Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

START-UP PROBLEMS; SETTINGS PROBLEMS, AFTER DOING STEP BY STEP TUTORI


  • This topic is locked This topic is locked

#1
Lmommy

Lmommy

    Member

  • Member
  • PipPip
  • 62 posts
START-UP PROBLEMS; SETTINGS PROBLEMS, AFTER DOING STEP BY STEP TUTORIALS


During start-up : I get a windows Installer box saying: Preparing to Install; When I went to un-disable my start up folder I received the notice "Could Not Start Application Management Service on Local Computer"

:whistling: SORRY; about the caps in the title but I thought it could help me find my post better in the forum, [I don't seem to be good at forums] --> sorry!

Thanks in a advance for your help! I thought I could do this with your great tutorials. How stupid am I? :blink: I am just smart enough to get myself from the frying pan into the fire! :help: How stubborn am I -- I guess my pride can't take my brains non- ability. I have had a small stroke, my short-term memory has been affected. I have been working on this for a couple of weeks, with your tuts. I am at the point to say I am not able to do this on my own!! PLEASE someone help ME! I also need advice on an easy to learn & use & be safer Browser -- I want to trash my IE having nothing but problems! Plus, ? Do I have all that I need for Internet Security-- since I took out my full older one -- Do I need a fire wall?
Thanks,
Lmommy

The thing that started it was a slowdown a major drain on working in the background thing -- that would take 100% resources, my mouse would show busy every 3min. or so.
Also IE major hang-ups crashes ect… Most scans were saying nothing was the problem. I uninstalled my older antivirus program & Then I found about 2 doing your step in tuts. Still having problems - of course different ones now ~
Ø During start-up : I get a windows Installer box saying: Preparing to Install
Ø When I went to un-disable my start up folder I received the notice "Could Not Start Application Management Service on Local Computer"

So here's my logs today:

1. AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:43:14 AM 7/7/2007

+ Scan result:

Nothing found.

::Report end


2. SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/07/2007 at 12:54 PM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Complete Scan
Total Scan Time : 01:28:45

Memory items scanned : 259
Memory threats detected : 0
Registry items scanned : 6575
Registry threats detected : 0
File items scanned : 124764
File threats detected : 0

3. Logfile of HijackThis v1.99.1
Scan saved at 1:12:55 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182742621984
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Lmommy and welcome
lets take a little deeper look as to whats going on here

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Don 77
I already had that program in... But, unfortunatly it Errored out...Found out 2 more things that are messed up :-0
1. I have not been able to use WinXP Restore. That's one thing that started me on this.
2. Yesterday I found out I could no longer install anything extra on my computer... Windows Installer... Error
Thanks for tring to help me; I hope this information can help us with what else to do next.
Lmommy
  • 0

#4
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hey is this a log from that program I ran before. Since I had it in already I went looking for the log [I did save all logs] or is this from another program? I hope it will help,
Lmommy
"Owner" - 2007-07-07 0:05:12 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 00:04 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 00:03 <DIR> d-------- C:\Deckard
2007-07-06 14:47 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-04 19:18 <DIR> d-------- C:\WINDOWS\pss
2007-07-04 19:18 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-04 19:11 <DIR> d-------- C:\WINDOWS\AiOTemp
2007-07-04 13:16 <DIR> d-------- C:\VundoFix Backups
2007-06-27 15:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 12:18 1,310 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-25 14:54 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Jasc
2007-06-25 04:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-25 04:36 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-06-25 04:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-25 04:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-25 02:51 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-25 02:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-25 02:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-06-24 23:19 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-24 22:43 <DIR> d-------- C:\Program Files\SpywareGuard
2007-06-24 22:37 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-24 22:37 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-24 22:26 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-24 17:10 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-06-24 07:05 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-20 04:05 <DIR> d-------- C:\Program Files\PSP Thumbnail Handler
2007-06-18 10:12 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Motive
2007-06-18 10:01 <DIR> d-------- C:\WINDOWS\Motive
2007-06-18 10:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-06-18 09:54 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-06-18 09:54 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-06-18 09:54 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-06-18 09:54 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-06-18 09:54 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-06-18 09:53 945,424 --a------ C:\WINDOWS\system32\msjava.dll
2007-06-18 09:53 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-06-18 09:53 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-06-18 09:53 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-06-18 09:53 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-06-18 09:53 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-06-18 09:53 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-06-18 09:53 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-06-18 09:53 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-06-18 09:53 154,896 --a------ C:\WINDOWS\system32\msawt.dll
2007-06-18 09:53 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-06-18 09:53 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-06-18 09:53 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-06-11 03:20 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-06-07 19:39 <DIR> d--h----- C:\WINDOWS\PIF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 20:13:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-04 20:11:03 -------- d-----w C:\Program Files\Yahoo!
2007-07-04 20:08:25 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-07-04 20:08:25 118,784 ----a-w C:\WINDOWS\system32\pdfmona.dll
2007-07-04 18:37:34 -------- d-----w C:\Program Files\Rainlendar
2007-07-01 23:11:37 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\RipIt4Me
2007-06-25 14:09:28 -------- d-----w C:\Program Files\Digital Media Reader
2007-06-22 00:09:38 -------- d-----w C:\Program Files\Common Files\Caere
2007-06-21 15:24:15 -------- d-----w C:\Program Files\TextBridge Pro 98
2007-06-09 12:28:49 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-05-14 06:43:39 -------- d-----w C:\Program Files\SBC Yahoo!
2007-05-12 09:48:46 -------- d-----w C:\Program Files\Microsoft Works
2007-04-28 04:50:09 57,344 ----a-w C:\WINDOWS\system32\COMMTB32.DLL
2007-04-28 04:50:09 169,984 ----a-w C:\WINDOWS\system32\P2D.DLL
2007-04-28 04:50:09 161,552 ----a-w C:\WINDOWS\system32\ASYCPICT.DLL
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2004-08-04 19:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 19:00:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2007-02-17 20:35:18 88 --sh--r C:\WINDOWS\system32\36F87574EC.sys
2007-02-17 20:35:19 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-08-04 19:00:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 19:00:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 19:00:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 19:00:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2004-08-04 19:00:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 19:00:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 19:00:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
2003-08-02 23:24 192512 -ra------ C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 15:33 198136 --a------ C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"Tweak UI"="TWEAKUI.CPL" [2007-02-26 19:48 C:\WINDOWS\system32\TWEAKUI.CPL]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-26 14:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]



**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 00:07:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 0:08:02

--- E O F ---
  • 0

#5
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Did you make any changes with this program Uniblue RegistryBooster ?

Windows Installer... Error

What exactly is the message

also do you have your XP CD ?
  • 0

#6
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Auto It Error
Line0 [C:\Document & Settings Owner\Desktop\Geeks to Go\dss.exe]
Local$res=$objSR.Create RestorePoint($ProgName&'RestorePoint,12,100)
Local$res=$objSR.Create RestorePoint($ProgName&'RestorePoint,12,100)^Error

Error: The requested action with this object has failed

Yes I have a copy of my complete computer setup; What software came bundled with the computer. I had to copy it to 5 cd's. So it is not a stand alone program unfortunatly. But I have Win2000 stand alone.
Sorry,
Lmommy
  • 0

#7
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK just been informed that DSS is updated

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Lets run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

  • 0

#8
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
I ran these before I updated Windows.
Deckard's System Scanner v20070708.52
Run by Owner on 2007-07-08 at 20:17:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2007-07-09 01:17:58 UTC - RP15 - Deckard's System Scanner Restore Point
14: 2007-07-09 01:09:11 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2007-07-07 23:21:01 UTC - RP13 - Restore Operation
12: 2007-07-07 14:01:21 UTC - RP12 - 7607_2
11: 2007-07-07 13:50:06 UTC - RP11 - 7607


-- First Restore Point --
1: 2007-06-27 16:48:55 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:18:02 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [2wSysTray] E:\Apps\2PortalMon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182742621984
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070706-104108-301 O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
backup-20070706-104108-438 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
backup-20070706-104108-453 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
backup-20070706-104108-485 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
backup-20070706-104108-554 O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
backup-20070706-104108-613 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
backup-20070706-104108-619 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20070706-104108-662 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
backup-20070706-104108-673 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
backup-20070706-104108-752 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
backup-20070706-104108-756 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
backup-20070706-104108-848 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
backup-20070706-104108-914 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
backup-20070706-104108-951 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070706-104109-277 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrai...can8/oscan8.cab
backup-20070706-104109-553 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...059/mcfscan.cab
backup-20070706-104109-602 O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
backup-20070706-104109-656 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
backup-20070706-104109-751 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
backup-20070706-104109-774 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
backup-20070706-104109-793 O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
backup-20070706-104109-823 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
backup-20070706-104109-951 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-153
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-151
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
R2 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Files created between 2007-06-08 and 2007-07-08 -----------------------------

2007-07-08 19:58:53 0 d-------- C:\WINDOWS\LastGood
2007-07-08 19:36:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-07-08 19:29:30 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2007-07-08 19:29:29 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-07-08 19:18:00 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-08 18:59:54 0 d-------- C:\WINDOWS\system32\NtmsData
2007-07-08 18:47:29 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Ahead
2007-07-07 00:55:49 5 --ahs---- C:\WINDOWS\system32\eeaaacc6_d.dll
2007-07-07 00:55:40 0 d-------- C:\Program Files\RegSupreme Pro
2007-07-07 00:13:55 23 --ahs---- C:\WINDOWS\system32\ebfcfeeafcb_r.dll
2007-07-07 00:13:50 0 d-------- C:\Program Files\jv16 PowerTools 2007
2007-07-06 14:47:15 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-04 19:18:25 0 d-------- C:\WINDOWS\pss
2007-07-04 19:18:06 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-04 19:11:21 0 d-------- C:\WINDOWS\AiOTemp
2007-07-04 13:16:50 0 d-------- C:\VundoFix Backups
2007-06-27 15:32:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-06-27 12:18:28 1310 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-27 12:07:16 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-06-25 14:54:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Jasc
2007-06-25 04:36:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-06-25 04:36:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-06-25 04:36:35 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-06-25 04:35:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-25 02:52:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-25 02:51:54 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-25 02:51:54 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-25 02:51:54 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-25 02:51:54 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-06-25 02:51:54 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-06-25 02:51:53 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-06-25 02:51:53 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-25 02:51:53 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-25 02:51:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-25 02:51:53 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-06-25 02:51:52 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-24 23:19:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-06-24 23:19:16 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-06-24 23:19:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-24 22:43:08 0 d-------- C:\Program Files\SpywareGuard
2007-06-24 22:37:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-24 22:26:27 0 d-------- C:\Program Files\SpywareBlaster
2007-06-24 17:10:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-06-24 07:05:41 0 d-------- C:\WINDOWS\BDOSCAN8
2007-06-20 04:05:11 0 d-------- C:\Program Files\PSP Thumbnail Handler
2007-06-18 10:12:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2007-06-18 10:01:56 0 d-------- C:\WINDOWS\Motive
2007-06-18 10:01:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-06-18 09:54:17 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:16 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:15 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:15 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-06-18 09:54:14 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-06-18 09:53:54 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-06-18 09:53:54 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-06-18 09:53:53 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:53 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:52 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:50 945424 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:50 154896 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:49 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:48 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:47 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:46 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:45 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:43 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-11 03:20:31 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>


-- Find3M Report ---------------------------------------------------------------

2007-07-08 17:51:43 0 d-------- C:\Program Files\BladePro
2007-07-04 15:13:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-04 15:11:03 0 d-------- C:\Program Files\Yahoo!
2007-07-04 15:08:25 118784 --a------ C:\WINDOWS\system32\pdfmona.dll
2007-07-04 15:08:25 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2007-07-04 14:19:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-07-04 13:37:34 0 d-------- C:\Program Files\Rainlendar
2007-07-01 18:11:37 0 d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-06-25 09:09:28 0 d-------- C:\Program Files\Digital Media Reader
2007-06-22 04:19:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-06-21 19:09:38 0 d-------- C:\Program Files\Common Files\Caere
2007-06-21 10:24:15 0 d-------- C:\Program Files\TextBridge Pro 98
2007-06-09 07:28:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-05-15 16:36:07 24851 --a------ C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
2007-05-14 01:43:39 0 d-------- C:\Program Files\SBC Yahoo!
2007-05-12 04:48:46 0 d-------- C:\Program Files\Microsoft Works
2007-04-27 23:50:09 169984 --a------ C:\WINDOWS\system32\P2D.DLL <Not Verified; Microsoft Corporation; Microsoft® HTML Layout Support Module>
2007-04-27 23:50:09 57344 --a------ C:\WINDOWS\system32\COMMTB32.DLL <Not Verified; Microsoft Corporation; Microsoft Button Editor>
2007-04-27 23:50:09 161552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"2wSysTray"="E:\\Apps\\2PortalMon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue RegistryBooster 2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-08 at 20:18:32 ---------

Deckard's System Scanner v20070708.52
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1014.73 MiB / 612.67 MiB
Pagefile Memory (total/avail): 2442.09 MiB / 2154.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1976.34 MiB

C: is Fixed (NTFS) - 70.94 GiB total, 45.29 GiB free.
D: is Fixed (FAT32) - 3.58 GiB total, 1.66 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EMACHINE1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\EMACHINE1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=EMACHINE1
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\Yahoo!\Common\unybase.exe
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy Pro 2.3.1.6 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Painter IX --> MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD43 v3.7.0 --> "C:\Program Files\dvd43\unins000.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
IsoBuster 1.9 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
jv16 PowerTools 2007 --> "C:\Program Files\jv16 PowerTools 2007\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
OmniPage Pro 9.0 --> C:\Program Files\Caere\OmniPagePro90\Deinstall.exe "C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f'C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu'"
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PSP Thumbnail Handler --> C:\Program Files\PSP Thumbnail Handler\Setup.exe /uninstall
RegSupreme Pro 1.4 --> "C:\Program Files\RegSupreme Pro\unins000.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TextBridge Pro 98 --> "C:\Program files\TextBridge Pro 98\bin\setup.exe" -funinst.ins
The Print Shop® 6.0 --> C:\WINDOWS\UNINST.EXE -f"C:\THEPRI~1\THEPRI~1.0\DeIsL1.isu" -c"C:\THEPRI~1\THEPRI~1.0\psfinst.dll"
Tube Extractor 1.0 --> "C:\Program Files\TubeEx\unins000.exe"


-- End of Deckard's System Scanner: finished at 2007-07-08 at 20:18:32 ---------

After Updating Windows I ran DSS twice & only got the Main.Txt File -- here it is:
Deckard's System Scanner v20070708.52
Run by Owner on 2007-07-08 at 21:50:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:50:24 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [2wSysTray] E:\Apps\2PortalMon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182742621984
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


-- Files created between 2007-06-08 and 2007-07-08 -----------------------------

2007-07-08 21:23:02 0 d-------- C:\Program Files\MSXML 4.0
2007-07-08 19:36:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-07-08 19:29:30 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2007-07-08 19:29:29 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-07-08 19:18:00 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-08 18:59:54 0 d-------- C:\WINDOWS\system32\NtmsData
2007-07-08 18:47:29 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Ahead
2007-07-07 00:55:49 5 --ahs---- C:\WINDOWS\system32\eeaaacc6_d.dll
2007-07-07 00:55:40 0 d-------- C:\Program Files\RegSupreme Pro
2007-07-07 00:13:55 23 --ahs---- C:\WINDOWS\system32\ebfcfeeafcb_r.dll
2007-07-07 00:13:50 0 d-------- C:\Program Files\jv16 PowerTools 2007
2007-07-06 14:47:15 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-04 19:18:25 0 d-------- C:\WINDOWS\pss
2007-07-04 19:18:06 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-04 19:11:21 0 d-------- C:\WINDOWS\AiOTemp
2007-07-04 13:16:50 0 d-------- C:\VundoFix Backups
2007-06-27 15:32:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-06-27 12:18:28 1310 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-27 12:07:16 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-06-25 14:54:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Jasc
2007-06-25 04:36:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-06-25 04:36:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-06-25 04:36:35 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-06-25 04:35:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-25 02:52:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-25 02:51:54 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-06-25 02:51:54 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-25 02:51:54 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-25 02:51:54 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-25 02:51:54 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-06-25 02:51:54 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-25 02:51:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-06-25 02:51:53 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-06-25 02:51:53 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-25 02:51:53 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-25 02:51:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-25 02:51:53 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-06-25 02:51:52 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-24 23:19:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-06-24 23:19:16 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-06-24 23:19:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-24 22:43:08 0 d-------- C:\Program Files\SpywareGuard
2007-06-24 22:37:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-24 22:26:27 0 d-------- C:\Program Files\SpywareBlaster
2007-06-24 17:10:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-06-24 07:05:41 0 d-------- C:\WINDOWS\BDOSCAN8
2007-06-20 04:05:11 0 d-------- C:\Program Files\PSP Thumbnail Handler
2007-06-18 10:12:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2007-06-18 10:01:56 0 d-------- C:\WINDOWS\Motive
2007-06-18 10:01:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-06-18 09:54:17 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:16 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:15 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:54:15 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-06-18 09:54:14 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-06-18 09:53:54 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-06-18 09:53:54 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-06-18 09:53:53 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:53 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:52 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:50 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:50 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:49 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:48 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:47 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:46 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:45 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-18 09:53:43 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-06-11 03:20:31 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>


-- Find3M Report ---------------------------------------------------------------

2007-07-08 21:13:48 0 d-------- C:\Program Files\Messenger
2007-07-08 17:51:43 0 d-------- C:\Program Files\BladePro
2007-07-04 15:13:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-04 15:11:03 0 d-------- C:\Program Files\Yahoo!
2007-07-04 15:08:25 118784 --a------ C:\WINDOWS\system32\pdfmona.dll
2007-07-04 15:08:25 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2007-07-04 14:19:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-07-04 13:37:34 0 d-------- C:\Program Files\Rainlendar
2007-07-01 18:11:37 0 d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-06-25 09:09:28 0 d-------- C:\Program Files\Digital Media Reader
2007-06-22 04:19:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-06-21 19:09:38 0 d-------- C:\Program Files\Common Files\Caere
2007-06-21 10:24:15 0 d-------- C:\Program Files\TextBridge Pro 98
2007-06-09 07:28:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-05-15 16:36:07 24851 --a------ C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
2007-05-14 01:43:39 0 d-------- C:\Program Files\SBC Yahoo!
2007-05-12 04:48:46 0 d-------- C:\Program Files\Microsoft Works
2007-04-27 23:50:09 169984 --a------ C:\WINDOWS\system32\P2D.DLL <Not Verified; Microsoft Corporation; Microsoft® HTML Layout Support Module>
2007-04-27 23:50:09 57344 --a------ C:\WINDOWS\system32\COMMTB32.DLL <Not Verified; Microsoft Corporation; Microsoft Button Editor>
2007-04-27 23:50:09 161552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"2wSysTray"="E:\\Apps\\2PortalMon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue RegistryBooster 2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-08 at 21:50:53 ---------

My computer is now running super slow. Windows Updates said it would take 7 min. it took 40 min.
Thanks for your help,
Lmommy
  • 0

#9
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Have you made any changes with the various registry programs you have ? I would perfer you got rid of them they are dangerous by nature

You need to set your Anti Virus program running


Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\ebfcfeeafcb_r.dll
    C:\WINDOWS\system32\eeaaacc6_d.dll



  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Next

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


Post back what Active finds please
  • 0

#10
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Don77,
Back at it again :whistling: well maybe we can say this times a charm :blink:
I did all you instructed & here are the new reports -- THANKS Again for your help - I really appreciate it. will be waiting for your next instructions.
Lmommy

OTMoveIt.txt

LoadLibrary failed for C:\WINDOWS\system32\ebfcfeeafcb_r.dll
C:\WINDOWS\system32\ebfcfeeafcb_r.dll NOT unregistered.
C:\WINDOWS\system32\ebfcfeeafcb_r.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\eeaaacc6_d.dll
C:\WINDOWS\system32\eeaaacc6_d.dll NOT unregistered.
C:\WINDOWS\system32\eeaaacc6_d.dll moved successfully.

Created on 07/09/2007 19:15:57



Panda ActiveScan

Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\Owner\Favorites\Health
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Geeks to Go\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Geeks to Go\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Geeks to Go\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\GEEKS TO GO ~AntiVirus Programs\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Owner\Desktop\GEEKS TO GO ~AntiVirus Programs\SmitfraudFix\restart.exe
  • 0

Advertisements


#11
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
the only thing Active is finding is smitfraud and SDfix

Did you use any of the registry programs you have on the computer and did you make any changes with them ?
  • 0

#12
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
1st the reg booster 2 I don't know where it came from & can't find any hard file on it .. except when we have scanned the registry.

2nd yesterday when I 1st thought I enabled my disabled startups -- I found out it didn't enable them & that was why My Microsoft office wasn't working.
+ why I couldn't install anything. So now I need to know what is safe to disable again.

When I started your tuts... over a week ago I did clean out quite a few viruses & trojans; here is 2 I had pasted into a document:
1. Application.Adware.NewDotNet.B.Dropper
2. Trojan.NSAnti.A
At the beginning I had a older Internet Security That had just expired. I uninstalled it because I knew something was wrong. When I started to run your scan I imediatatly put in AVG anti-virus. It has been in all this time It says its fine. Does my scans say it is not installed??
So what's next?
Lmommy
  • 0

#13
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK we are making some head way now


First
Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:


RegSupreme Pro 1.4
jv16 PowerTools 2007
Java 2 Runtime Environment, SE v1.4.2



Next
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S




Next Reboot into SAFE MODE
Search for and delete the Folders highlighted in Blue Files highlighted in BOLD

C:\Program Files\Uniblue\RegistryBooster2
C:\Program Files\jv16 PowerTools 2007


Restart your computer,

Next
You need a anti virus program as well
AVG - Download - Homepage
If you don't have any antivirus software on your system, or if your subscription to definition updates has lapsed, we recommend AVG's very good free version of antivirus. This comprehensive package includes real-time protection, scheduled scans, automatic definition updates, and email scanning. More free antivirus tools here. DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more. Uninstall any existing antivirus programs if you're going to install AVG.


Next
Please click here and install the most recent version of Java
Reboot your computer and post back a fresh HJT log for me please
  • 0

#14
Lmommy

Lmommy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Don77,
Once again THANKS so very much for your help! I noticed you were on Eastern time. You were up helping me before you even went to work --- WOW! Thanks!!!! Well after 2-3weeks working on this I should have given up sooner. YEAH! Well I knew I was less sharp than I used to be after my stroke; but, this tops it all - you were kind not to call me stupid! ...............

:help: AVG Anti-Spyware is not an ANTI-VIRUS. ROTFL :) I can't believe I missed seeing it or downloaded the wrong thing. So, now I am downloading & scanning with the right thing. LOL :( My Hubby is going to crack up. He only runs a computer at work. My college kids, I will not tell. They still come home with their computers for me to fix. I'll just get in touch with smarter people than me to help, then maybe I can still stay smarter in their eyes hopefully I can keep them fooled. LOL :)

Well, give me History & I can still tell you bookloads. Teaching it for years helped some. LOL I am dreaming of retirement... 44 - 45yo in 15days. Sigh! :) I want to travel up & down the east coast, to all those great History spots! I was an exchange student in College in Florence, Italy. So I got to see alot of Europe. Now I just want to see the good old[young really] USA!

I was thinking[can be dangerous] :whistling: while waiting for my scans.. a couple of things that seem suspicious to me are:
1. My Anti-Virus update subscription expired. I started to get warnings to resubscribe, every time I turned on my computer. It was a real good one- but I was going to buy a new cd instead of just updating again online. With the way I am I need hard copies. :)
so, I though it would be good for 3weeks after it was not updating anymore still left in & on protect. Then I started to lock up, crash etc.. When I scanned with it it said my computer was clean. ???Could they have removed or disabled something other than, just not doing the new updates??? :blink:

2. When I crashed online something happened to my password for my ISP account. I had to call & get it reset [a real PAIN] I asked if the ISP was having trouble; he said he would check the connection [I didn't realize until it was too late :( he went in remotely into my computer & changed things.] Then all my problems doubled.

3. I started your step by step turtorials; I uninstalled my old anti-virus program & thought I installed AVG anti-virus.ROTFL
But I also was scanning with the online scans you told me to. Then trojan's & virus's started to show up that had been there when my anti-virus was in + more. I cleaned; as your tuts told me. Then still had problems I couldn't solve...So I came to ask help from the experts! :help:

HERE ARE MY LOGS FOR TODAY:

Ø Add & Remove Programs [things aren't in there like they are supposed to be + some of my program uninstalls are gone; things I have uninstalled - but they didn't are scattered around my PC] So, I uninstalled what was there that you told me to.

Ø Ran HJT- took out Uniblue\Registry Booster 2

Ø Safemode -did not have the file anywhere. Went to File Manager & looked into every file & folder. Found some pieces, not the exe file though they were under: Owner\Application Data\Uniblue Registry Booster 2
Ø Jv power tools 2007 was nowhere to be found.

I don't think my Win Search is working. I was set to Auto Updates for Win XP & MS Office; MS Office downloaded a Desktop Search; my computer bogged down so much --- I removed it. Now the original Search doesn't find anything. OH, now I reconfigured MS Updates to ask me before installing.


Ø AVG Anti-Virus 43min later-- No Threats Found. [I 1st checked for updates; Then full computer scan] Now do I have to uninstall the AVG Anti-Spyware[It has worked well it has Detected Malware so far 89; 42 in quarantine] or can they both say in at the same time?

Ø Installed new Java
Install Opera Browser about a week ago [still trying to set it up -- new things are confusing to me-- it takes me awhile] Is Firefox any easier & more safe surfing like Opera?

Thanks again!!
Lmommy
  • 0

#15
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Its my pleasure Lmommy :help:

Install Opera Browser about a week ago

Opera is a fine browser FF is just as good but choose the one you find easier to deal with you will still need to keep IE around for updates

AVG Anti-Virus 43min later-- No Threats Found.

:whistling:


I don't think my Win Search is working

Do you mean when you go to Start, then click on Search ?

2. When I crashed online something happened to my password for my ISP account. I had to call & get it reset [a real PAIN] I asked if the ISP was having trouble; he said he would check the connection [I didn't realize until it was too late he went in remotely into my computer & changed things.] Then all my problems doubled.


Ecerything seem to be in working order now with the exception of the things listed above ?


this tops it all - you were kind not to call me stupid! ...............


You have a good head on your shoulders you did very well some folks can't find the start button now that makes it challenging we're all at different levels somethings we do good some better and some well lets just say we hope no one is looking :blink:


Don
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP