help me please im desperate! |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour.
Learn more about Geeks to Go by taking the tour.
  |
 May 16 2008, 09:13 PM
Post
#1
|
|
|
New Member  Posts: 8 OS: xp  |
hi guys im on windows xp and i turned onmy computer tonight and every so often my taskbar and desktop items keep disapearing for no reason!! ive done a full system scan and found no errors i have looked around the net and seems alot have this problem! im not very technically minded so i would really appreciate help as i have so much work to do as im currently doing my gcse's and need the computer but it wont let me do anything or see anything with this problem!! ive posted a log from micro trends hijak
PLEASE HELP ME I NEED THIS COMPUTER SO BADLY THIS WEEKEND!!! thanks guys heres the log! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:08:43, on 17/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Spyware Doctor\update.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\oem.ADAM\Local Settings\Temporary Internet Files\Content.IE5\7D7FMGXK\hijackthis[1].exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...nt&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\tuvWnoOG.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {CEAC2265-CFB4-4DB3-A742-4DE5E81C2BA4} - C:\WINDOWS\system32\qoMeBtQJ.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\DOCUME~1\OEM~1.ADA\Desktop\FlashFXP\IEFlash.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161349_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [msci] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161345_mcinfo.exe /insfin O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: VTAgentReboot.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206477721343 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O20 - Winlogon Notify: tuvWnoOG - C:\WINDOWS\SYSTEM32\tuvWnoOG.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O24 - Desktop Component 0: countdown2 - http://gtahq.multiplayernetwork.net/countdown21024.html -- End of file - 8264 bytes |
 |
 
|
|
May 17 2008, 04:21 AM
Post
#2
|
|
|
New Member Posts: 8 OS: xp |
anybody please???
|
|
|
|
|
May 17 2008, 04:35 AM
Post
#3
|
|
 Trusted Helper  Posts: 2,025 From: Tel-Aviv, Israel OS: Windows XP Pro SP2 |
Hi adamj2008,
Please be patient. Our helpers are very busy and remember that there are timezone differences. My name is Tal, and I will be helping you in the process of removing malware from your computer. Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed. You have quite a collection there, as I know this infection from other logs. I hope that you are familiar with running tasks from the Task Manager? If not, let me explain. If and when your desktop crashes, and we'll need to do a fix, press CTRL+ALT+DELETE to bring up the Task Manager, then click on New Task, browse to the location of the program and click OK to run it. First, let's try an automated removal program, and fetch a log that will help us get a better idea on what's going on inside. Step1 : VundoFix Please download VundoFix.exe to your desktop
Step2 : DSS Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Summary In your next reply, please include the following:
Regards, Tal  --------------------   Over the upcoming weeks my time might be sparse on some days due to redecoration in my house and finals, so please be patient if I'm helping you. Excellent free tools: Has it been more than 3 days since my last reply? Send me a PM! Please don't PM me asking for support. Ask on the forums instead so everyone could benefit from your experience. My help is always free, but if you feel that I have helped you, please consider donating to help me continue the fight against malware.  |
|
|
|
|
May 17 2008, 06:39 AM
Post
#4
|
|
|
New Member Posts: 8 OS: xp |
hi mate sorry if i was sounding impatient. ive done as you have said and these were the results
vundofix log - VundoFix V7.0.3 Scan started at 13:20:46 17/05/2008 Listing files found while scanning.... C:\Program Files\PowerISO\PWRISOSH.DLL Beginning removal... Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted! Performing Repairs to the registry. Done! --------------------------------------------------------------------------------------------- main dss log - Deckard's System Scanner v20071014.68 Run by oem on 2008-05-17 13:35:32 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 94: 2008-05-17 12:35:42 UTC - RP1013 - Deckard's System Scanner Restore Point 93: 2008-05-16 23:18:38 UTC - RP1012 - Removed Alcohol 120% 92: 2008-05-16 23:10:12 UTC - RP1011 - Last known good configuration 91: 2008-05-15 08:08:42 UTC - RP1010 - System Checkpoint 90: 2008-05-13 17:22:11 UTC - RP1009 - System Checkpoint -- First Restore Point -- 1: 2008-05-16 23:09:39 UTC - RP920 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as oem.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:36:52, on 17/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\essspk.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\sistray.exe C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\oem.ADAM\Local Settings\Temporary Internet Files\Content.IE5\7D7FMGXK\dss[1].exe C:\WINDOWS\explorer.exe C:\DOCUME~1\OEM~1.ADA\LOCALS~1\TEMPOR~1\Content.IE5\7D7FMGXK\oem.exe C:\WINDOWS\system32\imapi.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...nt&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {29217EFD-8754-46D1-A3B1-B6E3C3DF0ED2} - C:\WINDOWS\system32\qoMeBtQJ.dll O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\tuvWnoOG.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\DOCUME~1\OEM~1.ADA\Desktop\FlashFXP\IEFlash.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161349_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [msci] C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161345_mcinfo.exe /insfin O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: VTAgentReboot.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206477721343 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O20 - Winlogon Notify: tuvWnoOG - C:\WINDOWS\SYSTEM32\tuvWnoOG.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O24 - Desktop Component 0: countdown2 - http://gtahq.multiplayernetwork.net/countdown21024.html -- End of file - 8774 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - "regedit.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 MMRTKRNL - c:\windows\system32\drivers\mmrtkrnl.sys <Not Verified; ALCATech; ALCATech Realtime Audio Kernel> R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver> R0 Vax347b - c:\windows\system32\drivers\vax347b.sys R0 Vax347s - c:\windows\system32\drivers\vax347s.sys R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver> R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> S3 actser - c:\windows\system32\drivers\actser.sys <Not Verified; Siemens AG; Actser Filter Driver> S3 cpuz128 - c:\docume~1\oem~1.ada\locals~1\temp\cpuz_x32.sys (file missing) S3 FXDRV - d:\fxdrv.sys (file missing) S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing) S3 SANDRA - c:\program files\sisoftware\sisoftware sandra professional business xii.sp2\wnt500x86\sandra.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-04-17 and 2008-05-17 ----------------------------- 2008-05-17 01:02:44 0 d-------- C:\VundoFix Backups 2008-05-17 00:09:28 89992 --ahs---- C:\WINDOWS\system32\JQtBeMoq.ini2 2008-05-17 00:09:23 370688 --a------ C:\WINDOWS\system32\qoMeBtQJ.dll 2008-05-17 00:04:17 59392 --a------ C:\WINDOWS\system32\tuvWnoOG.dll 2008-05-16 15:58:05 0 d-------- C:\Program Files\WinAVI Video Converter 2008-05-05 22:12:35 0 d-------- C:\Program Files\CubedLabs YouTube Download Convert 2008-05-05 04:21:48 188416 --a------ C:\WINDOWS\system32\macdll.dll <Not Verified; Matthew T. Ashland; Monkey's Audio> 2008-05-05 04:21:47 0 d-------- C:\Program Files\KC Softwares 2008-04-25 18:02:58 0 d-------- C:\movies 2008-04-20 17:23:33 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\GEAR Video 9.00 2008-04-20 17:20:35 28672 --a------ C:\WINDOWS\system32\Test.dll <Not Verified; Extentia Information Technology; setupEncryptDecrypt> 2008-04-20 17:20:34 40448 --a------ C:\WINDOWS\system32\regobj.dll 2008-04-20 17:20:32 32768 --a------ C:\WINDOWS\system32\LWXLLDFRequest3.dll <Not Verified; KMT Software, Inc.; LLDataRequest> 2008-04-20 17:20:32 36864 --a------ C:\WINDOWS\system32\LWLLInstances3.dll <Not Verified; KMT Software, Inc.; LLInstances> 2008-04-20 17:20:32 77824 --a------ C:\WINDOWS\system32\LWLLClientMiddleWare3.dll <Not Verified; KMT Software, Inc.; LLClientMiddleWare> 2008-04-20 17:20:32 32768 --a------ C:\WINDOWS\system32\LWLLClasses3.dll <Not Verified; KMT Software, Inc.; LWLLClasses> 2008-04-20 17:20:32 24576 --a------ C:\WINDOWS\system32\GUID.dll <Not Verified; Extentia Information Technology; GUID> 2008-04-20 17:20:32 40960 --a------ C:\WINDOWS\system32\coreEncryptDecrypt.dll <Not Verified; Extentia Information Technology; Project1> 2008-04-20 17:20:31 151552 --a------ C:\WINDOWS\system32\LWLLHttpsUpload2.dll <Not Verified; ; LLHttpsUpload2 Module> 2008-04-20 17:20:31 36864 --a------ C:\WINDOWS\system32\AdvMetrics.dll <Not Verified; extentia; AdvMetrics> 2008-04-20 08:33:26 0 d-------- C:\Program Files\TVersity 2008-04-20 08:12:21 0 d-------- C:\Program Files\Windows Media Connect 2 2008-04-20 08:09:27 0 d-------- C:\b436b8e677a1f9f4a3380b2339 2008-04-20 08:09:23 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-20 07:50:22 0 d-------- C:\Program Files\Sky Broadband -- Find3M Report --------------------------------------------------------------- 2008-05-17 13:32:06 0 d-------- C:\Program Files\PowerISO 2008-05-17 11:20:07 0 d-------- C:\Program Files\Spyware Doctor 2008-05-17 00:18:00 0 d-------- C:\Program Files\LimeWire 2008-05-14 20:28:56 0 d-------- C:\Program Files\Soulseek 2008-05-10 16:44:36 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\uTorrent 2008-05-05 09:40:12 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\Publish Providers 2008-05-05 02:14:59 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-04 22:43:47 0 d-------- C:\Program Files\Kontiki 2008-05-04 22:39:16 0 d-------- C:\Program Files\VstPlugins 2008-05-04 22:38:21 0 d-------- C:\Program Files\mIRC 2008-05-04 22:37:48 0 d-------- C:\Program Files\Image-Line 2008-05-04 22:36:59 0 d-------- C:\Program Files\Common Files 2008-04-25 19:05:13 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\Adobe 2008-04-20 17:22:07 0 d-------- C:\Program Files\DivX 2008-04-15 03:52:03 0 d-------- C:\Program Files\utorrent 2008-04-13 12:12:36 13343 --a------ C:\WINDOWS\system32\winupsvc.exe 2008-04-13 12:12:33 13343 --a------ C:\WINDOWS\system32\winsvcup.exe 2008-04-13 12:12:33 13343 --a------ C:\WINDOWS\system32\mswinup.exe 2008-04-13 06:11:08 0 d-------- C:\Program Files\MagicISO 2008-03-31 03:09:13 0 d-------- C:\Program Files\DAP 2008-03-30 13:32:24 0 d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter 2008-03-29 03:26:12 0 d-------- C:\Program Files\ASIO4ALL v2 2008-03-29 03:23:34 0 d-------- C:\Program Files\Outsim 2008-03-28 04:09:55 0 d-------- C:\Program Files\Audacity 2008-03-25 19:08:27 0 d-------- C:\Program Files\MSN Messenger 2008-03-25 19:06:30 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-25 19:03:50 0 d-------- C:\Program Files\Windows Live 2008-03-25 18:54:39 0 d-------- C:\Program Files\Messenger Plus! Live 2008-03-17 00:22:20 0 d-------- C:\Program Files\WAV to MP3 Encoder 2008-03-17 00:21:59 0 d-------- C:\Documents and Settings\oem.ADAM\Application Data\Eltima Software 2008-03-17 00:21:03 0 d-------- C:\Program Files\Sony 2008-03-17 00:19:15 0 d-------- C:\Program Files\Mobile Phone Manager 2008-03-17 00:10:44 0 d-------- C:\Program Files\Flash Favorite 2008-03-17 00:10:18 0 d-------- C:\Program Files\Apollo DivX to DVD Creator -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29217EFD-8754-46D1-A3B1-B6E3C3DF0ED2}] 17/05/2008 00:09 370688 --a------ C:\WINDOWS\system32\qoMeBtQJ.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}] 17/05/2008 00:04 59392 --a------ C:\WINDOWS\system32\tuvWnoOG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 11:15] "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [25/06/2004 20:50] "SoundMan"="SOUNDMAN.EXE" [01/07/2004 11:23 C:\WINDOWS\SOUNDMAN.EXE] "EssSpkPhone"="essspk.exe" [19/10/2001 03:49 C:\WINDOWS\essspk.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/06/2005 11:58] "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [04/09/2003 18:45] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 19:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [27/08/2005 03:14] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [11/05/2005 10:46] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/08/2005 02:22] "Realtime Audio Engine"="mmrtkrnl.exe" [20/01/2005 20:02 C:\WINDOWS\system32\MMRTKRNL.EXE] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [29/07/2006 12:07] "Cleanup"="C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161349_mcappins.exe" [] "msci"="C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp\2008316161345_mcinfo.exe" [] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 20:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [15/04/2005 00:56] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/07/2007 07:49] C:\Documents and Settings\oem.ADAM\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [17/03/2005 03:16:50] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [01/10/2004 23:12:18] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [03/06/2005 23:05:06] VTAgentReboot.exe [07/10/2001 13:11:30] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\WINDOWS\system32\tuvWnoOG.dll [17/05/2008 00:04 59392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWnoOG] tuvWnoOG.dll 17/05/2008 00:04 59392 C:\WINDOWS\system32\tuvWnoOG.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 21/12/2001 07:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMeBtQJ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ -- End of Deckard's System Scanner: finished at 2008-05-17 13:37:57 ------------ |
|
|
|
|
May 17 2008, 06:40 AM
Post
#5
|
|
|
New Member Posts: 8 OS: xp |
dss extra log -
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 3.00GHz CPU 1: Intel® Pentium® 4 CPU 3.00GHz Percentage of Memory in Use: 21% Physical Memory (total/avail): 2015.48 MiB / 1584.07 MiB Pagefile Memory (total/avail): 2200.48 MiB / 1823.13 MiB Virtual Memory (total/avail): 2047.88 MiB / 1932.2 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 74.52 GiB total, 38.52 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD800BB-00JHA0 - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. UpdatesDisableNotify is set. AV: McAfee VirusScan v (McAfee) Disabled Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\oem.ADAM\\Desktop\\FlashFXP\\flashfxp.exe"="C:\\Documents and Settings\\oem.ADAM\\Desktop\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3" "C:\\Desktop\\FlashFXP\\flashfxp.exe"="C:\\Desktop\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Documents and Settings\\oem.ADAM\\Desktop\\FlashFXP\\flashfxp.exe"="C:\\Documents and Settings\\oem.ADAM\\Desktop\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3" "C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Desktop\\FlashFXP\\flashfxp.exe"="C:\\Desktop\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\Program Files\\Kazaa Lite K++\\klrun.exe"="C:\\Program Files\\Kazaa Lite K++\\klrun.exe:*:Enabled:Kazaa Lite K++" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire PRO 4.10.3" "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite" "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)" "C:\\Documents and Settings\\oem.ADAM\\Desktop\\Use This\\ADAMMM~1\\virtualdj_trial.exe"="C:\\Documents and Settings\\oem.ADAM\\Desktop\\Use This\\ADAMMM~1\\virtualdj_trial.exe:*:Enabled:VirtualDJ" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord" "C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\Kontiki\\KHost.exe"="C:\\Program Files\\Kontiki\\KHost.exe:*:Enabled:Delivery Manager" "C:\\Documents and Settings\\oem.ADAM\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\oem.ADAM\\Desktop\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS APPDATA=C:\Documents and Settings\oem.ADAM\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=ADAM ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\oem.ADAM LOGONSERVER=\\ADAM NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0304 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp TMP=C:\DOCUME~1\OEM~1.ADA\LOCALS~1\Temp USERDOMAIN=ADAM USERNAME=oem USERPROFILE=C:\Documents and Settings\oem.ADAM windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- oem.ADAM (admin) Julie -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AC3 Decoder --> C:\Program Files\Mediatwins software\AC3 Decoder\uninstall.exe Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Allok AVI to DVD SVCD VCD Converter 3.0.0524 --> "C:\Program Files\Allok AVI to DVD SVCD VCD Converter\unins000.exe" ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe" BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe Bluetooth Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE Easy Avi/Divx/Xvid to DVD Burner 2.4.3 --> "C:\Program Files\Easy Avi Divx Xvid to DVD Burner\unins000.exe" Elecard Codec Pack --> "C:\Program Files\Elecard\Elecard Codec Pack\Uninstall.exe" "C:\Program Files\Elecard\Elecard Codec Pack\install.log" -u FirstClass® Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -l0x9 -uninst FlashFXP v3 --> "C:\Documents and Settings\oem.ADAM\Desktop\FlashFXP\unins000.exe" FlashFXP v3.2.0 (Build 1080) Scene Edition --> C:\WINDOWS\unvise32.exe C:\Desktop\FlashFXP\uninstal.log Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe" HijackThis 2.0.2 --> "C:\Documents and Settings\oem.ADAM\Local Settings\Temporary Internet Files\Content.IE5\7D7FMGXK\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IsoBuster 1.8 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} KC Softwares AudioGrail --> "C:\Program Files\KC Softwares\AudioGrail\unins000.exe" Labtec WebCam --> MsiExec.exe /I{0463B519-E4C8-4C16-84AA-4743D1ED91B5} Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft J# Browser Controls v1.1 --> MsiExec.exe /X{0A191950-D5D2-492B-80CD-D50890D46AB5} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL Nokia Multimedia Converter 2.0 --> "C:\Nokia\Tools\Nokia_Multimedia_Converter_2_0\Uninstall\Uninstaller.exe" PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall PPStream --> "C:\Program Files\PPStream\unins000.exe" QuickChange --> C:\PROGRA~1\QUICKC~1\UNWISE.EXE C:\PROGRA~1\QUICKC~1\INSTALL.LOG QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE SHOUTcast Source DSP 1.8.2 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R Sky Broadband --> C:\Program Files\Sky Broadband\Bin\uninstall.exe Sony ACID 4.0f --> MsiExec.exe /I{36235A3F-92C7-4F90-84E7-3697C59AD369} Sony Media Manager 2.0 --> MsiExec.exe /X{D60D2B02-125F-4DDB-9674-41DD538C457A} Sony Sound Forge 7.0b --> MsiExec.exe /I{6B629F70-BE1D-456E-AA97-73619020E7A1} SopCore 1.1.2 --> C:\Program Files\SopCast\uninst.exe SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe" Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG StuffPlug-NG (Messenger Plus! Plugins) --> C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG\Uninstall.exe Synacast Plug-in 1.1.0.7 --> C:\Program Files\Common Files\Synacast\SynaLive\uninst.exe Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe TimeFactory --> C:\WINDOWS\uninst.exe -f"C:\Program Files\PROSONIQ\TimeFactory\DeIsL1.isu" -c"C:\Program Files\PROSONIQ\TimeFactory\_ISREG32.DLL" UltraISO V7.56 ME --> "C:\Program Files\UltraISO\unins000.exe" Uninstall ESS Modem --> C:\WINDOWS\remvess Virtual DJ - Atomix Productions --> C:\DOCUME~1\OEM~1.ADA\Desktop\VIRTUA~2\UNWISE.EXE C:\DOCUME~1\OEM~1.ADA\Desktop\VIRTUA~2\INSTALL.LOG VoipStunt 2.08 build 277 --> "C:\Program Files\VoipStunt.com\VoipStunt\unins000.exe" Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe" WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Yahoo! Address AutoComplete --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll YouTube Download & Convert 1.1.4 --> C:\Program Files\CubedLabs YouTube Download Convert\Uninstal.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type2654 / Error Event Submitted/Written: 05/17/2008 11:20:26 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application sistray.exe, version 0.0.0.3581, faulting module sistray.exe, version 0.0.0.3581, fault address 0x000016dd. Processing media-specific event for [sistray.exe!ws!] Event Record #/Type2594 / Error Event Submitted/Written: 05/17/2008 05:04:29 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application sistray.exe, version 0.0.0.3581, faulting module sistray.exe, version 0.0.0.3581, fault address 0x000016dd. Processing media-specific event for [sistray.exe!ws!] Event Record #/Type2563 / Error Event Submitted/Written: 05/17/2008 04:48:21 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application sistray.exe, version 0.0.0.3581, faulting module sistray.exe, version 0.0.0.3581, fault address 0x000016dd. Processing media-specific event for [sistray.exe!ws!] Event Record #/Type2465 / Error Event Submitted/Written: 05/17/2008 00:45:12 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application sistray.exe, version 0.0.0.3581, faulting module sistray.exe, version 0.0.0.3581, fault address 0x000016dd. Processing media-specific event for [sistray.exe!ws!] Event Record #/Type2381 / Success Event Submitted/Written: 05/16/2008 06:59:00 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type9389 / Error Event Submitted/Written: 05/17/2008 01:32:24 PM Event ID/Source: 15 / Cdrom Event Description: The device, \Device\CdRom1, is not ready for access yet. Event Record #/Type8938 / Warning Event Submitted/Written: 05/17/2008 10:34:41 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type8937 / Warning Event Submitted/Written: 05/17/2008 08:33:37 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type8905 / Warning Event Submitted/Written: 05/17/2008 05:13:12 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type8857 / Error Event Submitted/Written: 05/17/2008 04:45:12 AM Event ID/Source: 14322 / WMPNetworkSvc Event Description: Service 'WMPNetworkSvc' did not start correctly because MFStartup encountered error '0xc00d36ef'. If possible, reinstall Windows Media Player. -- End of Deckard's System Scanner: finished at 2008-05-17 13:37:57 ------------ |
|
|
|
|
May 17 2008, 11:14 AM
Post
#6
|
|
|
Trusted Helper Posts: 2,025 From: Tel-Aviv, Israel OS: Windows XP Pro SP2 |
Edited.
This post has been edited by Tal: May 17 2008, 12:09 PM
Attached File(s)
-------------------- Over the upcoming weeks my time might be sparse on some days due to redecoration in my house and finals, so please be patient if I'm helping you. Excellent free tools: Has it been more than 3 days since my last reply? Send me a PM! Please don't PM me asking for support. Ask on the forums instead so everyone could benefit from your experience. My help is always free, but if you feel that I have helped you, please consider donating to help me continue the fight against malware. |
|
|
|
|
May 17 2008, 11:34 AM
Post
#7
|
|
|
Trusted Helper Posts: 2,025 From: Tel-Aviv, Israel OS: Windows XP Pro SP2 |
Hi,
Please ignore the above. I will edit this post with new instructions. -------------------- Over the upcoming weeks my time might be sparse on some days due to redecoration in my house and finals, so please be patient if I'm helping you. Excellent free tools: Has it been more than 3 days since my last reply? Send me a PM! Please don't PM me asking for support. Ask on the forums instead so everyone could benefit from your experience. My help is always free, but if you feel that I have helped you, please consider donating to help me continue the fight against malware. |
|
|
|
|
|