Not Verified; Microsoft Corporation; Microsoft® FrontPage® 2000>
2007-08-07 18:30:12 327800 --a------ C:\WINDOWS\system\fontmanager.dll
2007-08-07 18:30:12 12288 --a------ C:\WINDOWS\system\FINDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:12 24576 --a------ C:\WINDOWS\system\FIN_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:12 77824 --a------ C:\WINDOWS\system\FIN_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:12 12288 --a------ C:\WINDOWS\system\filedll.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:12 61536 --a------ C:\WINDOWS\system\eula.dll <Not Verified; Sun Microsystems, Inc.; EULA Module>
2007-08-07 18:30:12 12288 --a------ C:\WINDOWS\system\ESNDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:12 28672 --a------ C:\WINDOWS\system\ESN_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:12 90112 --a------ C:\WINDOWS\system\ESN_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:12 139264 --a------ C:\WINDOWS\system\ENUTSTPP.DLL <Not Verified; Lernout & Hauspie Speech Products; L&H TTS3000 ENU for SAPI5>
2007-08-07 18:30:12 827392 --a------ C:\WINDOWS\system\ENUTG2P.DLL <Not Verified; Lernout & Hauspie Speech Products; L&H TTS3000 ENU for SAPI5>
2007-08-07 18:30:12 348160 --a------ C:\WINDOWS\system\ENUTEMPP.DLL <Not Verified; Lernout & Hauspie Speech Products; L&H TTS3000 ENU for SAPI5>
2007-08-07 18:30:11 573440 --a------ C:\WINDOWS\system\ENUT11M1.DLL <Not Verified; Lernout & Hauspie Speech Products; L&H TTS3000 ENU for SAPI5>
2007-08-07 18:30:11 561152 --a------ C:\WINDOWS\system\ENUT11F1.DLL <Not Verified; Lernout & Hauspie Speech Products; L&H TTS3000 ENU for SAPI5>
2007-08-07 18:30:11 180224 --a------ C:\WINDOWS\system\ENUPCMRs.dll <Not Verified; Intel(R) Corporation; Intel(R) Network Configuration Services>
2007-08-07 18:30:11 12288 --a------ C:\WINDOWS\system\EnuDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:11 24576 --a------ C:\WINDOWS\system\ENU_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:11 73728 --a------ C:\WINDOWS\system\enu_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:11 41984 --a------ C:\WINDOWS\system\Ecrypt.dll <Not Verified; EarthLink, Inc.; EarthLink TotalAccess>
2007-08-07 18:30:11 147456 --a------ C:\WINDOWS\system\E60Cmmon.dll <Not Verified; EarthLink, Inc.; EarthLink COmmon>
2007-08-07 18:30:11 65536 --a------ C:\WINDOWS\system\dx7drv.dll <Not Verified; WildTangent, Inc.; WildTangent WebDriver>
2007-08-07 18:30:11 45056 --a------ C:\WINDOWS\system\dx5drv.dll <Not Verified; WildTangent, Inc.; WildTangent WebDriver>
2007-08-07 18:30:11 20584 --a------ C:\WINDOWS\system\dt_socket.dll
2007-08-07 18:30:11 24678 --a------ C:\WINDOWS\system\dt_shmem.dll
2007-08-07 18:30:11 21504 --a------ C:\WINDOWS\system\DRM0302.dll <Not Verified; WildTangent, Inc.; DRM3 Module>
2007-08-07 18:30:11 21504 --a------ C:\WINDOWS\system\DllsPlug.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:11 413696 --a------ C:\WINDOWS\system\Dev8023.dll <Not Verified; Intel(R) Corporation; Intel(R) Network Configuration Services>
2007-08-07 18:30:10 12288 --a------ C:\WINDOWS\system\DEUDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:10 28672 --a------ C:\WINDOWS\system\DEU_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:10 86016 --a------ C:\WINDOWS\system\DEU_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:10 16384 --a------ C:\WINDOWS\system\defwind.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:10 139364 --a------ C:\WINDOWS\system\dcpr.dll
2007-08-07 18:30:10 49664 --a------ C:\WINDOWS\system\dbase.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:10 12288 --a------ C:\WINDOWS\system\DANDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:10 24576 --a------ C:\WINDOWS\system\DAN_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:10 77824 --a------ C:\WINDOWS\system\DAN_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:10 77824 --a------ C:\WINDOWS\system\ctor.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 18:30:10 45056 --a------ C:\WINDOWS\system\CSOF.DLL <Not Verified; Microsoft Corporation; Microsoft Office>
2007-08-07 18:30:10 1466436 --a------ C:\WINDOWS\system\CrlWTC112.dll <Not Verified; Corel Corporation; CorelDRAW(R)>
2007-08-07 18:30:09 49221 --a------ C:\WINDOWS\system\CODAC.dll <Not Verified; Corel Corporation; Corel Writing Tools>
2007-08-07 18:30:09 139363 --a------ C:\WINDOWS\system\cmm.dll
2007-08-07 18:30:09 80384 --a------ C:\WINDOWS\system\Cloak.dll <Not Verified; GTek Technologies Ltd.; GTCoach Cloak>
2007-08-07 18:30:09 12288 --a------ C:\WINDOWS\system\CHTDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:09 16384 --a------ C:\WINDOWS\system\CHT_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:09 40960 --a------ C:\WINDOWS\system\CHT_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:09 12288 --a------ C:\WINDOWS\system\CHSDiag.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:09 16384 --a------ C:\WINDOWS\system\CHS_NWR.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS WMI Resource Module>
2007-08-07 18:30:09 36864 --a------ C:\WINDOWS\system\CHS_8023.dll <Not Verified; Intel(R) Corporation; Intel(R) NCS Language Specific Resource Provider>
2007-08-07 18:30:09 18432 --a------ C:\WINDOWS\system\ChgRes.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:09 560628 --a------ C:\WINDOWS\system\CGMIMP.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2007-08-07 18:30:08 709120 --a------ C:\WINDOWS\system\CGMIMP32.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2007-08-07 18:30:07 335872 --a------ C:\WINDOWS\system\BVLUI.DLL <Not Verified; Microsoft; Financial Manager - Buy Vs Lease>
2007-08-07 18:30:07 118784 --a------ C:\WINDOWS\system\BVL.DLL <Not Verified; Microsoft; bvl>
2007-08-07 18:30:07 94312 --a------ C:\WINDOWS\system\axbridge.dll <Not Verified; JavaSoft / Sun Microsystems; JavaSoft / Sun Microsystems -- ActiveX bridge>
2007-08-07 18:30:07 950371 --a------ C:\WINDOWS\system\awt.dll
2007-08-07 18:30:07 49664 --a------ C:\WINDOWS\system\aolui.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:07 64000 --a------ C:\WINDOWS\system\Aol.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:06 131072 --a------ C:\WINDOWS\system\allwhook.dll <Not Verified; Gtek Tech.; Gtek Tech. allwhook>
2007-08-07 18:30:06 15360 --a------ C:\WINDOWS\system\allow.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:06 43008 --a------ C:\WINDOWS\system\advui.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:06 19968 --a------ C:\WINDOWS\system\AdpSys.dll <Not Verified; ; AdpSys Dynamic Link Library>
2007-08-07 18:30:06 20992 --a------ C:\WINDOWS\system\AdpAol.dll <Not Verified; ; AdpAol Dynamic Link Library>
2007-08-07 18:30:06 102400 --a------ C:\WINDOWS\system\actorobject.dll <Not Verified; WildTangent, Inc.; WildTangent WebDriver>
2007-08-07 18:30:06 27648 --a------ C:\WINDOWS\system\Action.dll <Not Verified; GTek Technologies Ltd.; GTCoach>
2007-08-07 18:30:06 6656 --a------ C:\WINDOWS\system\AcsRollbackRes.dll <Not Verified; America Online, Inc; AOL Connectivity Service>
2007-08-07 18:30:04 540772 --a------ C:\WINDOWS\system\_ISRES1033.dll <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2007-08-07 11:57:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-08-07 11:57:08 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-08-07 11:35:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-08-03 17:54:39 0 d-------- C:\{80005DCA-0000-0000-6F90-BA71B0C1B84C}
2007-08-03 15:48:49 0 d-------- C:\Program Files\Windows Live Safety Center
2007-08-03 09:11:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-08-03 06:12:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-08-03 06:12:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-03 06:12:00 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-08-03 06:12:00 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-03 06:11:59 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-03 06:11:59 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-03 06:11:59 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-03 06:11:59 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-03 06:10:32 0 d-------- C:\0dc24fbde12ecb896d755993959b
2007-08-02 16:23:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\HP
2007-08-02 16:20:03 0 dr------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2007-08-02 16:20:03 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-02 16:20:03 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-02 16:20:03 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-02 16:20:02 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-02 16:20:02 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-02 16:20:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-02 14:01:04 886519 --a------ C:\SmitfraudFix.exe
2007-08-02 13:56:39 3048 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-02 13:53:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-02 13:53:55 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-02 13:45:35 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-02 11:45:01 0 d-------- C:\Program Files\Trend Micro
2007-08-02 11:15:22 0 d-------- C:\Program Files\NoAdware5.0
2007-08-01 10:28:52 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP


-- Find3M Report ---------------------------------------------------------------

2007-08-20 09:29:52 0 d-------- C:\Documents and Settings\User\Application Data\Image Zone Express
2007-08-17 16:26:07 129778 --a------ C:\WINDOWS\hpoins13.dat
2007-08-14 12:38:06 0 d-------- C:\Program Files\RegCure
2007-08-09 12:43:24 0 d-------- C:\Program Files\Common Files
2007-08-09 12:39:52 0 d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2007-08-07 19:51:28 0 d-------- C:\Program Files\AWS
2007-08-07 19:49:33 0 d-------- C:\Program Files\3B Software
2007-08-03 12:31:50 0 d---s---- C:\Program Files\Common Files\Teknum Systems
2007-07-24 13:24:44 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-23 07:08:59 0 d-------- C:\Documents and Settings\User\Application Data\WeatherBug
2007-07-13 15:19:26 0 d-------- C:\Documents and Settings\User\Application Data\Printer Info Cache
2007-07-13 13:21:30 0 d-------- C:\Program Files\HP
2007-07-13 13:16:15 0 d-------- C:\Documents and Settings\User\Application Data\HP
2007-07-13 13:00:15 0 d-------- C:\Documents and Settings\User\Application Data\Preclick
2007-07-11 08:38:25 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-06-27 13:04:45 0 d-------- C:\Program Files\Hewlett-Packard
2007-06-21 12:01:15 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-06-21 12:00:34 0 d-------- C:\Program Files\Common Files\HP
2007-06-21 11:56:30 0 d-------- C:\Program Files\Common Files\Hewlett-Packard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [11/09/2006 04:07 PM]
"SoundMan"="SOUNDMAN.EXE" [09/22/2005 04:42 AM C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 10:46 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 09:52 PM]
"High Definition Audio Property Page Shortcut"="C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\HDAudPropShortcut.exe" [03/17/2004 05:10 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/2007 06:03 PM]
"WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" [08/01/2007 10:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"HijackThis startup scan"="C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" [08/02/2007 11:45 AM]
"WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" [08/01/2007 10:28 AM]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
system.exe [8/1/2007 10:28:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/20/2007 9:16:38 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
autorun.exe [8/1/2007 10:28:02 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12/15/2005 1:00:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"HideShutdownScripts"=0 (0x0)
"RunStartupScriptSync"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc




-- Hosts -----------------------------------------------------------------------

192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 atdmt.com
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 engine.awaps.net

8 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-08-20 11:25:48 ------------
Deckard's System Scanner v20070819.64
Run by User on 2007-08-20 11:23:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:58 AM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATP\Navigator\EZUpdateService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\deckardsdss.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [WinAVX] C:\WINDOWS\syst
Jim Burns
Active Member
 
Posts: 6
Joined: August 17th, 2007, 8:13 am

Unread postby silver » August 20th, 2007, 10:56 pm

Hi Jim Burns,

You've listed quite a number of issues in your last post:
  • Great that you deleted printer.exe
  • There are registry entries disabling Control Panel, Task Manager and Windows Update, we'll rectify those shortly.
  • With regard to Windows File Protection, that's bad news and we'll have to come back and deal with that.
  • Is the Microsoft .NET framework error with DSS?
  • When you say "the windows installer has gone out and I can't get it to download" do you mean Windows Update?

Before continuing, please also post the DSS extra.txt log

You should find the original extra.txt located in this folder or a subfolder under it named with the date and time of the scan:
C:\Deckard\System Scanner

If required, you can produce another one as follows:
  • Make sure DSS.exe is on your Desktop
  • Next press Start->Run, copy/paste the following command into the box and press OK:
    "%userprofile%\desktop\dss.exe" /config
  • A configuration box will appear, click the Check All button then then press Scan!
  • The extra report will be minimized so please look for it's window on the taskbar
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Lost and getting better.

Unread postby Jim Burns » August 21st, 2007, 9:43 am

We're getting there. The window installer (wizard) will not work and I have tried to get it to download a copy from Microsoft but there is a problem downloading it.
Here is a copy of what the NET framework window said.

Microsoft .NET Framework
An unhandled exception has occurred in a component in your application. Click continue and application will ignore
this error and attempt to continue.

Details:

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
at HP.CUE.Video.PlaybackControl.UpdateProgressBar()
at HP.CUE.Video.PlaybackControl._ProgressTimer_Tick(Object sender, EventArgs e)
at System.Windows.Forms.Timer.OnTick(EventArgs e)
at System.Windows.Forms.Timer.Callback(IntPtr hWnd, Int32 msg, IntPtr idEvent, IntPtr dwTime)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2407
CodeBase: file:///c:/windows/microsoft.net/framework/v1.1.4322/mscorlib.dll
----------------------------------------
hpqimzone
Assembly Version: 3.0.0.0
Win32 Version: 061.000.163.000
CodeBase: file:///C:/Program%20Files/HP/Digital%20Imaging/bin/hpqimzone.exe
----------------------------------------
hpqiface
Assembly Version: 4.0.0.0
Win32 Version: 061.000.163.000
CodeBase: file:///c:/windows/assembly/gac/hpqiface/4.0.0.0__a53cf5803f4c3827/hpqiface.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: file:///c:/windows/assembly/gac/system.windows.forms/1.0.5000.0__b77a5c561934e089/system.windows.forms.dll
----------------------------------------
System.Drawing
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: file:///c:/windows/assembly/gac/system.drawing/1.0.5000.0__b03f5f7f11d50a3a/system.drawing.dll
----------------------------------------
System
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2407
CodeBase: file:///c:/windows/assembly/gac/system/1.0.5000.0__b77a5c561934e089/system.dll
----------------------------------------
hpqcc2
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqcc2/3.0.0.0__a53cf5803f4c3827/hpqcc2.dll
----------------------------------------
hpqutils
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqutils/4.0.0.0__a53cf5803f4c3827/hpqutils.dll
----------------------------------------
hpqfmrsc
Assembly Version: 4.0.0.0
Win32 Version: 061.000.163.000
CodeBase: file:///c:/windows/assembly/gac/hpqfmrsc/4.0.0.0__a53cf5803f4c3827/hpqfmrsc.dll
----------------------------------------
hpqtray
Assembly Version: 4.0.0.0
Win32 Version: 061.000.163.000
CodeBase: file:///c:/windows/assembly/gac/hpqtray/4.0.0.0__a53cf5803f4c3827/hpqtray.dll
----------------------------------------
hpqovskn
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqovskn/3.0.0.0__a53cf5803f4c3827/hpqovskn.dll
----------------------------------------
hpqthumb
Assembly Version: 3.0.0.0
Win32 Version: 061.000.163.000
CodeBase: file:///c:/windows/assembly/gac/hpqthumb/3.0.0.0__a53cf5803f4c3827/hpqthumb.dll
----------------------------------------
hpqimvlt
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqimvlt/3.0.0.0__a53cf5803f4c3827/hpqimvlt.dll
----------------------------------------
hpqimgrc
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqimgrc/4.0.0.0__a53cf5803f4c3827/hpqimgrc.dll
----------------------------------------
hpqntrop
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqntrop/4.0.0.0__a53cf5803f4c3827/hpqntrop.dll
----------------------------------------
Interop.hpqcxm08
Assembly Version: 3.0.0.0
Win32 Version: 61.0.163.000
CodeBase: file:///c:/windows/assembly/gac/interop.hpqcxm08/3.0.0.0__a53cf5803f4c3827/interop.hpqcxm08.dll
----------------------------------------
System.Xml
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: file:///c:/windows/assembly/gac/system.xml/1.0.5000.0__b77a5c561934e089/system.xml.dll
----------------------------------------
LEAD
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead/13.0.0.113__9cf889f53ea9b907/lead.dll
----------------------------------------
LEAD.Wrapper
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.wrapper/13.0.0.113__9cf889f53ea9b907/lead.wrapper.dll
----------------------------------------
LEAD.Windows.Forms
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.windows.forms/13.0.0.113__9cf889f53ea9b907/lead.windows.forms.dll
----------------------------------------
LEAD.Drawing
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.drawing/13.0.0.113__9cf889f53ea9b907/lead.drawing.dll
----------------------------------------
interop.hpqimgr
Assembly Version: 4.0.0.0
Win32 Version: 4.0.0.0
CodeBase: file:///c:/windows/assembly/gac/interop.hpqimgr/4.0.0.0__a53cf5803f4c3827/interop.hpqimgr.dll
----------------------------------------
hpqasset
Assembly Version: 4.0.0.0
Win32 Version: 061.000.163.000
CodeBase: file:///c:/windows/assembly/gac/hpqasset/4.0.0.0__a53cf5803f4c3827/hpqasset.dll
----------------------------------------
hpqmirsc
Assembly Version: 3.0.0.0
Win32 Version: 061.000.163.000
CodeBase: file:///C:/Program%20Files/HP/Digital%20Imaging/bin/hpqmirsc.DLL
----------------------------------------
hpqedit
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqedit/3.0.0.0__a53cf5803f4c3827/hpqedit.dll
----------------------------------------
hpqvideo
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqvideo/3.0.0.0__a53cf5803f4c3827/hpqvideo.dll
----------------------------------------
LEAD.Windows.Forms.DrawingContainer
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.windows.forms.drawingcontainer/13.0.0.113__9cf889f53ea9b907/lead.windows.forms.drawingcontainer.dll
----------------------------------------
hpqmdmr
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqmdmr/4.0.0.0__a53cf5803f4c3827/hpqmdmr.dll
----------------------------------------
LEAD.Drawing.Imaging.ImageProcessing
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.drawing.imaging.imageprocessing/13.0.0.113__9cf889f53ea9b907/lead.drawing.imaging.imageprocessing.dll
----------------------------------------
hpqimlib
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqimlib/3.0.0.0__a53cf5803f4c3827/hpqimlib.dll
----------------------------------------
hpqglutl
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqglutl/4.0.0.0__a53cf5803f4c3827/hpqglutl.dll
----------------------------------------
Interop.hpqvideo
Assembly Version: 4.0.0.0
Win32 Version: 4.0.0.0
CodeBase: file:///c:/windows/assembly/gac/interop.hpqvideo/4.0.0.0__a53cf5803f4c3827/interop.hpqvideo.dll
----------------------------------------

************** JIT Debugging **************
To enable just in time (JIT) debugging, the config file for this
application or machine (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the machine
rather than being handled by this dialog.

Here is the extra file it seems all of what was posted did not make it to you.

Deckard's System Scanner v20070819.64
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JIM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\JIM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=JIM
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adaptec UDF Reader --> C:\WINDOWS\system32\UDFRUNIN.EXE
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop Elements --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
ATP NavigatorV(R) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{F178789A-F1B3-4730-98F6-EF0621FEBCD1}
Avantext TechPubs CD - Piper Navajo/Chieftain --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\plug_ins\UNWISE.EXE C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\plug_ins\Saratoga.LOG
Avantext TechPubs Manager --> C:\PROGRA~1\Avantext\TechPubs\pUnWise.exe C:\PROGRA~1\Avantext\TechPubs\TP.log
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
C-Media High Definition Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Cesview IIi 1.0.14 --> "C:\cv2i\unins000.exe"
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
CWFREE --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{6D3EED1C-F3DE-4A2E-B4D6-F9D22A3CF914}
Easy Recovery --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Easy Desk Utilities\Easy Recovery\ST5UNST.LOG"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
HandyBits EasyCrypto Deluxe --> "C:\Program Files\Common Files\Teknum Systems\tsUninst.exe" "C:\Program Files\HandyBits\EasyCrypto\HandyBits EasyCrypto Deluxe.del"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet 6500 Series --> rundll32 hpzcon10.dll,VendorJettison HP Deskjet 6500 Series
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 8.0 --> C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Premier Software 6.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
IML --> MsiExec.exe /I{7E63D1AC-6CC3-41AC-9012-F59335351EBE}
IrfanView (remove only) --> C:\Program Files\Irfanview\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java 2 SDK, SE v1.4.2_06 --> MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142060}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0010_eba5af0\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Malwarebytes' RogueRemover 1.21 --> "C:\Program Files\RogueRemover FREE\unins000.exe"
MetaFrame Presentation Server Client --> MsiExec.exe /I{DF1D5FEC-D67C-43C8-9230-41F5DF350196}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 97, Standard Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Std.stf
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft WSE 2.0 SP1 Runtime --> MsiExec.exe /X{C9603D6E-FC80-452E-A85D-CE29D4302AAD}
MTrax Add-Ons --> MsiExec.exe /I{194B0F84-7E11-484C-94D0-3F3A7CCACDA9}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NTI CD-Maker 2000 Plus --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewTech Infosystems\NTI CD-Maker 2000 Plus\Uninst.isu"
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Preclick PhotoBack Plug-in for HP --> MsiExec.exe /X{E13A66A4-8A37-451E-B4C5-E60BA0A777E3}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
The Shield AntiVirus 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A891D097-880A-41BB-8F86-A0D09E8D295F}\setup.exe" -l0x9
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinSafe 2001 --> C:\WINDOWS\ST5UNST.EXE -n "C:\WinSafe\ST5UNST.LOG"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8841 / Error
Event Submitted/Written: 08/20/2007 11:09:09 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type8840 / Warning
Event Submitted/Written: 08/20/2007 11:07:06 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80070005

Event Record #/Type8839 / Warning
Event Submitted/Written: 08/20/2007 11:07:05 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}', feature 'DocViewerExe' failed during request for component '{916C2D9A-BB97-4065-9F32-153578753C3A}'

Event Record #/Type8838 / Warning
Event Submitted/Written: 08/20/2007 11:07:05 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}', feature 'DocViewerExe', component '{00F96358-A54A-4FB9-8144-C90F621489FB}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\DigitalImaging\LeadToolsPath' does not exist.

Event Record #/Type8837 / Warning
Event Submitted/Written: 08/20/2007 11:07:05 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80070005



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26817 / Error
Event Submitted/Written: 08/20/2007 10:48:02 AM
Event ID/Source: 10024 / DCOM
Event Description:
The machine wide group policy Access Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.

Event Record #/Type26814 / Error
Event Submitted/Written: 08/20/2007 10:47:44 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Routing and Remote Access service terminated with service-specific error 340 (0x154).

Event Record #/Type26794 / Error
Event Submitted/Written: 08/20/2007 10:47:44 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Human Interface Device Access service terminated with the following error:
%%2

Event Record #/Type26788 / Error
Event Submitted/Written: 08/20/2007 10:44:55 AM / 08/20/2007 10:45:25 AM
Event ID/Source: 876 / Application Popup
Event Description:
Driver UdfReadr.SYS has been blocked from loading.

Event Record #/Type26779 / Error
Event Submitted/Written: 08/20/2007 10:32:17 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Routing and Remote Access service terminated with service-specific error 340 (0x154).



-- End of Deckard's System Scanner: finished at 2007-08-20 11:25:48 ------------

Deckard's System Scanner v20070819.64
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JIM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\JIM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=JIM
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adaptec UDF Reader --> C:\WINDOWS\system32\UDFRUNIN.EXE
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop Elements --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
ATP NavigatorV(R) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{F178789A-F1B3-4730-98F6-EF0621FEBCD1}
Avantext TechPubs CD - Piper Navajo/Chieftain --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\plug_ins\UNWISE.EXE C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\plug_ins\Saratoga.LOG
Avantext TechPubs Manager --> C:\PROGRA~1\Avantext\TechPubs\pUnWise.exe C:\PROGRA~1\Avantext\TechPubs\TP.log
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
C-Media High Definition Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Cesview IIi 1.0.14 --> "C:\cv2i\unins000.exe"
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
CWFREE --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{6D3EED1C-F3DE-4A2E-B4D6-F9D22A3CF914}
Easy Recovery --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Easy Desk Utilities\Easy Recovery\ST5UNST.LOG"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
HandyBits EasyCrypto Deluxe --> "C:\Program Files\Common Files\Teknum Systems\tsUninst.exe" "C:\Program Files\HandyBits\EasyCrypto\HandyBits EasyCrypto Deluxe.del"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet 6500 Series --> rundll32 hpzcon10.dll,VendorJettison HP Deskjet 6500 Series
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 8.0 --> C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Premier Software 6.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
IML --> MsiExec.exe /I{7E63D1AC-6CC3-41AC-9012-F59335351EBE}
IrfanView (remove only) --> C:\Program Files\Irfanview\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java 2 SDK, SE v1.4.2_06 --> MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142060}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0010_eba5af0\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Malwarebytes' RogueRemover 1.21 --> "C:\Program Files\RogueRemover FREE\unins000.exe"
MetaFrame Presentation Server Client --> MsiExec.exe /I{DF1D5FEC-D67C-43C8-9230-41F5DF350196}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 97, Standard Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Std.stf
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft WSE 2.0 SP1 Runtime --> MsiExec.exe /X{C9603D6E-FC80-452E-A85D-CE29D4302AAD}
MTrax Add-Ons --> MsiExec.exe /I{194B0F84-7E11-484C-94D0-3F3A7CCACDA9}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NTI CD-Maker 2000 Plus --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewTech Infosystems\NTI CD-Maker 2000 Plus\Uninst.isu"
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Preclick PhotoBack Plug-in for HP --> MsiExec.exe /X{E13A66A4-8A37-451E-B4C5-E60BA0A777E3}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
The Shield AntiVirus 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A891D097-880A-41BB-8F86-A0D09E8D295F}\setup.exe" -l0x9
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinSafe 2001 --> C:\WINDOWS\ST5UNST.EXE -n "C:\WinSafe\ST5UNST.LOG"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8841 / Error
Event Submitted/Written: 08/20/2007 11:09:09 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type8840 / Warning
Event Submitted/Written: 08/20/2007 11:07:06 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80070005

Event Record #/Type8839 / Warning
Event Submitted/Written: 08/20/2007 11:07:05 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}', feature 'DocViewerExe' failed during request for component '{916C2D9A-BB97-4065-9F32-153578753C3A}'

Event Record #/Type8838 / Warning
Event Submitted/Written: 08/20/2007 11:07:05 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}', feature 'DocViewerExe', component '{00F96358-A54A-4FB9-8144-C90F621489FB}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\DigitalImaging\LeadToolsPath' does not exist.

Event Record #/Type8837 / Warning
Event Submitted/Written: 08/20/2007 11:07:05 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80070005



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26817 / Error
Event Submitted/Written: 08/20/2007 10:48:02 AM
Event ID/Source: 10024 / DCOM
Event Description:
The machine wide group policy Access Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.

Event Record #/Type26814 / Error
Event Submitted/Written: 08/20/2007 10:47:44 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Routing and Remote Access service terminated with service-specific error 340 (0x154).

Event Record #/Type26794 / Error
Event Submitted/Written: 08/20/2007 10:47:44 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Human Interface Device Access service terminated with the following error:
%%2

Event Record #/Type26788 / Error
Event Submitted/Written: 08/20/2007 10:44:55 AM / 08/20/2007 10:45:25 AM
Event ID/Source: 876 / Application Popup
Event Description:
Driver UdfReadr.SYS has been blocked from loading.

Event Record #/Type26779 / Error
Event Submitted/Written: 08/20/2007 10:32:17 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Routing and Remote Access service terminated with service-specific error 340 (0x154).



-- End of Deckard's System Scanner: finished at 2007-08-20 11:25:48 ------------

Thanks again for all you help. I may not be able to respond to any replies until Friday as I will be out of town for a funeral. Will let you know how it goes then.
Jim
Jim Burns
Active Member
 
Posts: 6
Joined: August 17th, 2007, 8:13 am

Unread postby silver » August 21st, 2007, 10:04 pm

Hi Jim Burns,

I understand that you have numerous and significant problems with your computer right now however we need to deal with the active malware first so please bear with me.

Please upload a file for scanning:
Open http://virusscan.jotti.org/
Copy/paste this file and path into the white box at the top:
C:\WINDOWS\system\Reg.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Note: If Jotti is busy, you can use VirusTotal instead.

Next, please delete the copy of SmitfraudFix which you have:
C:\SmitfraudFix.exe

and download the latest SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.

IMPORTANT: Do NOT run any other options until you are asked to do so!

If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C: ), and launch from there.

Note: process.exe is detected by some antivirus programs as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Further info is available here.

Once complete, please post the Jotti results, the SmitfraudFix report and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Lost but better

Unread postby Jim Burns » August 24th, 2007, 9:42 am

Here are the files you requested. Thanks

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: Reg.dll
Status: OK
MD5: 1eef69be1171588a47c62dc65d273d9c
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 24 Aug 2007 12:45:59 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

SmitFraudFix v2.216

Scan done at 9:21:35.09, Fri 08/24/2007
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:00 AM, on 8/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATP\Navigator\EZUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1409082233-839522115-1003\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan (User '?')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hpzsetup.LNK = E:\HPZstub.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ATP EZUpdate Service (EZUpdateService) - Aircraft Technical Publishers - C:\Program Files\ATP\Navigator\EZUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - Unknown owner - (no file)

--
End of file - 7237 bytes
Jim Burns
Active Member
 
Posts: 6
Joined: August 17th, 2007, 8:13 am

Unread postby silver » August 24th, 2007, 9:31 pm

Hi Jim Burns,

Next, please open HijackThis, choose Do a system scan only and place a checkmark next to the following line:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe


Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:
cmd /c dir /a /s C:\system.exe >> "%userprofile%\desktop\look.txt"

A black box will appear on your screen, the hard disk will start working and a file called look.txt will appear on your Desktop. Don't open look.txt and wait for the black box to disappear.
Then, press Start->Run and copy/paste the following command:
cmd /c dir /a /s C:\autorun.exe >> "%userprofile%\desktop\look.txt"

Again, don't open look.txt until it's finished and the black box has disappeared.
Please post the contents of look.txt in your next response.

Then download ComboFix to your desktop
  • Double click combofix.exe and follow the prompts.
  • Note: Do not click ComboFix's window while it's running - it may cause it to stall!
  • When finished, it shall produce a log for you, please post it in your next response.


Once complete, please post the look.txt output, the ComboFix report and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby silver » September 2nd, 2007, 3:24 am

Hi,

How are you getting on?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Things are looking up

Unread postby Jim Burns » September 4th, 2007, 9:41 am

Things have gotten better and I do thank you for your help. Here are the logs. Look.txt then combofix and the last HiJackThis.

Volume in drive C has no label.
Volume Serial Number is 3043-3148
Volume in drive C has no label.
Volume Serial Number is 3043-3148
Volume in drive C has no label.
Volume Serial Number is 3043-3148
Volume in drive C has no label.
Volume Serial Number is 3043-3148
Volume in drive C has no label.
Volume Serial Number is 3043-3148
Volume in drive C has no label.
Volume Serial Number is 3043-3148

ComboFix 07-08-30.3 - "User" 2007-09-04 9:19:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.129 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


2007-09-04 08:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 16:43 <DIR> d-------- C:\Program Files\GPDBPA
2007-08-27 10:56 811 --------- C:\WINDOWS\hpomdl13.dat
2007-08-27 10:56 130,349 --a------ C:\WINDOWS\hpoins13.dat
2007-08-24 16:53 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-24 09:20 <DIR> d-------- C:\SmitfraudFix
2007-08-24 09:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-21 10:30 <DIR> d-------- C:\Program Files\CesViewIIi
2007-08-20 11:23 <DIR> d-------- C:\Deckard
2007-08-20 09:39 363,808 --a------ C:\Program Files\sygate.exe
2007-08-20 09:32 363,808 --a------ C:\Program Files\download-spf.exe.exe
2007-08-20 09:32 <DIR> d-------- C:\Downloads
2007-08-20 09:32 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\GetRightToGo
2007-08-17 16:54 <DIR> d-------- C:\movedfiles
2007-08-16 13:10 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-16 13:10 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-16 13:10 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-16 13:10 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-16 13:10 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-16 13:10 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-16 13:10 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-16 13:10 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-15 16:39 <DIR> d-------- C:\DOCUME~1\User\.housecall6.6
2007-08-15 15:31 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-08-15 15:31 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-08-15 15:31 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-08-15 15:16 121,344 --a--c--- C:\WINDOWS\system32\dllcache\phvfwext.dll
2007-08-15 15:07 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-08-15 15:07 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2007-08-15 15:07 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2007-08-15 15:07 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2007-08-15 15:07 26,442 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
2007-08-15 15:07 25,065 --a--c--- C:\WINDOWS\system32\dllcache\lmndis3.sys
2007-08-15 15:07 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2007-08-15 15:07 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
2007-08-15 15:07 15,744 --a--c--- C:\WINDOWS\system32\dllcache\lit220p.sys
2007-08-15 15:06 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-08-15 15:06 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2007-08-15 15:06 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-08-15 15:06 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-08-15 15:06 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2007-08-15 15:06 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-08-15 14:55 50,719 --a--c--- C:\WINDOWS\system32\dllcache\e1000nt5.sys
2007-08-15 14:55 19,594 --a--c--- C:\WINDOWS\system32\dllcache\e100isa4.sys
2007-08-15 14:55 117,760 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2007-08-15 14:48 60,970 --a--c--- C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
2007-08-15 14:48 6,912 --a--c--- C:\WINDOWS\system32\dllcache\ctlfacem.sys
2007-08-15 14:48 42,112 --a--c--- C:\WINDOWS\system32\dllcache\crtaud.sys
2007-08-15 14:48 216,064 --a--c--- C:\WINDOWS\system32\dllcache\cpscan.dll
2007-08-15 14:48 21,533 --a--c--- C:\WINDOWS\system32\dllcache\cpqndis5.sys
2007-08-15 14:48 175,104 --a--c--- C:\WINDOWS\system32\dllcache\csamsp.dll
2007-08-15 14:48 14,976 --a--c--- C:\WINDOWS\system32\dllcache\cpqarray.sys
2007-08-14 16:55 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-08-14 16:06 <DIR> d-------- C:\Program Files\Uniblue
2007-08-14 16:06 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Uniblue
2007-08-14 09:57 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-14 09:53 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-08-13 15:32 179 --a------ C:\handle.dat
2007-08-13 12:03 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-08-13 12:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-09 12:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-09 12:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-09 10:09 <DIR> d-------- C:\Program Files\Mincom
2007-08-09 10:09 <DIR> d-------- C:\Linkone
2007-08-09 09:41 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Mincom
2007-08-09 09:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mincom
2007-08-08 16:51 <DIR> d-------- C:\Program Files\ACW
2007-08-08 12:20 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\RegistryBot
2007-08-07 11:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 16:16 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Image Zone Express
2007-08-29 15:46 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Printer Info Cache
2007-08-27 11:34 --------- d-------- C:\Program Files\HP
2007-08-27 11:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
2007-08-24 09:21 2570 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-21 10:30 --------- d-------- C:\Program Files\Cessna
2007-08-20 10:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-16 09:07 3861216 --a------ C:\WINDOWS\system32\drivers\vrcore.sys
2007-08-14 12:38 --------- d-------- C:\Program Files\RegCure
2007-08-10 14:21 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-10 14:21 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-09 12:39 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Lavasoft
2007-08-07 19:51 --------- d-------- C:\Program Files\AWS
2007-08-07 19:49 --------- d-------- C:\Program Files\3B Software
2007-08-07 19:41 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-07 16:45 487424 --a------ C:\WINDOWS\system\hpzpm310.dll
2007-08-07 16:45 3182592 --a------ C:\WINDOWS\system\hpzr3210.dll
2007-08-07 16:45 196608 --a------ C:\WINDOWS\system\hpz2ku10.dll
2007-08-07 16:45 154112 --a------ C:\WINDOWS\system\FXSUI.DLL
2007-08-07 16:44 98408 --a------ C:\WINDOWS\system\java.dll
2007-08-07 16:44 950371 --a------ C:\WINDOWS\system\awt.dll
2007-08-07 16:44 94312 --a------ C:\WINDOWS\system\jpiexp32.dll
2007-08-07 16:44 94312 --a------ C:\WINDOWS\system\axbridge.dll
2007-08-07 16:44 86116 --a------ C:\WINDOWS\system\jpinsp.dll
2007-08-07 16:44 82024 --a------ C:\WINDOWS\system\jpicom32.dll
2007-08-07 16:44 73832 --a------ C:\WINDOWS\system\jpishare.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPOJI610.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJPI142.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava32.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava14.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava13.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava12.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava11.dll
2007-08-07 16:44 61536 --a------ C:\WINDOWS\system\eula.dll
2007-08-07 16:44 61533 --a------ C:\WINDOWS\system\jcov.dll
2007-08-07 16:44 57444 --a------ C:\WINDOWS\system\net.dll
2007-08-07 16:44 57442 --a------ C:\WINDOWS\system\verify.dll
2007-08-07 16:44 53353 --a------ C:\WINDOWS\system\zip.dll
2007-08-07 16:44 49267 --a------ C:\WINDOWS\system\JdbcOdbc.dll
2007-08-07 16:44 49247 --a------ C:\WINDOWS\system\hprof.dll
2007-08-07 16:44 45156 --a------ C:\WINDOWS\system\jpins7.dll
2007-08-07 16:44 41060 --a------ C:\WINDOWS\system\jpins6.dll
2007-08-07 16:44 36864 --a------ C:\WINDOWS\system\javawspl.dll
2007-08-07 16:44 32869 --a------ C:\WINDOWS\system\nio.dll
2007-08-07 16:44 327800 --a------ C:\WINDOWS\system\fontmanager.dll
2007-08-07 16:44 28780 --a------ C:\WINDOWS\system\hpi.dll
2007-08-07 16:44 28772 --a------ C:\WINDOWS\system\jpins4.dll
2007-08-07 16:44 266293 --a------ C:\WINDOWS\system\msvcrt.dll
2007-08-07 16:44 24704 --a------ C:\WINDOWS\system\ioser12.dll
2007-08-07 16:44 24678 --a------ C:\WINDOWS\system\dt_shmem.dll
2007-08-07 16:44 20600 --a------ C:\WINDOWS\system\jaas_nt.dll
2007-08-07 16:44 20584 --a------ C:\WINDOWS\system\dt_socket.dll
2007-08-07 16:44 20581 --a------ C:\WINDOWS\system\jawt.dll
2007-08-07 16:44 20579 --a------ C:\WINDOWS\system\rmi.dll
2007-08-07 16:44 20563 --a------ C:\WINDOWS\system\w2k_lsa_auth.dll
2007-08-07 16:44 139373 --a------ C:\WINDOWS\system\jsound.dll
2007-08-07 16:44 139364 --a------ C:\WINDOWS\system\dcpr.dll
2007-08-07 16:44 139363 --a------ C:\WINDOWS\system\cmm.dll
2007-08-07 16:44 139264 --a------ C:\WINDOWS\system\JavaWebStart.dll
2007-08-07 16:44 122981 --a------ C:\WINDOWS\system\jpeg.dll
2007-08-07 16:44 1208439 --a------ C:\WINDOWS\system\jvm.dll
2007-08-07 16:44 106600 --a------ C:\WINDOWS\system\RegUtils.dll
2007-08-07 16:44 102494 --a------ C:\WINDOWS\system\jdwp.dll
2007-08-03 12:31 --------- d---s---- C:\Program Files\Common Files\Teknum Systems
2007-08-03 12:05 5037072 --a------ C:\spybotsd14.exe
2007-08-03 09:11 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-08-03 05:31 --------- d-------- C:\Program Files\NoAdware5.0
2007-08-02 16:23 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
2007-08-02 16:10 7649240 --a------ C:\Windows-KB890830-V1.31.exe
2007-08-02 14:01 886519 --a------ C:\SmitfraudFix.exe
2007-08-02 13:45 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-08-02 12:18 3041520 --a------ C:\1setupxv.exe
2007-08-02 12:10 3041520 --a------ C:\spybotsetupxv.exe
2007-08-02 11:45 --------- d-------- C:\Program Files\Trend Micro
2007-08-02 11:44 812344 --a------ C:\HJTInstall.exe
2007-08-01 13:07 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-24 13:24 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-23 07:08 --------- d-------- C:\DOCUME~1\User\APPLIC~1\WeatherBug
2007-07-13 13:16 --------- d-------- C:\DOCUME~1\User\APPLIC~1\HP
2007-07-13 13:00 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Preclick
2007-07-11 08:38 278528 --a------ C:\WINDOWS\system32\livesnth.dll
2007-06-20 06:18 902776 --a------ C:\WINDOWS\system\NAVEX32A.DLL
2007-06-20 06:18 271992 --a------ C:\WINDOWS\system\ECMSVR32.DLL
2007-06-20 06:18 2603832 --a------ C:\WINDOWS\system\CCERASER.DLL
2007-06-20 06:18 120440 --a------ C:\WINDOWS\system\NAVENG32.DLL
2005-12-15 12:03 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 04:42 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52]
"High Definition Audio Property Page Shortcut"="C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\HDAudPropShortcut.exe" [2004-03-17 17:10]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"HijackThis startup scan"="C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" [2007-08-02 11:45]
"Update Service"="C:\Program Files\Common Files\Teknum Systems\update.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideStartupScripts"=0 (0x0)
"HideShutdownScripts"=0 (0x0)
"RunStartupScriptSync"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd

R2 EZUpdateService;ATP EZUpdate Service;C:\Program Files\ATP\Navigator\EZUpdateService.exe
S1 UdfReadr;UdfReadr;C:\WINDOWS\system32\drivers\UdfReadr.sys
S3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;C:\WINDOWS\system32\Drivers\FarDrive.sys
S3 s3chipid;s3chipid;\??\C:\DOCUME~1\User\LOCALS~1\Temp\s3chipid.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 VRcore;VRcore;C:\WINDOWS\system32\DRIVERS\VRcore.sys
S3 VRFIL;VRFIL;\??\C:\WINDOWS\system32\drivers\VRFIL.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-31 12:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-31 21:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
2007-08-31 07:00:00 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-31 07:30:00 C:\WINDOWS\Tasks\RegistryBot Scheduled Scan.job - C:\Program Files\RegistryBot\RegistryBot.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 09:22:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [908] 0x84A4EA48


scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-09-04 9:24:42
C:\ComboFix-quarantined-files.txt ... 2007-09-04 09:24
C:\ComboFix2.txt ... 2007-09-04 09:07

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:06 AM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATP\Navigator\EZUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7984245716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7975822161
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ATP EZUpdate Service (EZUpdateService) - Aircraft Technical Publishers - C:\Program Files\ATP\Navigator\EZUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - Unknown owner - (no file)

--
End of file - 7509 bytes

There they are, Have fun I think you should get paid alot for you services.
Jim Burns
Active Member
 
Posts: 6
Joined: August 17th, 2007, 8:13 am

Unread postby silver » September 4th, 2007, 10:53 pm

Hi Jim Burns,

Please open Start->Control Panel->Add/Remove Programs, look down the list for these items and remove them:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_06
Java 2 SDK, SE v1.4.2_06

These are out of date and now a security risk, you can get the latest update (version 6 update 2) from here

------------------------------------------------------------------------

  • Check that combofix.exe is on your Desktop
  • Then open Notepad: press Start->Run, type notepad and click OK
  • Copy/paste the contents of the below code box into Notepad:
    Code: Select all
    File::
    C:\WINDOWS\system32\WinAvXX.exe
    
    Driver::
    vrmonsvc
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=-
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel"=-
    "NoWindowsUpdate"=-
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"=-
    
    FileLook::
    C:\WINDOWS\hpomdl13.dat
    C:\WINDOWS\hpoins13.dat
    C:\Program Files\sygate.exe
    C:\Program Files\download-spf.exe.exe
    
    
  • Save this to your Desktop as CFScript.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Note: Do not click ComboFix's window while it's running - it may cause it to stall!

------------------------------------------------------------------------

Download Dr.WEB CureIt to your desktop from here:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Double-click cureit.exe to start the program.
  • Press Start and then OK to start the Express scan
  • The Express scan takes just a few moments to finish, if something is found, click Yes to cure it
  • Once the short scan has finished, Click Options->Change settings
  • Choose the Scan tab and UN-CHECK Heuristic analysis
  • Choose the Actions tab and next to Infected objects select Move, then press OK to close the settings box.
  • Note: These settings changes are IMPORTANT, please ensure you have made them before scanning
  • Select all hard drives to be scanned by clicking on them - choose all drives - a red dot confirms they will be scanned
  • Click the green arrow on the right to start the scan
  • Click Yes to all if it asks if you want to move a file
  • Click File-> Save report list and save the report to your desktop
  • Close Dr.Web Cureit and reboot your computer (this is important as files may be moved/deleted during reboot)


------------------------------------------------------------------------

Once complete, please post the new ComboFix report, the Dr Web log and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

finding the way

Unread postby Jim Burns » September 5th, 2007, 12:21 pm

You are making things better each time. Thanks
Here are the new logs. The control panel is back.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:30 AM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATP\Navigator\EZUpdateService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7984245716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7975822161
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ATP EZUpdate Service (EZUpdateService) - Aircraft Technical Publishers - C:\Program Files\ATP\Navigator\EZUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 7237 bytes


RegUBP2b-User.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots;Trojan.StartPage.1505;Moved.;
Process.exe;C:\Documents and Settings\User\Desktop\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\Documents and Settings\User\Desktop\SmitfraudFix;Tool.ShutDown.11;Moved.;
Process.exe;C:\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\SmitfraudFix;Tool.ShutDown.11;Moved.;
A0014828.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP17;Tool.Prockill;Moved.;
A0014830.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP17;Tool.ShutDown.11;Moved.;
A0000052.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0000054.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0000083.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0000085.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0000087.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0001075.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0001076.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0001077.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0001083.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0015795.reg;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP26;Trojan.StartPage.1505;Moved.;
A0001400.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP3;Trojan.Fakealert.305;Moved.;
A0001401.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP3;Trojan.Fakealert.305;Moved.;
A0001402.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP3;Trojan.Fakealert.305;Moved.;
A0001486.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001487.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001488.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001501.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001503.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001504.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001520.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001521.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001522.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001537.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001538.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001539.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001544.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001546.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001547.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001559.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001562.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001569.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Tool.Prockill;Moved.;
A0001581.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Tool.Prockill;Moved.;
A0001731.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Moved.;


ComboFix 07-08-30.3 - "User" 2007-09-05 9:08:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.100 [GMT -4:00]
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\WinAvXX.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_VRMONSVC
-------\vrmonsvc


((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))


2007-09-05 09:15 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-04 08:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 16:43 <DIR> d-------- C:\Program Files\GPDBPA
2007-08-27 10:56 811 --------- C:\WINDOWS\hpomdl13.dat
2007-08-27 10:56 130,349 --a------ C:\WINDOWS\hpoins13.dat
2007-08-24 16:53 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-24 09:20 <DIR> d-------- C:\SmitfraudFix
2007-08-24 09:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-21 10:30 <DIR> d-------- C:\Program Files\CesViewIIi
2007-08-20 11:23 <DIR> d-------- C:\Deckard
2007-08-20 09:39 363,808 --a------ C:\Program Files\sygate.exe
2007-08-20 09:32 363,808 --a------ C:\Program Files\download-spf.exe.exe
2007-08-20 09:32 <DIR> d-------- C:\Downloads
2007-08-20 09:32 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\GetRightToGo
2007-08-17 16:54 <DIR> d-------- C:\movedfiles
2007-08-16 13:10 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-16 13:10 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-16 13:10 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-16 13:10 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-16 13:10 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-16 13:10 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-16 13:10 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-16 13:10 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-15 16:39 <DIR> d-------- C:\DOCUME~1\User\.housecall6.6
2007-08-15 15:31 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-08-15 15:31 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-08-15 15:31 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-08-15 15:16 121,344 --a--c--- C:\WINDOWS\system32\dllcache\phvfwext.dll
2007-08-15 15:07 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-08-15 15:07 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2007-08-15 15:07 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2007-08-15 15:07 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2007-08-15 15:07 26,442 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
2007-08-15 15:07 25,065 --a--c--- C:\WINDOWS\system32\dllcache\lmndis3.sys
2007-08-15 15:07 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2007-08-15 15:07 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
2007-08-15 15:07 15,744 --a--c--- C:\WINDOWS\system32\dllcache\lit220p.sys
2007-08-15 15:06 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-08-15 15:06 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2007-08-15 15:06 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-08-15 15:06 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-08-15 15:06 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2007-08-15 15:06 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-08-15 14:55 50,719 --a--c--- C:\WINDOWS\system32\dllcache\e1000nt5.sys
2007-08-15 14:55 19,594 --a--c--- C:\WINDOWS\system32\dllcache\e100isa4.sys
2007-08-15 14:55 117,760 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2007-08-15 14:48 60,970 --a--c--- C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
2007-08-15 14:48 6,912 --a--c--- C:\WINDOWS\system32\dllcache\ctlfacem.sys
2007-08-15 14:48 42,112 --a--c--- C:\WINDOWS\system32\dllcache\crtaud.sys
2007-08-15 14:48 216,064 --a--c--- C:\WINDOWS\system32\dllcache\cpscan.dll
2007-08-15 14:48 21,533 --a--c--- C:\WINDOWS\system32\dllcache\cpqndis5.sys
2007-08-15 14:48 175,104 --a--c--- C:\WINDOWS\system32\dllcache\csamsp.dll
2007-08-15 14:48 14,976 --a--c--- C:\WINDOWS\system32\dllcache\cpqarray.sys
2007-08-14 16:55 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-08-14 16:06 <DIR> d-------- C:\Program Files\Uniblue
2007-08-14 16:06 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Uniblue
2007-08-14 09:57 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-14 09:53 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-08-13 15:32 179 --a------ C:\handle.dat
2007-08-13 12:03 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-08-13 12:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-09 12:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-09 12:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-09 10:09 <DIR> d-------- C:\Program Files\Mincom
2007-08-09 10:09 <DIR> d-------- C:\Linkone
2007-08-09 09:41 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Mincom
2007-08-09 09:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mincom
2007-08-08 16:51 <DIR> d-------- C:\Program Files\ACW
2007-08-08 12:20 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\RegistryBot
2007-08-07 11:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 16:16 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Image Zone Express
2007-08-29 15:46 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Printer Info Cache
2007-08-27 11:34 --------- d-------- C:\Program Files\HP
2007-08-27 11:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
2007-08-24 09:21 2570 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-21 10:30 --------- d-------- C:\Program Files\Cessna
2007-08-20 10:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-16 09:07 3861216 --a------ C:\WINDOWS\system32\drivers\vrcore.sys
2007-08-14 12:38 --------- d-------- C:\Program Files\RegCure
2007-08-10 14:21 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-10 14:21 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-09 12:39 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Lavasoft
2007-08-07 19:51 --------- d-------- C:\Program Files\AWS
2007-08-07 19:49 --------- d-------- C:\Program Files\3B Software
2007-08-07 19:41 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-07 16:45 487424 --a------ C:\WINDOWS\system\hpzpm310.dll
2007-08-07 16:45 3182592 --a------ C:\WINDOWS\system\hpzr3210.dll
2007-08-07 16:45 196608 --a------ C:\WINDOWS\system\hpz2ku10.dll
2007-08-07 16:45 154112 --a------ C:\WINDOWS\system\FXSUI.DLL
2007-08-07 16:44 98408 --a------ C:\WINDOWS\system\java.dll
2007-08-07 16:44 950371 --a------ C:\WINDOWS\system\awt.dll
2007-08-07 16:44 94312 --a------ C:\WINDOWS\system\jpiexp32.dll
2007-08-07 16:44 94312 --a------ C:\WINDOWS\system\axbridge.dll
2007-08-07 16:44 86116 --a------ C:\WINDOWS\system\jpinsp.dll
2007-08-07 16:44 82024 --a------ C:\WINDOWS\system\jpicom32.dll
2007-08-07 16:44 73832 --a------ C:\WINDOWS\system\jpishare.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPOJI610.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJPI142.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava32.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava14.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava13.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava12.dll
2007-08-07 16:44 65636 --a------ C:\WINDOWS\system\NPJava11.dll
2007-08-07 16:44 61536 --a------ C:\WINDOWS\system\eula.dll
2007-08-07 16:44 61533 --a------ C:\WINDOWS\system\jcov.dll
2007-08-07 16:44 57444 --a------ C:\WINDOWS\system\net.dll
2007-08-07 16:44 57442 --a------ C:\WINDOWS\system\verify.dll
2007-08-07 16:44 53353 --a------ C:\WINDOWS\system\zip.dll
2007-08-07 16:44 49267 --a------ C:\WINDOWS\system\JdbcOdbc.dll
2007-08-07 16:44 49247 --a------ C:\WINDOWS\system\hprof.dll
2007-08-07 16:44 45156 --a------ C:\WINDOWS\system\jpins7.dll
2007-08-07 16:44 41060 --a------ C:\WINDOWS\system\jpins6.dll
2007-08-07 16:44 36864 --a------ C:\WINDOWS\system\javawspl.dll
2007-08-07 16:44 32869 --a------ C:\WINDOWS\system\nio.dll
2007-08-07 16:44 327800 --a------ C:\WINDOWS\system\fontmanager.dll
2007-08-07 16:44 28780 --a------ C:\WINDOWS\system\hpi.dll
2007-08-07 16:44 28772 --a------ C:\WINDOWS\system\jpins4.dll
2007-08-07 16:44 266293 --a------ C:\WINDOWS\system\msvcrt.dll
2007-08-07 16:44 24704 --a------ C:\WINDOWS\system\ioser12.dll
2007-08-07 16:44 24678 --a------ C:\WINDOWS\system\dt_shmem.dll
2007-08-07 16:44 20600 --a------ C:\WINDOWS\system\jaas_nt.dll
2007-08-07 16:44 20584 --a------ C:\WINDOWS\system\dt_socket.dll
2007-08-07 16:44 20581 --a------ C:\WINDOWS\system\jawt.dll
2007-08-07 16:44 20579 --a------ C:\WINDOWS\system\rmi.dll
2007-08-07 16:44 20563 --a------ C:\WINDOWS\system\w2k_lsa_auth.dll
2007-08-07 16:44 139373 --a------ C:\WINDOWS\system\jsound.dll
2007-08-07 16:44 139364 --a------ C:\WINDOWS\system\dcpr.dll
2007-08-07 16:44 139363 --a------ C:\WINDOWS\system\cmm.dll
2007-08-07 16:44 139264 --a------ C:\WINDOWS\system\JavaWebStart.dll
2007-08-07 16:44 122981 --a------ C:\WINDOWS\system\jpeg.dll
2007-08-07 16:44 1208439 --a------ C:\WINDOWS\system\jvm.dll
2007-08-07 16:44 106600 --a------ C:\WINDOWS\system\RegUtils.dll
2007-08-07 16:44 102494 --a------ C:\WINDOWS\system\jdwp.dll
2007-08-03 12:31 --------- d---s---- C:\Program Files\Common Files\Teknum Systems
2007-08-03 12:05 5037072 --a------ C:\spybotsd14.exe
2007-08-03 09:11 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-08-03 05:31 --------- d-------- C:\Program Files\NoAdware5.0
2007-08-02 16:23 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
2007-08-02 16:10 7649240 --a------ C:\Windows-KB890830-V1.31.exe
2007-08-02 14:01 886519 --a------ C:\SmitfraudFix.exe
2007-08-02 13:45 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-08-02 12:18 3041520 --a------ C:\1setupxv.exe
2007-08-02 12:10 3041520 --a------ C:\spybotsetupxv.exe
2007-08-02 11:45 --------- d-------- C:\Program Files\Trend Micro
2007-08-02 11:44 812344 --a------ C:\HJTInstall.exe
2007-08-01 13:07 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-24 13:24 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-23 07:08 --------- d-------- C:\DOCUME~1\User\APPLIC~1\WeatherBug
2007-07-13 13:16 --------- d-------- C:\DOCUME~1\User\APPLIC~1\HP
2007-07-13 13:00 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Preclick
2007-07-11 08:38 278528 --a------ C:\WINDOWS\system32\livesnth.dll
2007-06-20 06:18 902776 --a------ C:\WINDOWS\system\NAVEX32A.DLL
2007-06-20 06:18 271992 --a------ C:\WINDOWS\system\ECMSVR32.DLL
2007-06-20 06:18 2603832 --a------ C:\WINDOWS\system\CCERASER.DLL
2007-06-20 06:18 120440 --a------ C:\WINDOWS\system\NAVENG32.DLL
2005-12-15 12:03 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


- Not a PE file.

- Not a PE file.

---- C:\Program Files\sygate.exe ----

Company: Digital River, Inc.
File Description: Simtel Downloader
File Version: 1.0.0
Product Name: Simtel Downloader
Copyright: c Digital River, Inc.
Original file name: dr-simtel.exe

---- C:\Program Files\download-spf.exe.exe ----

Company: Digital River, Inc.
File Description: Simtel Downloader
File Version: 1.0.0
Product Name: Simtel Downloader
Copyright: c Digital River, Inc.
Original file name: dr-simtel.exe


((((((((((((((((((((((((((((( snapshot_2007-09-04_ 90634.50 )))))))))))))))))))))))))))))))))))))))))

----a-w 43,520 2004-08-04 04:56:42 C:\WINDOWS\LastGood\system32\dllcache\admwprox.dll
----a-w 290,816 2004-08-04 04:56:42 C:\WINDOWS\LastGood\system32\dllcache\adsiis51.dll
----atw 16,384 2007-09-05 13:14:19 C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
--sha-w 16,384 2007-09-05 13:14:18 C:\WINDOWS\Temp\Cookies\index.dat
--sha-w 16,384 2007-09-05 13:14:18 C:\WINDOWS\Temp\History\History.IE5\index.dat
--sha-w 32,768 2007-09-05 13:14:18 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

--sha-w 16,384 2007-08-31 13:24:15 C:\WINDOWS\Temp\Cookies\index.dat
--sha-w 16,384 2007-08-31 13:24:15 C:\WINDOWS\Temp\History\History.IE5\index.dat
--sha-w 32,768 2007-08-31 13:24:15 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 04:42 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52]
"High Definition Audio Property Page Shortcut"="C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\HDAudPropShortcut.exe" [2004-03-17 17:10]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"HijackThis startup scan"="C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" [2007-08-02 11:45]
"Update Service"="C:\Program Files\Common Files\Teknum Systems\update.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideStartupScripts"=0 (0x0)
"HideShutdownScripts"=0 (0x0)
"RunStartupScriptSync"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd

R2 EZUpdateService;ATP EZUpdate Service;C:\Program Files\ATP\Navigator\EZUpdateService.exe
S1 UdfReadr;UdfReadr;C:\WINDOWS\system32\drivers\UdfReadr.sys
S3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;C:\WINDOWS\system32\Drivers\FarDrive.sys
S3 s3chipid;s3chipid;\??\C:\DOCUME~1\User\LOCALS~1\Temp\s3chipid.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 VRcore;VRcore;C:\WINDOWS\system32\DRIVERS\VRcore.sys
S3 VRFIL;VRFIL;\??\C:\WINDOWS\system32\drivers\VRFIL.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


Contents of the 'Scheduled Tasks' folder
2007-08-31 12:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-04 21:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
2007-09-05 07:00:00 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-09-05 07:30:00 C:\WINDOWS\Tasks\RegistryBot Scheduled Scan.job - C:\Program Files\RegistryBot\RegistryBot.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 09:15:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\LastGood
**************************************************************************

Completion time: 2007-09-05 9:20:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-05 09:20
C:\ComboFix2.txt ... 2007-09-04 09:24
C:\ComboFix3.txt ... 2007-09-04 09:07

--- E O F ---


RegUBP2b-User.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots;Trojan.StartPage.1505;Moved.;
Process.exe;C:\Documents and Settings\User\Desktop\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\Documents and Settings\User\Desktop\SmitfraudFix;Tool.ShutDown.11;Moved.;
Process.exe;C:\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\SmitfraudFix;Tool.ShutDown.11;Moved.;
A0014828.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP17;Tool.Prockill;Moved.;
A0014830.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP17;Tool.ShutDown.11;Moved.;
A0000052.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0000054.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0000083.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0000085.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0000087.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0001075.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0001076.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0001077.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0001083.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP2;Trojan.Fakealert.305;Moved.;
A0015795.reg;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP26;Trojan.StartPage.1505;Moved.;
A0001400.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP3;Trojan.Fakealert.305;Moved.;
A0001401.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP3;Trojan.Fakealert.305;Moved.;
A0001402.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP3;Trojan.Fakealert.305;Moved.;
A0001486.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001487.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001488.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001501.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001503.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001504.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001520.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001521.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001522.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001537.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001538.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001539.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001544.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001546.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001547.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001559.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001562.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
A0001569.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Tool.Prockill;Moved.;
A0001581.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Tool.Prockill;Moved.;
A0001731.exe;C:\System Volume Information\_restore{B0AF46D8-7773-4ED1-A034-5C270D1A492D}\RP4;Trojan.Fakealert.305;Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Moved.;
Jim Burns
Active Member
 
Posts: 6
Joined: August 17th, 2007, 8:13 am

Unread postby silver » September 5th, 2007, 10:09 pm

Hi Jim Burns,

All that looks pretty good :)

Download HostsXpert.
  • Unzip HostsXpert.zip
  • Double click on HostsXpert.exe
  • Click Backup/Restore->Create Backup to back up your existing hosts file
  • Then click on Restore Original Hosts and OK the prompt to restore your Hosts file to the default
  • Click on Make Hosts Read Only to secure it against changes
  • Close program when complete.
  • If for any reason you wish to restore the old hosts file, you can do so by pressing Make Writeable?, then Backup/Restore->Restore Backup and OK to the prompt.


Once complete, please let me know how your computer is running now.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby silver » September 9th, 2007, 11:37 pm

How are things going?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Elrond » September 16th, 2007, 12:58 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 481 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware