Computer's acting very fishy, HJT not working. [RESOLVED] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Computer's acting very fishy, HJT not working. [RESOLVED] Screenshot included inside.

#1 Matt L

  • Group: Member
  • Posts: 275
  • Joined: 13-July 06

Posted 27 August 2007 - 10:16 AM

I've had my computer for about a month now, and I haven't had a major malware/virus problem with it yet.

Yesterday I tried downloading Trillian Pro (warez, I know we were supposed to stay away :whistling:, I just wish I don't have to learn the hard way) I also installed a skin I used with Trillian Basic called Vista Black. I noticed that every time Trillian Pro was running, my Vista's colors were changing from Vista Aero Black to Vista Basic.

My HJT isn't working. I ran Windows Defender, and they said every thing is running normally.

Glitch #1:
Posted Image

Glitch #2:
Posted Image

My programs are:
Avast Antivirus
SpywareBlaster
COMODOBoClean
AVG AntiSpyware
Windows Defender

#2 MoNsTeReNeRgY22

  • Group: Member
  • Posts: 2,521
  • Joined: 28-January 07

Posted 09 September 2007 - 12:57 AM

Hello and sorry for the delay.

Download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

#3 Matt L

  • Group: Member
  • Posts: 275
  • Joined: 13-July 06

Posted 10 September 2007 - 08:54 PM

The word "delay" is usually not said in the same sentence as Geeks to Go, but I understand that you guys are working as hard as you can. Even as just a GeekU Freshman, I'm still struggling getting the basics of HiJackThis, and I've been trying to understand for about a year now...

Anyways, thanks for the reply. Here is the main.txt:
Deckard's System Scanner v20070905.67
Run by Macky on 2007-09-10 22:47:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
22: 2007-09-10 23:28:26 UTC - RP134 - Scheduled Checkpoint
21: 2007-09-08 23:37:08 UTC - RP133 - AntiVir PersonalEdition Classic - 9/8/2007 19:37
20: 2007-09-08 22:45:00 UTC - RP131 - Removed Soldier Front
19: 2007-09-08 15:37:42 UTC - RP129 - Installed Windows Media Player Firefox Plugin
18: 2007-09-08 03:01:02 UTC - RP128 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-08-25 21:06:42 UTC - RP110 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Macky.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:19 PM, on 9/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trillian\trillian.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Users\Macky\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Macky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\3.bin\A9SRCHAS.DLL (file missing)
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\3.bin\A9SRCHAS.DLL (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8149 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 sp_rsdrv2 (Spyware Terminator Driver 2) - \??\c:\windows\system32\drivers\sp_rsdrv2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-08-10 and 2007-09-10 -----------------------------

2007-09-10 22:48:48 0 d-------- C:\Program Files\Trend Micro
2007-09-08 19:37:40 0 d-------- C:\Users\All Users\Avira
2007-09-08 19:37:40 0 d-------- C:\Program Files\Avira
2007-09-08 19:34:53 138624 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2007-09-08 19:30:25 0 d-------- C:\Users\All Users\Spyware Terminator
2007-09-08 19:30:22 0 d-------- C:\Program Files\Spyware Terminator
2007-09-08 09:30:19 0 d-------- C:\Program Files\LimeWire
2007-08-26 13:57:01 0 d-------- C:\Program Files\Trillian
2007-08-26 13:42:08 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-26 13:31:48 86016 --a------ C:\Windows\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-08-26 13:27:19 0 d-------- C:\Users\All Users\QuickTime
2007-08-26 12:27:29 0 d-------- C:\Program Files\Last.fm
2007-08-26 12:20:10 0 d-------- C:\Users\All Users\FLEXnet
2007-08-26 12:04:22 0 d-------- C:\Program Files\Bonjour
2007-08-26 11:52:55 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-22 21:59:25 235008 --a------ C:\Windows\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
2007-08-22 21:59:24 208896 --a------ C:\Windows\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2007-08-22 00:05:19 4682 --a------ C:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-08-21 16:45:01 394240 --a------ C:\Windows\system32\Smab.dll
2007-08-21 16:45:01 719872 --a------ C:\Windows\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-08-21 16:45:00 70656 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-08-21 16:45:00 70656 --a------ C:\Windows\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-08-21 16:45:00 27648 --a------ C:\Windows\system32\AVSredirect.dll
2007-08-21 16:45:00 318976 --a------ C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-08-21 16:45:00 66560 --a------ C:\Windows\MOTA113.exe
2007-08-21 16:44:59 217073 --a------ C:\Windows\meta4.exe
2007-08-21 16:44:59 0 d-------- C:\Program Files\AviSynth 2.5
2007-08-21 16:08:06 0 d-------- C:\Program Files\Winamp
2007-08-21 15:31:00 0 d-------- C:\Program Files\uTorrent
2007-08-13 08:09:08 0 d-------- C:\Program Files\VideoLAN
2007-08-12 18:40:38 0 d-------- C:\Downloads


-- Find3M Report ---------------------------------------------------------------

2007-09-10 16:51:25 0 d-------- C:\Users\Macky\AppData\Roaming\LimeWire
2007-09-10 14:38:01 0 d-------- C:\Program Files\SpywareBlaster
2007-09-08 23:03:49 0 d-------- C:\Program Files\Yahoo!
2007-09-08 19:30:25 0 d-------- C:\Users\Macky\AppData\Roaming\Application Data
2007-09-08 18:45:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-08 18:44:29 0 d--h----- C:\Users\Macky\AppData\Roaming\ijjigame
2007-09-03 11:55:24 0 d-------- C:\Users\Macky\AppData\Roaming\uTorrent
2007-08-31 19:53:48 174 --ahs---- C:\Program Files\desktop.ini
2007-08-31 19:51:22 0 d-------- C:\Program Files\Windows Calendar
2007-08-31 18:29:24 0 d-------- C:\Users\Macky\AppData\Roaming\Yahoo!
2007-08-31 17:25:06 0 d-------- C:\Users\Macky\AppData\Roaming\Opera
2007-08-29 16:06:25 0 d-------- C:\Users\Macky\AppData\Roaming\Adobe
2007-08-26 12:08:52 0 d-------- C:\Program Files\Common Files
2007-08-26 12:04:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-21 16:09:42 0 d-------- C:\Users\Macky\AppData\Roaming\Winamp
2007-08-15 08:39:29 0 d-------- C:\Program Files\Windows Mail
2007-08-13 08:10:00 0 d-------- C:\Users\Macky\AppData\Roaming\vlc
2007-08-13 07:21:53 0 d-------- C:\Users\Macky\AppData\Roaming\Real
2007-08-11 18:08:22 0 d-------- C:\Users\Macky\AppData\Roaming\COWON
2007-08-09 23:11:36 0 d-------- C:\Users\Macky\AppData\Roaming\Aim
2007-08-09 20:17:51 0 d-------- C:\Program Files\Windows Defender
2007-08-09 07:01:38 0 d-------- C:\Users\Macky\AppData\Roaming\WinBatch
2007-08-02 17:31:03 0 d-------- C:\Program Files\MSXML 4.0
2007-08-02 13:13:14 0 d-------- C:\Program Files\Java
2007-08-02 13:11:45 0 d-------- C:\Program Files\Common Files\Java
2007-08-02 12:55:42 0 d-------- C:\Program Files\Viewpoint
2007-08-02 12:41:47 0 d-------- C:\Users\Macky\AppData\Roaming\SUPERAntiSpyware.com
2007-08-02 12:37:21 0 d-------- C:\Users\Macky\AppData\Roaming\Talkback
2007-08-02 12:36:42 0 --a------ C:\Windows\nsreg.dat
2007-08-02 12:36:39 0 d-------- C:\Users\Macky\AppData\Roaming\Mozilla
2007-08-02 12:27:44 0 d-------- C:\Users\Macky\AppData\Roaming\Grisoft
2007-08-02 11:48:47 0 d-------- C:\Program Files\NETGEAR
2007-08-01 23:30:22 0 d-------- C:\Program Files\JetAudio
2007-08-01 23:30:11 0 d-------- C:\Program Files\Common Files\COWON
2007-08-01 23:28:48 0 d-------- C:\Program Files\COWON
2007-08-01 19:18:36 0 d-------- C:\Users\Macky\AppData\Roaming\DeepBurner
2007-08-01 18:58:07 0 d-------- C:\Program Files\Astonsoft
2007-07-31 22:00:18 0 d-------- C:\Users\Macky\AppData\Roaming\Hewlett-Packard
2007-07-31 21:59:50 0 d-------- C:\Users\Macky\AppData\Roaming\Snapfish
2007-07-31 21:59:23 0 d-------- C:\Users\Macky\AppData\Roaming\Identities
2007-07-31 21:56:12 0 d-------- C:\Users\Macky\AppData\Roaming\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/09/2007 08:12 PM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [09/28/2006 09:42 AM]
"KBD"="C:\HP\KBD\KbdStub.EXE" [12/08/2006 12:16 PM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 06:59 AM]
"RtHDVCpl"="RtHDVCpl.exe" [03/01/2007 11:38 AM C:\Windows\RtHDVCpl.exe]
"@"="" []
"SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [03/02/2007 05:55 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 02:11 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [04/12/2007 05:07 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [04/12/2007 05:07 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [04/12/2007 05:07 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [09/08/2007 07:33 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08/31/2007 12:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/12/2007 08:44 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [8/26/2007 12:27:30 PM]
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [4/10/2007 7:09:06 PM]
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [3/2/2007 5:55:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-09-10 22:52:17 ------------

And here is the extra.txt:
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

MicrosoftŪ Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 3005.88 MiB / 1742.48 MiB
Pagefile Memory (total/avail): 6200.58 MiB / 4914.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.59 MiB

C: is Fixed (NTFS) - 363.82 GiB total, 287.26 GiB free.
D: is Fixed (NTFS) - 8.79 GiB total, 1.01 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDT725040VLA SCSI Disk Device - 372.61 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 363.82 GiB - C:
\PARTITION1 - Installable File System - 8.79 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition v 6.39.1.112
(Avira GmbH) Disabled
AS: Avira AntiVir PersonalEdition v 6.39.1.112
(Avira GmbH) Disabled
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Macky\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MACKY_OFFICE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Macky
LOCALAPPDATA=C:\Users\Macky\AppData\Local
LOGONSERVER=\\MACKY_OFFICE-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Macky\AppData\Local\Temp
TMP=C:\Users\Macky\AppData\Local\Temp
USERDOMAIN=Macky_Office-PC
USERNAME=Macky
USERPROFILE=C:\Users\Macky
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Macky


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ĩTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator --> C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor --> MsiExec.exe /X{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
jetAudio Basic VX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
JetShell PRO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1826E565-D493-4B93-9031-D3667B340E80}\setup.exe" -l0x9
Last.fm 1.3.1.1 --> "C:\Program Files\Last.fm\unins000.exe"
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly
NETGEAR WG311T Wireless Adapter --> C:\Program Files\InstallShield Installation Information\{FC321AD2-48B4-4013-B997-A65D5FBBD006}\setup.exe -runfromtemp -l0x0409
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Snapfish Media Detector --> MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.inf
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type10336 / Success
Event Submitted/Written: 09/10/2007 02:35:03 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type10335 / Success
Event Submitted/Written: 09/10/2007 02:35:02 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type10331 / Success
Event Submitted/Written: 09/10/2007 02:35:00 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type10322 / Success
Event Submitted/Written: 09/09/2007 09:45:49 PM
Event ID/Source: 903 / Software Licensing Service
Event Description:
The Software Licensing service has stopped.

Event Record #/Type10319 / Warning
Event Submitted/Written: 09/09/2007 09:45:46 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4289018518-1214837088-3607494973-1000_Classes:
Process 916 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4289018518-1214837088-3607494973-1000_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19276 / Warning
Event Submitted/Written: 09/10/2007 10:49:49 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Macky_Office-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Macky_Office-PC27 can't undo changes that you allow.

For more information please see the following:
%Macky_Office-PC275

Scan ID: {78CDA7DF-5887-4C83-BF99-805027336E94}

User: Macky_Office-PC\Macky

Name: %Macky_Office-PC271

ID: %Macky_Office-PC272

Severity ID: %Macky_Office-PC273

Category ID: %Macky_Office-PC274

Path Found: %Macky_Office-PC276

Alert Type: %Macky_Office-PC278

Detection Type: 1.1.1505.02

Event Record #/Type19275 / Warning
Event Submitted/Written: 09/10/2007 10:49:49 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Macky_Office-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Macky_Office-PC27 can't undo changes that you allow.

For more information please see the following:
%Macky_Office-PC275

Scan ID: {2AB84FC5-4DC1-4735-82EA-6AE9B776808C}

User: Macky_Office-PC\Macky

Name: %Macky_Office-PC271

ID: %Macky_Office-PC272

Severity ID: %Macky_Office-PC273

Category ID: %Macky_Office-PC274

Path Found: %Macky_Office-PC276

Alert Type: %Macky_Office-PC278

Detection Type: 1.1.1505.02

Event Record #/Type19274 / Warning
Event Submitted/Written: 09/10/2007 10:49:49 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Macky_Office-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Macky_Office-PC27 can't undo changes that you allow.

For more information please see the following:
%Macky_Office-PC275

Scan ID: {8133DF11-5AFA-493C-9614-0E2E06EDF618}

User: Macky_Office-PC\Macky

Name: %Macky_Office-PC271

ID: %Macky_Office-PC272

Severity ID: %Macky_Office-PC273

Category ID: %Macky_Office-PC274

Path Found: %Macky_Office-PC276

Alert Type: %Macky_Office-PC278

Detection Type: 1.1.1505.02

Event Record #/Type19273 / Warning
Event Submitted/Written: 09/10/2007 10:49:46 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Macky_Office-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Macky_Office-PC27 can't undo changes that you allow.

For more information please see the following:
%Macky_Office-PC275

Scan ID: {5B5B2560-A592-41A0-96E1-AF1CDCDF76F9}

User: Macky_Office-PC\Macky

Name: %Macky_Office-PC271

ID: %Macky_Office-PC272

Severity ID: %Macky_Office-PC273

Category ID: %Macky_Office-PC274

Path Found: %Macky_Office-PC276

Alert Type: %Macky_Office-PC278

Detection Type: 1.1.1505.02

Event Record #/Type19272 / Warning
Event Submitted/Written: 09/10/2007 10:49:46 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Macky_Office-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Macky_Office-PC27 can't undo changes that you allow.

For more information please see the following:
%Macky_Office-PC275

Scan ID: {ABA1300F-5501-416D-9679-DE091BF598D6}

User: Macky_Office-PC\Macky

Name: %Macky_Office-PC271

ID: %Macky_Office-PC272

Severity ID: %Macky_Office-PC273

Category ID: %Macky_Office-PC274

Path Found: %Macky_Office-PC276

Alert Type: %Macky_Office-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2007-09-10 22:52:17 ------------

#4 Matt L

  • Group: Member
  • Posts: 275
  • Joined: 13-July 06

Posted 11 September 2007 - 05:43 PM

Posted Image
I also got that error after about 2 days having Spyware Terminator now. Is ST a virus? I read a topic here that it was good.

Thanks.

EDIT: Basically, it kept popping up, so I did a quick system scan, deleted/moved to quarantine, and now I'm rebooting.

#5 MoNsTeReNeRgY22

  • Group: Member
  • Posts: 2,521
  • Joined: 28-January 07

Posted 11 September 2007 - 06:34 PM

Hey MLibid,

My apologies for not responding earlier, I myself have been quite busy as well with school and football. But I am here now.

Also don't worry about not understanding HJT and malware at first, it can be very complex and takes a long time to master. Just take your time and you will do just fine.

SpywareTerminator has also had some debate on whether it is good or not. I recommend looking at the following link and reading a little bit on it.
http://spywarewarrio...nti-spyware.htm

So since you are a freshmen, I have decided to walk you through on what I am doing and why. I believe this will be a good learning experience. It will be in bold blue.

Since you said your HJT wasn't working properly, I decided to get a deeper look into your PC by getting a DSS scan. This will rename HJT for you, and will show you loads of other information such as recently created files, 3M files, uninstall list, etc.

Now looking at your "Files created between 2007-08-10 and 2007-09-10" I noticed two bad files so we will delete them later.

I also noted that you have 2 P2P programs installed. You of all people should know our policy here on P2P programs. So I will give you my standard P2P speech as well.

As for the Panda Scan, to see if anything else is hiding.

Step 1
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\meta4.exe
    C:\Windows\system32\Smab.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Step 2
I see you have LimeWire 4.14.8 and ĩTorrent installed on your system.
While the programs itself are legal, most of the files downloaded with it are not.
Also, quite often the files can be infected with viruses, malware, and other undesirable applications.
I highly recommend uninstalling LimeWire 4.14.8 and ĩTorrent via Add or Remove Programs, but these programs are optional for you if you choose to want to keep them.
See HERE for details on P2P file sharing programs.

Step 3
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

#6 Matt L

  • Group: Member
  • Posts: 275
  • Joined: 13-July 06

Posted 11 September 2007 - 07:17 PM

Thanks for replying. Before I post anything else, I already know the risks and the consequences that I will take when using Limewire. I barely use it, but I use it just for some purposes once in a while only, and that's all I have to say about that. Thanks for the friendly warning though.

And I accidentally did the OT Move it twice, so I had two logs.

Here's the first log:
File move failed. C:\Windows\meta4.exe scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\Smab.dll
C:\Windows\system32\Smab.dll NOT unregistered.
File move failed. C:\Windows\system32\Smab.dll scheduled to be moved on reboot.

Created on 09/11/2007 21:07:32

And here's the second log:
File/Folder not found.
File move failed. C:\Windows\meta4.exe scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\Smab.dll
C:\Windows\system32\Smab.dll NOT unregistered.
File move failed. C:\Windows\system32\Smab.dll scheduled to be moved on reboot.

Created on 09/11/2007 21:08:23

Also, I'm thinking of just uninstalling Spyware Terminator. AntiVir keeps popping up with those rootkit viruses linking it to Spyware Terminator. I don't believe you shed a lot of light on that in your previous post, can you please post a suggestion on what I should do with the antivirus warnings of Spyware Terminator?

Also, PandaScan doesn't work for me. I already tried in Internet Explorer, but I don't believe it works for Windows Vista. I checked the requirements and Vista wasn't on the compatible list.

Thanks again, and good luck. :whistling:

#7 MoNsTeReNeRgY22

  • Group: Member
  • Posts: 2,521
  • Joined: 28-January 07

Posted 11 September 2007 - 08:12 PM

Hello,

Well if AnitVir keeps giving you warning then it is up to you whether you wish to uninstall it. I would recommend though uninstalling it, and using SpywareGuard as your real time Anti Spyware guard.

TrendMicro HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.

#8 Matt L

  • Group: Member
  • Posts: 275
  • Joined: 13-July 06

Posted 12 September 2007 - 04:31 AM

Thanks for the reply. I read somewhere that Spyware Guard's updates never worked though, and that its updates are outdated. Then I read in Geeks to Go somewhere, I think by admin, that it's fine. I didn't know what to do, so I just went with Spyware Terminator. Now, I have Spyware Guard installed instead... thanks.

Trend Micro found a grayware called ADWARE_180SOLUTIONS, but it couldn't remove it. That was the only infection it had detected.

I also have a question about one of my programs. I have a program in my program list called 'Viewpoint Media Player'. I don't believe I ever installed anything like that, and it's 720 kilobytes. It says the last time I used it was August 2nd -- around the time I first got internet connection on my computer. Should I uninstall it? The program doesn't have a logo or picture on Program Files, it looks like one of those corrupt/empty kind of things. Anyways, just wanted to know what you thought about that.

Also, last time I checked, online scans left things on your computer. It wouldn't hurt to delete it, right? Or maybe I should keep it for future scans?

#9 MoNsTeReNeRgY22

  • Group: Member
  • Posts: 2,521
  • Joined: 28-January 07

Posted 12 September 2007 - 07:52 PM

Lets make sure that all traces of 180Solutions is gone by doing the following.

Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:
Posted Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.gee...ediaGateway.BFU

Make sure all IE windows are closed.

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.gee...structions.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Viewpoint - Viewpoint Manager is considered as foistware(Foistware is software bundled with programs that you may have installed yourself, but did not ask for the extra software) instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This could change for the worse. I would recommend removing this.
Read this article for more info.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yes, online scans do leave it self on the PC. Those are normally the 016's you see in HJT. If you leave them, next time you run a online scan it will load a lot quicker since it will not need to download all of the components. It is up to you though, so just let me know.

Please also post a fresh HJT log in your next reply.

#10 Matt L

  • Group: Member
  • Posts: 275
  • Joined: 13-July 06

Posted 12 September 2007 - 08:44 PM

Done.

Here's the Hijackthis log, I had to run via DSS again:

Quote

Deckard's System Scanner v20070905.67
Run by Macky on 2007-09-12 22:42:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Macky.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:41 PM, on 9/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trillian\trillian.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Macky\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Macky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\3.bin\A9SRCHAS.DLL (file missing)
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\3.bin\A9SRCHAS.DLL (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8318 bytes

-- Files created between 2007-08-12 and 2007-09-12 -----------------------------

2007-09-12 21:33:18 0 d-------- C:\Program Files\SpywareGuard
2007-09-11 22:27:42 0 d-------- C:\Users\Macky\.housecall6.6
2007-09-11 22:23:35 0 d-------- C:\Users\All Users\Spyware Terminator
2007-09-10 22:48:48 0 d-------- C:\Program Files\Trend Micro
2007-09-08 19:37:40 0 d-------- C:\Users\All Users\Avira
2007-09-08 19:37:40 0 d-------- C:\Program Files\Avira
2007-09-08 09:30:19 0 d-------- C:\Program Files\LimeWire
2007-08-26 13:57:01 0 d-------- C:\Program Files\Trillian
2007-08-26 13:42:08 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-26 13:31:48 86016 --a------ C:\Windows\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-08-26 13:27:19 0 d-------- C:\Users\All Users\QuickTime
2007-08-26 12:27:29 0 d-------- C:\Program Files\Last.fm
2007-08-26 12:20:10 0 d-------- C:\Users\All Users\FLEXnet
2007-08-26 12:04:22 0 d-------- C:\Program Files\Bonjour
2007-08-26 11:52:55 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-22 21:59:25 235008 --a------ C:\Windows\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
2007-08-22 21:59:24 208896 --a------ C:\Windows\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2007-08-22 00:05:19 4682 --a------ C:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-08-21 16:45:01 394240 --a------ C:\Windows\system32\Smab.dll
2007-08-21 16:45:01 719872 --a------ C:\Windows\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-08-21 16:45:00 70656 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-08-21 16:45:00 70656 --a------ C:\Windows\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-08-21 16:45:00 27648 --a------ C:\Windows\system32\AVSredirect.dll
2007-08-21 16:45:00 318976 --a------ C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-08-21 16:45:00 66560 --a------ C:\Windows\MOTA113.exe
2007-08-21 16:44:59 217073 --a------ C:\Windows\meta4.exe
2007-08-21 16:44:59 0 d-------- C:\Program Files\AviSynth 2.5
2007-08-21 16:08:06 0 d-------- C:\Program Files\Winamp
2007-08-21 15:31:00 0 d-------- C:\Program Files\uTorrent
2007-08-13 08:09:08 0 d-------- C:\Program Files\VideoLAN
2007-08-12 18:40:38 0 d-------- C:\Downloads


-- Find3M Report ---------------------------------------------------------------

2007-09-12 14:39:20 0 d-------- C:\Program Files\SpywareBlaster
2007-09-11 22:23:35 0 d-------- C:\Users\Macky\AppData\Roaming\Application Data
2007-09-11 15:20:16 0 d-------- C:\Program Files\Windows Mail
2007-09-10 16:51:25 0 d-------- C:\Users\Macky\AppData\Roaming\LimeWire
2007-09-08 23:03:49 0 d-------- C:\Program Files\Yahoo!
2007-09-08 18:45:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-08 18:44:29 0 d--h----- C:\Users\Macky\AppData\Roaming\ijjigame
2007-09-03 11:55:24 0 d-------- C:\Users\Macky\AppData\Roaming\uTorrent
2007-08-31 19:53:48 174 --ahs---- C:\Program Files\desktop.ini
2007-08-31 19:51:22 0 d-------- C:\Program Files\Windows Calendar
2007-08-31 18:29:24 0 d-------- C:\Users\Macky\AppData\Roaming\Yahoo!
2007-08-31 17:25:06 0 d-------- C:\Users\Macky\AppData\Roaming\Opera
2007-08-29 16:06:25 0 d-------- C:\Users\Macky\AppData\Roaming\Adobe
2007-08-26 12:08:52 0 d-------- C:\Program Files\Common Files
2007-08-26 12:04:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-21 16:09:42 0 d-------- C:\Users\Macky\AppData\Roaming\Winamp
2007-08-13 08:10:00 0 d-------- C:\Users\Macky\AppData\Roaming\vlc
2007-08-13 07:21:53 0 d-------- C:\Users\Macky\AppData\Roaming\Real
2007-08-11 18:08:22 0 d-------- C:\Users\Macky\AppData\Roaming\COWON
2007-08-09 23:11:36 0 d-------- C:\Users\Macky\AppData\Roaming\Aim
2007-08-09 20:17:51 0 d-------- C:\Program Files\Windows Defender
2007-08-09 07:01:38 0 d-------- C:\Users\Macky\AppData\Roaming\WinBatch
2007-08-02 17:31:03 0 d-------- C:\Program Files\MSXML 4.0
2007-08-02 13:13:14 0 d-------- C:\Program Files\Java
2007-08-02 13:11:45 0 d-------- C:\Program Files\Common Files\Java
2007-08-02 12:55:42 0 d-------- C:\Program Files\Viewpoint
2007-08-02 12:41:47 0 d-------- C:\Users\Macky\AppData\Roaming\SUPERAntiSpyware.com
2007-08-02 12:37:21 0 d-------- C:\Users\Macky\AppData\Roaming\Talkback
2007-08-02 12:36:42 0 --a------ C:\Windows\nsreg.dat
2007-08-02 12:36:39 0 d-------- C:\Users\Macky\AppData\Roaming\Mozilla
2007-08-02 12:27:44 0 d-------- C:\Users\Macky\AppData\Roaming\Grisoft
2007-08-02 11:48:47 0 d-------- C:\Program Files\NETGEAR
2007-08-01 23:30:22 0 d-------- C:\Program Files\JetAudio
2007-08-01 23:30:11 0 d-------- C:\Program Files\Common Files\COWON
2007-08-01 23:28:48 0 d-------- C:\Program Files\COWON
2007-08-01 19:18:36 0 d-------- C:\Users\Macky\AppData\Roaming\DeepBurner
2007-08-01 18:58:07 0 d-------- C:\Program Files\Astonsoft
2007-07-31 22:00:18 0 d-------- C:\Users\Macky\AppData\Roaming\Hewlett-Packard
2007-07-31 21:59:50 0 d-------- C:\Users\Macky\AppData\Roaming\Snapfish
2007-07-31 21:59:23 0 d-------- C:\Users\Macky\AppData\Roaming\Identities
2007-07-31 21:56:12 0 d-------- C:\Users\Macky\AppData\Roaming\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/09/2007 08:12 PM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [09/28/2006 09:42 AM]
"KBD"="C:\HP\KBD\KbdStub.EXE" [12/08/2006 12:16 PM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 06:59 AM]
"RtHDVCpl"="RtHDVCpl.exe" [03/01/2007 11:38 AM C:\Windows\RtHDVCpl.exe]
"@"="" []
"SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [03/02/2007 05:55 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 02:11 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [04/12/2007 05:07 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [04/12/2007 05:07 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [04/12/2007 05:07 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08/31/2007 12:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/12/2007 08:44 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\Users\Macky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [8/26/2007 12:27:30 PM]
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [4/10/2007 7:09:06 PM]
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [3/2/2007 5:55:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-09-12 22:43:09 ------------


Also, do I have to be a graduate of GeekU to use a sig like the one in yours right now (talking about the 'UNITE' one). If there are no requirements, would you mind if I just stole that from you?

Thanks.

#11 MoNsTeReNeRgY22

  • Group: Member
  • Posts: 2,521
  • Joined: 28-January 07

Posted 12 September 2007 - 09:58 PM

Hey,

Please delete your copy of 1.99.1 and install the newest version by TrendMicro. I have a feeling it will now work on its own.
http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Here is a quote from ScHwErV about UNITE.

Quote

Upon graduation from Geek U and many other large online antimalware training institutions, each new staff member qualifies for membership in UNITE (Unified Network of Instructors and Trusted Eliminators). For more information about UNITE, ask a current member or check out the page at http://www.uniteagainstmalware.com.

Although UNITE membership may have been earned elsewhere, UNITE banners are not allowed for Geek U trainees. If you are a member of UNITE and are in Geek U, PM Kat or I and we will get things figured out.

#12 Matt L

  • Group: Member
  • Posts: 275
  • Joined: 13-July 06

Posted 13 September 2007 - 04:58 AM

It still doesn't work. System scans work, but I can't save a log.

And thanks for the quote.

#13 MoNsTeReNeRgY22

  • Group: Member
  • Posts: 2,521
  • Joined: 28-January 07

Posted 13 September 2007 - 04:37 PM

Hmm thats stange then. I am not quite sure. Let me see if I can find out for you.

#14 Matt L

  • Group: Member
  • Posts: 275
  • Joined: 13-July 06

Posted 14 September 2007 - 04:43 PM

I figured it out. Sorry. I had to right click > Run as Administrator. I apologize that I didn't know that before. It's just sorta hard on me because I've never had Vista before. Would you like me to post a new HiJackThisLog?

Also, my Yahoo Messenger's not working, and the only thing Yahoo services is suggesting is to make sure that it's not a spyware. They couldn't find out why. It's already being accepted inside of my firewall, and older versions seem to work. I am sharing this internet connection with three other computers, and they all have Yahoo Messenger in this household, and it's working, except me. I always just put in my username and password, and that little yellow smiley hops up and down and then the program takes me back to the log in page again. I don't know what's wrong, and it's very frustrating. I CAN log into my Yahoo email, I CAN log onto Yahoo Messenger via Trillian, but I'm sorta getting tired of Trillian, and I just want to use AIM and YM seperately now. Urgh... please help me if you can.

#15 MoNsTeReNeRgY22

  • Group: Member
  • Posts: 2,521
  • Joined: 28-January 07

Posted 14 September 2007 - 07:16 PM

Wow, I completly forgot you were running Vista. That was my bad, I should have recognized that earlier.

As for Yahoo, I am going to have to forward you to the applications forum. Tell them that I cleared you of all viruses and malware, and you need help. I will leave this open so you can post anymore questions, as well as the solution :whistling:

Nice job your log looks clean !
How is it running ?
Please use the following suggestion to help prevent reinfection.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following
  • Click Start, Settings, Control Panel
  • Double-click the System icon
  • Click the Performance tab, File System, Troubleshooting tab
  • Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  • Then uncheck "Turn off System Restore" which will create a new System Restore point
  • Click OK

I highly recommend downloading the following programs, to keep malware of your computer to begin with.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infect your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.
**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

AntiVirus Program An AntiVirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.
DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.
**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

And finally a little Posted Image How did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing :blink:

Share this topic:


  • 2 Pages +
  • 1
  • 2