Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Object Helper HiJack


  • This topic is locked This topic is locked

#1
slhangen

slhangen

    Member

  • Member
  • PipPip
  • 13 posts
Cannot find the malware but there is a dramatic system drag when executing browser that has only began recently. Please advise.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:03 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Rates - {4E45C414-5019-4966-9013-6950C35E6C06} - C:\WINDOWS\toprates.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c3.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189466180346
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189466167778
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 5684 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello slhangen

Welcome to G2Go. :)
=================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
slhangen

slhangen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry for delay. Busy week at work. Logs following:

Deckard's System Scanner v20071014.68
Run by ronnie bradford on 2008-01-26 16:29:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-01-26 22:29:56 UTC - RP853 - Deckard's System Scanner Restore Point
23: 2008-01-26 05:55:02 UTC - RP852 - System Checkpoint
22: 2008-01-24 01:38:15 UTC - RP851 - System Checkpoint
21: 2008-01-23 00:46:48 UTC - RP850 - System Checkpoint
20: 2008-01-21 01:14:12 UTC - RP849 - System Checkpoint


-- First Restore Point --
1: 2008-01-03 03:40:32 UTC - RP830 - Installed Windows XP KB915865.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ronnie bradford.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:59 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Documents and Settings\ronnie bradford\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ronnie bradford.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Rates - {4E45C414-5019-4966-9013-6950C35E6C06} - C:\WINDOWS\toprates.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c3.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189466180346
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189466167778
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 5726 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071201-181332-221 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3
D293314D6ECF32257895769ABCF75D7551F77A0336A845A387822212329A38506CAC59B6
backup-20071201-181332-296 O4 - HKUS\.DEFAULT\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe (User 'Default user')
backup-20071201-181332-301 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
backup-20071201-181332-304 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
backup-20071201-181332-532 O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
backup-20071201-181332-742 O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-500\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe (User '?')
backup-20071201-181332-775 O4 - Startup: system.exe
backup-20071201-181332-777 O4 - Global Startup: autorun.exe
backup-20071201-181332-830 O4 - HKUS\S-1-5-18\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe (User '?')
backup-20071201-181332-927 O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
backup-20071201-181332-965 O4 - S-1-5-21-3883782145-84769854-2968723906-500 Startup: system.exe (User '?')
backup-20071201-181333-894 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
backup-20071201-181334-439 O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://data.tech24.c...h/weblaunch.cab
backup-20071201-181335-554 O20 - AppInit_DLLs: C:\WINDOWS\System32\hadjajr.ini
backup-20071201-181335-645 O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
backup-20071203-001427-455 O20 - Winlogon Notify: mllli - C:\WINDOWS\
backup-20071203-001427-675 O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
backup-20071203-001427-892 O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
backup-20071203-001428-318 O20 - Winlogon Notify: oppnm - oppnm.dll (file missing)
backup-20080122-194714-792 O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
backup-20080122-194714-812 O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys

S3 catchme - c:\docume~1\ronnie~1\locals~1\temp\catchme.sys (file missing)
S3 lgatbus (LG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\lgatbus.sys <Not Verified; MCCI; LG USB Composite Device>
S3 lgatmdm (LG CDMA USB Modem Drivers) - c:\windows\system32\drivers\lgatmdm.sys <Not Verified; MCCI; LG CDMA USB Modem>
S3 lgatserd (LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM)) - c:\windows\system32\drivers\lgatserd.sys <Not Verified; MCCI; LG CDMA USB Modem Diagnostic Serial Port>
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - c:\program files\executive software\diskeeper\dkservice.exe <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>

S4 AresChatServer (Ares Chatroom server) - c:\program files\ares ultra\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S4 gearsec - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S4 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module>
S4 HPWirelessMgr - c:\program files\hpq\notebook utilities\hpwirelessmgr.exe <Not Verified; Hewlett-Packard Co.; HPWirelessMgr Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-26 00:57:00 412 --a------ C:\WINDOWS\Tasks\WebReg 20040411005753.job
2007-12-12 14:08:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

2008-01-07 11:35:20 0 d-------- C:\Program Files\IE Defender
2008-01-05 23:46:00 50 --a------ C:\tmp.bat
2008-01-02 21:40:17 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-02 21:26:12 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-02 21:19:43 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-02 21:19:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-02 21:16:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-28 21:13:10 487479 --a------ C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
2007-12-28 21:13:10 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-12-28 21:13:09 313344 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-12-28 21:13:08 0 d-------- C:\WINDOWS\system32\avsplugin
2007-12-28 21:13:08 7277568 --a------ C:\WINDOWS\system32\3gpcore.dll
2007-12-28 21:13:08 0 d-------- C:\Program Files\Smallvideosoft
2007-12-28 20:11:31 0 d-------- C:\Program Files\Common Files\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-01-06 00:01:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 13:45:37 0 d-------- C:\Program Files\Google
2008-01-04 22:25:51 0 d-------- C:\Program Files\Windows NT
2007-12-28 20:11:31 0 d-------- C:\Program Files\Common Files
2007-12-20 03:45:58 77824 --a------ C:\WINDOWS\binret.exe
2007-12-20 03:45:56 200704 --a------ C:\WINDOWS\leosrv.dll <Not Verified; ; leosrv Module>
2007-12-20 03:45:52 278528 --a------ C:\WINDOWS\ttvbonmlk.dll <Not Verified; ; ttvbonmlk>
2007-12-20 03:45:40 208896 --a------ C:\WINDOWS\hjoqor.dll
2007-12-20 03:45:32 270336 --a------ C:\WINDOWS\xcvwer.dll
2007-12-17 22:08:25 0 d-------- C:\Program Files\Propellerhead
2007-12-13 20:59:29 0 d-------- C:\Documents and Settings\ronnie bradford\Application Data\Adobe
2007-12-12 01:08:58 0 d-------- C:\Program Files\Ahead
2007-12-05 20:33:51 0 d-------- C:\Program Files\WinPFind3u
2007-12-05 15:09:52 0 d-------- C:\Documents and Settings\ronnie bradford\Application Data\SUPERAntiSpyware.com
2007-12-05 15:09:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 01:17:53 0 d-------- C:\Documents and Settings\ronnie bradford\Application Data\Propellerhead Software
2007-12-02 01:15:11 0 d-------- C:\Program Files\Recycle
2007-12-01 20:45:38 233472 -----n--- C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2007-12-01 20:45:37 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-12-01 20:19:51 0 d-------- C:\Program Files\Messenger
2007-12-01 20:19:00 0 d-------- C:\Program Files\Movie Maker
2007-12-01 19:40:11 0 d-------- C:\Program Files\Wise Registry Cleaner
2007-12-01 19:23:51 0 d-------- C:\Program Files\Wise Disk Cleaner
2007-12-01 19:23:17 0 d-------- C:\Program Files\Security Task Manager
2007-12-01 18:58:57 0 d-------- C:\Program Files\RegScrubXP
2007-12-01 18:57:11 0 d-------- C:\Program Files\Altnet
2007-12-01 18:55:38 0 d-------- C:\Program Files\iMesh
2007-12-01 18:54:27 0 d-------- C:\Program Files\dvdSanta
2007-11-17 22:25:25 10 --a------ C:\WINDOWS\smdat32m.sys
2007-11-16 21:20:26 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E45C414-5019-4966-9013-6950C35E6C06}]
C:\WINDOWS\toprates.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [11/27/2007 04:09 PM]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [11/27/2007 04:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/05/2008 01:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/29/2007 06:50 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/31/2004 7:39:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=01000000
"NoRecentDocsHistory"=01000000
"NoRecentDocsMenu"=01000000
"NoDevMgrUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ronnie bradford^Start Menu^Programs^Startup^TA_Start.lnk]
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ronnie bradford^Start Menu^Programs^Startup^Think-Adz.lnk]
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares ultra]
"C:\Program Files\Ares Ultra\Ares Ultra.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadStudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"AOL ACS"=3 (0x3)
"Psnsoa1c0r"=3 (0x3)
"HPWirelessMgr"=3 (0x3)
"HPConfig"=3 (0x3)
"svcWRSSSDK"=2 (0x2)
"CaCCProvSP"=3 (0x3)
"gusvc"=3 (0x3)
"CAISafe"=2 (0x2)
"AresChatServer"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-01-26 16:40:01 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.60GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 702.98 MiB / 437.36 MiB
Pagefile Memory (total/avail): 1720.63 MiB / 1521.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.54 MiB

C: is Fixed (NTFS) - 27.94 GiB total, 8.56 GiB free.
D: is CDROM (Unformatted)
E: is Removable (No Media)
F: is Fixed (FAT32) - 74.5 GiB total, 41.6 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2030AT - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.94 GiB - C:

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE1 - WDC WD80 0UE-22HCT0 USB Device - 74.53 GiB - 1 partition
\PARTITION0 - Unknown - 74.52 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AV: CA Anti-Virus v9.0.0.143 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"="C:\\Program Files\\Ares Ultra\\Ares Ultra.exe:*:Disabled:Ares Ultra p2p for windows"
"C:\\Program Files\\Bit Lord 1.1\\BitLord.exe"="C:\\Program Files\\Bit Lord 1.1\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ronnie bradford\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STAN
ComSpec=C:\WINDOWS\system32\cmd.exe
DXSDK_DIR=C:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ronnie bradford
LOGONSERVER=\\STAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\iZotope\Runtimes
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RONNIE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RONNIE~1\LOCALS~1\Temp
USERDOMAIN=STAN
USERNAME=ronnie bradford
USERPROFILE=C:\Documents and Settings\ronnie bradford
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

ronnie bradford (admin)
ronnie bradford (admin)
Zachary
Debracca
Dante
Administrator.STAN (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE IntelliGym ™ --> C:\Program Files\ACE\UnInstall_22752.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe InDesign 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\InDesign 2.0\Uninst.isu" -c"C:\Program Files\Adobe\InDesign 2.0\Uninst.dll"
Adobe InDesign CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
Adobe MPEG Encoder --> MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Ares Ultra 4.0.0 --> "C:\Program Files\Ares Ultra\unins000.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Basketball Stats Gold --> MsiExec.exe /I{3576ED55-15DF-4024-9116-088515E91794}
BitLord 1.1 --> C:\Program Files\Bit Lord 1.1\uninst.exe
BitPim 0.9.14 --> "C:\Program Files\BitPim\unins000.exe"
BlogExpress --> MsiExec.exe /I{86B520A2-A9D1-4EC4-84A0-823BED2D7B61}
CA Anti-Virus --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
CA Anti-Virus --> C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\unvet32.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Collapse! Deluxe --> C:\PROGRA~1\ZONE~1.COM\Collapse\UNWISE.EXE /U C:\PROGRA~1\ZONE~1.COM\Collapse\INSTALL.LOG
Conexant 56K ACLink Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf
Conexant AC-Link Audio --> CIAunwdm.exe
Cubis Deluxe --> C:\PROGRA~1\ZONE~1.COM\CUBISD~1\UNWISE.EXE C:\PROGRA~1\ZONE~1.COM\CUBISD~1\INSTALL.LOG
CyberSports for Basketball --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberSports\CyberSports for Basketball\Uninst.isu"
Desktop Zoom --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0604F35-314C-4341-A05E-3FEABCFDD470}\SETUP.EXE" -l0x9
Digital DFP Solid State Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47BB71CF-F3A3-4EE5-AB3E-110B933557B1}\setup.exe" -l0x9
Diskeeper Professional Edition --> MsiExec.exe /X{AA67205C-3E80-4062-9198-253A059DEE38}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
eBook Pro Viewer 5.54 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0233B01-BE70-4D0B-8B69-64331593535C}\Setup.exe"
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON PERF 2400 Guide --> C:\Program Files\epson\guide\perf_2400p_e\uninstall.exe
EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22901BB7-2C57-409E-AF2F-56FFFEA41116}\setup.exe" -l0x9 MyUninstall
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
ffdshow [rev 1611] [2007-11-16] --> "C:\Program Files\ffdshow\unins000.exe"
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
Freez 3GP Video Converter 2.0 --> "C:\Program Files\Smallvideosoft\Freez 3GP Video Converter\unins000.exe"
FW LiveUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE9C831D-416A-4F68-BD79-64FC51BD765B}\setup.exe" -l0x9 -removeonly
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\System32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\System32\ShellExt\GMailFS.inf
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{15C46A4B-1AB5-4C25-91B6-59151E199D13}
IKatzu --> C:\WINDOWS\System32\IKatzuUninstall.exe
ImageMate 8 in 1 Read/Writer (SDDR-88) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8EFF5E4-9B76-417B-A0BC-325659CFDA82}\Setup.exe" -l0x9
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
irock! Download Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE7ECCD9-7A88-467D-A3C5-8CF74261DB9E}\Setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kazaa 3.2.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC8923CA-D7F5-46E4-98BB-E083E6E1C40D}\Setup.exe" -l0x9 --AddRemove
Lexmark 510 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBZUN5C.EXE -dLexmark 510 Series
LG Download VX8500 DLL --> MsiExec.exe /I{E4AC2AD8-3320-4C83-B91E-4FA4C88FDABA}
LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
LGUsbDriver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB866374-B705-4749-83D9-997AC77146B3}\setup.exe"
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\Setup.exe" -l0x9 mmUninstall
Mah Jong Tiles Deluxe --> C:\PROGRA~1\ZONE~1.COM\Mahjong\UNWISE.EXE /U C:\PROGRA~1\ZONE~1.COM\Mahjong\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX 9.0 SDK Update (Summer 2004) --> MsiExec.exe /I{188D89CF-599B-4F16-9FF5-EAD6294D822E}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MixMeister Pro 4 --> MsiExec.exe /I{55D08777-EFAA-41AD-942A-5A2CD4B580F3}
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mpegable X4 live --> C:\WINDOWS\AKDeInstall.exe "/C:\Program Files\mpegable\"
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Net Transport 1.94.281 --> "C:\Program Files\Xi\NetTransport 2\unins000.exe"
Nic's XviD Decoder --> "C:\WINDOWS\System32\UninstXviDDec.exe"
Nokia Multimedia Converter 2.0 --> "C:\Nokia\Tools\Nokia_Multimedia_Converter_2_0\Uninstall\Uninstaller.exe"
Notebook Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\Setup.exe" -l0x9 UNINSTALL
One-Touch Buttons --> C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason 4.0 --> "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
ReBirth ModPacker --> C:\PROGRA~1\PROPEL~1\MODPAC~1\UNWISE.EXE C:\PROGRA~1\PROPEL~1\MODPAC~1\INSTALL.LOG
ReBirth RB-338 2.0 --> C:\PROGRA~1\PROPEL~1\REBIRT~1.0\UNWISE.EXE C:\PROGRA~1\PROPEL~1\REBIRT~1.0\INSTALL.LOG
ReCycle v2.1 --> C:\PROGRA~1\Recycle\UNWISE.EXE C:\PROGRA~1\Recycle\INSTALL.LOG
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
RX Bar --> regsvr32.exe /u /s "C:\Program Files\RXToolBar\RXToolBar.dll"
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Scientific-Atlanta WebSTAR 2000 series Cable Modem --> UNDPX2A.EXE
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Sony Sound Forge 8.0b --> MsiExec.exe /X{48EB9208-593D-4DC7-B613-9C5A210D87BA}
STOIK Video Converter 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8DF8593-F619-47DE-AD27-BCABF233433A}\setup.exe" -l0x9 -removeonly
StuffIt Standard --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7D863662-0AB4-40BD-AD9F-A2ED548C3187}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
V CAST Music --> MsiExec.exe /X{3249FD43-B24B-413F-B786-F8FEA32FA747}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wise Disk Cleaner 2.8 --> "C:\Program Files\Wise Disk Cleaner\unins000.exe"
Wise Registry Cleaner 2.9.6 --> "C:\Program Files\Wise Registry Cleaner\unins000.exe"
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2778 / Error
Event Submitted/Written: 01/26/2008 03:49:37 PM
Event ID/Source: 4610 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80040154 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. This may indicate that the COM+ Event System is not properly installed. Please try reinstalling the COM+ Event System.

Event Record #/Type2776 / Error
Event Submitted/Written: 01/26/2008 10:10:58 AM
Event ID/Source: 4610 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80040154 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. This may indicate that the COM+ Event System is not properly installed. Please try reinstalling the COM+ Event System.

Event Record #/Type2768 / Error
Event Submitted/Written: 01/25/2008 04:27:05 PM
Event ID/Source: 4610 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80040154 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. This may indicate that the COM+ Event System is not properly installed. Please try reinstalling the COM+ Event System.

Event Record #/Type2765 / Error
Event Submitted/Written: 01/25/2008 03:32:12 PM
Event ID/Source: 4610 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80040154 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. This may indicate that the COM+ Event System is not properly installed. Please try reinstalling the COM+ Event System.

Event Record #/Type2760 / Error
Event Submitted/Written: 01/24/2008 10:02:02 PM
Event ID/Source: 4610 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80040154 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. This may indicate that the COM+ Event System is not properly installed. Please try reinstalling the COM+ Event System.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1452 / Error
Event Submitted/Written: 01/26/2008 04:38:21 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type1451 / Error
Event Submitted/Written: 01/26/2008 04:38:21 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type1450 / Error
Event Submitted/Written: 01/26/2008 04:38:21 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type1449 / Error
Event Submitted/Written: 01/26/2008 04:38:21 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type1448 / Error
Event Submitted/Written: 01/26/2008 04:38:21 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-01-26 16:40:01 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E45C414-5019-4966-9013-6950C35E6C06}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ronnie bradford^Start Menu^Programs^Startup^TA_Start.lnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ronnie bradford^Start Menu^Programs^Startup^Think-Adz.lnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
==================================================
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\PROGRA~1\TRENDM~1\HIJACK~1\backups
    C:\Program Files\IE Defender
    C:\WINDOWS\binret.exe
    C:\WINDOWS\leosrv.dll
    C:\WINDOWS\ttvbonmlk.dll
    C:\WINDOWS\hjoqor.dll
    C:\WINDOWS\xcvwer.dll
    C:\Program Files\Altnet
    C:\WINDOWS\smdat32m.sys
    C:\WINDOWS\pss\TA_Start.lnkStartup
    C:\WINDOWS\pss\Think-Adz.lnkStartup
    C:\Program Files\RXToolBar


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
    Click "Exit" to close OTMoveIt.

    **When ready to Reply on the forum, please Paste the content of the latest log which is located at the root of the drive where the OTMoveIt folder is:
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================================
Please after that rerun dss and post the resulting log.
  • 0

#5
slhangen

slhangen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks again for you assistance. OT Move It Log following:

Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20080122-194714-812 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20080122-194714-792 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071203-001428-318 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071203-001427-892 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071203-001427-675 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071203-001427-455 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181335-645 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181335-554 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181334-439 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181333-894 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-965 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-927 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-830 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-777 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-775 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-742 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-532 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-304 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-301 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-296 scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\backup-20071201-181332-221 scheduled to be moved on reboot.
C:\PROGRA~1\TRENDM~1\HIJACK~1\backups moved successfully.
C:\Program Files\IE Defender moved successfully.
C:\WINDOWS\binret.exe moved successfully.
C:\WINDOWS\leosrv.dll NOT unregistered.
C:\WINDOWS\leosrv.dll moved successfully.
C:\WINDOWS\ttvbonmlk.dll NOT unregistered.
C:\WINDOWS\ttvbonmlk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\hjoqor.dll
C:\WINDOWS\hjoqor.dll NOT unregistered.
C:\WINDOWS\hjoqor.dll moved successfully.
File/Folder C:\WINDOWS\xcvwer.dll not found.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection moved successfully.
C:\Program Files\Altnet\My Altnet Shares moved successfully.
C:\Program Files\Altnet moved successfully.
C:\WINDOWS\smdat32m.sys moved successfully.
C:\WINDOWS\pss\TA_Start.lnkStartup moved successfully.
C:\WINDOWS\pss\Think-Adz.lnkStartup moved successfully.
File/Folder C:\Program Files\RXToolBar not found.

Created on 01/26/2008 22:13:57
  • 0

#6
slhangen

slhangen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
DSS Log:

Deckard's System Scanner v20071014.68
Run by ronnie bradford on 2008-01-26 22:27:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as ronnie bradford.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:09 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Documents and Settings\ronnie bradford\Desktop\Computer Utilities\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RONNIE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c3.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189466180346
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189466167778
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 5637 bytes

-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

2008-01-26 22:10:13 82439996 --a------ C:\registrybackup.reg
2008-01-05 23:46:00 50 --a------ C:\tmp.bat
2008-01-02 21:40:17 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-02 21:26:12 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-02 21:19:43 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-02 21:19:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-02 21:16:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-28 21:13:10 487479 --a------ C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
2007-12-28 21:13:10 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-12-28 21:13:09 313344 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-12-28 21:13:08 0 d-------- C:\WINDOWS\system32\avsplugin
2007-12-28 21:13:08 7277568 --a------ C:\WINDOWS\system32\3gpcore.dll
2007-12-28 21:13:08 0 d-------- C:\Program Files\Smallvideosoft
2007-12-28 20:11:31 0 d-------- C:\Program Files\Common Files\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-01-06 00:01:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 13:45:37 0 d-------- C:\Program Files\Google
2008-01-04 22:25:51 0 d-------- C:\Program Files\Windows NT
2007-12-28 20:11:31 0 d-------- C:\Program Files\Common Files
2007-12-17 22:08:25 0 d-------- C:\Program Files\Propellerhead
2007-12-13 20:59:29 0 d-------- C:\Documents and Settings\ronnie bradford\Application Data\Adobe
2007-12-12 01:08:58 0 d-------- C:\Program Files\Ahead
2007-12-05 20:33:51 0 d-------- C:\Program Files\WinPFind3u
2007-12-05 15:09:52 0 d-------- C:\Documents and Settings\ronnie bradford\Application Data\SUPERAntiSpyware.com
2007-12-05 15:09:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 01:17:53 0 d-------- C:\Documents and Settings\ronnie bradford\Application Data\Propellerhead Software
2007-12-02 01:15:11 0 d-------- C:\Program Files\Recycle
2007-12-01 20:45:38 233472 -----n--- C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2007-12-01 20:45:37 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-12-01 20:19:51 0 d-------- C:\Program Files\Messenger
2007-12-01 20:19:00 0 d-------- C:\Program Files\Movie Maker
2007-12-01 19:40:11 0 d-------- C:\Program Files\Wise Registry Cleaner
2007-12-01 19:23:51 0 d-------- C:\Program Files\Wise Disk Cleaner
2007-12-01 19:23:17 0 d-------- C:\Program Files\Security Task Manager
2007-12-01 18:58:57 0 d-------- C:\Program Files\RegScrubXP
2007-12-01 18:55:38 0 d-------- C:\Program Files\iMesh
2007-12-01 18:54:27 0 d-------- C:\Program Files\dvdSanta
2007-11-16 21:20:26 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [11/27/2007 04:09 PM]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [11/27/2007 04:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/05/2008 01:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/29/2007 06:50 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/31/2004 7:39:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=01000000
"NoRecentDocsHistory"=01000000
"NoRecentDocsMenu"=01000000
"NoDevMgrUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ronnie bradford^Start Menu^Programs^Startup^TA_Start.lnk]
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ronnie bradford^Start Menu^Programs^Startup^Think-Adz.lnk]
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares ultra]
"C:\Program Files\Ares Ultra\Ares Ultra.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadStudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"AOL ACS"=3 (0x3)
"Psnsoa1c0r"=3 (0x3)
"HPWirelessMgr"=3 (0x3)
"HPConfig"=3 (0x3)
"svcWRSSSDK"=2 (0x2)
"CaCCProvSP"=3 (0x3)
"gusvc"=3 (0x3)
"CAISafe"=2 (0x2)
"AresChatServer"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-01-26 22:31:10 ------------
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis2.reg on your Desktop.
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ronnie bradford^Start Menu^Programs^Startup^TA_Start.lnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ronnie bradford^StartMenu^Programs^Startup^Think-Adz.lnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]


Now double-click fixthis2.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP