Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Services And Controller App Error


  • Please log in to reply

#1
amapala

amapala

    New Member

  • Member
  • Pip
  • 7 posts
About 75% of the time I boot up Windows XP Professional on my laptop (custom from PC Laptops, UT) I get a notification that the services and controller app has experienced an error and needs to close. Unlike other users' posts that I've read, this error does not give me the opportunity to send the information to Microsoft. It allows me to find out more information about it, or close it. When I click the option to learn more about the error, I get the following information:

szAppName : services.exe szAppVer : 5.1.2600.2180
szModName : services.exe szModVer : 5.1.2600.2180 offset : 00008e40

C:\DOCUME~1\Reiko\LOCALS~1\Temp\WER7bc6.dir00\services.exe.mdmp
C:\DOCUME~1\Reiko\LOCALS~1\Temp\WER7bc6.dir00\appcompat.txt

Sometimes it starts the 60 second shutdown countdown immediately, and sometimes I can work with the window open for awhile before it shuts down. It always initiates the countdown if I opt to close the error message.

I've tried to follow the advise given to other users that have experienced this similar problem (including virus scans with SuperAntiSpyware, SpyBot S&D, etc., CClean, RegistryFix, etc.), but to no avail. In fact, I don't know that I've found a thread that has been successfully resolved.

This problem started a couple of months ago, and it appeared to be related to the Quick-start menu running in the system tray for OpenOffice (when I started getting that error, I would uninstall OpenOffice, the error would cease, and I could re-install OpenOffice and be on my merry way). This happened 4 or 5 times over the course of a month or two, and then never reappeared until now. I ran a virus scan with SpyBot S&D, and it found some malware that required a reboot to delete. The error appeared upon restart, and now I can't seem to do anything to get rid of it. Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:48 AM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pclaptops.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {504ECB49-969A-4F10-B5E8-881191072413} (Image Uploader 3.0 Control) - http://www.heritagem...ageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - http://www.swiftview...all_a_green.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9212 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello amapala

Welcome to G2Go. :)
=====================
Sounds like a software issue but we will look a bit deeper and see what we can see.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
amapala

amapala

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much for responding. The problem hasn't resurfaced for a couple of days, although I haven't done anything to the computer since I posted the HJT file. My guess is it's just dormant? (Since I haven't done anything to fix it). in any case, I would really like to get to the bottom of this problem (whatever it might be)!

EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2500 @ 2.00GHz
CPU 1: Genuine Intel® CPU T2500 @ 2.00GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1021.92 MiB / 456.8 MiB
Pagefile Memory (total/avail): 2462.07 MiB / 1984.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.79 MiB

C: is Fixed (NTFS) - 111.79 GiB total, 38.44 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-22LAT0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\\Program Files\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Games\\Empire Earth\\Empire Earth.exe"="C:\\Games\\Empire Earth\\Empire Earth.exe:*:Disabled:Empire Earth"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:DNA"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Research In Motion\\BlackBerry JDE 4.2.1\\simulator\\fledge.exe"="C:\\Program Files\\Research In Motion\\BlackBerry JDE 4.2.1\\simulator\\fledge.exe:*:Enabled:BlackBerry Handheld Simulator"
"C:\\Program Files\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\\Program Files\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Documents and Settings\\Reiko\\Desktop\\eMule0.48a\\eMule0.48a\\emule.exe"="C:\\Documents and Settings\\Reiko\\Desktop\\eMule0.48a\\eMule0.48a\\emule.exe:*:Enabled:eMule"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Reiko\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALLRED
ComSpec=C:\WINDOWS\system32\cmd.exe
devmgr_show_nonpresent_devices=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Reiko
LOGONSERVER=\\ALLRED
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Softex\OmniPass;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Reiko\LOCALS~1\Temp
TMP=C:\DOCUME~1\Reiko\LOCALS~1\Temp
USERDOMAIN=ALLRED
USERNAME=Reiko
USERPROFILE=C:\Documents and Settings\Reiko
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Reiko (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AceMoney --> "C:\Program Files\AceMoney\unins000.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe GoLive 5.0 Educational --> MsiExec.exe /I{FBCCF9CE-61EE-425E-BE4D-959D76FA7701}
Adobe Illustrator 9.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.isu" -c"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.dll"
Adobe LiveMotion --> MsiExec.exe /I{D0FA6DD3-CB9D-41EB-A410-9004192C99EF}
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-705000000001}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ApSIC Xbench 2.7 --> C:\Program Files\ApSIC\Xbench\uninst.Xbench.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BitTorrent DNA --> "C:\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BlackBerry Email and MDS Services Simulators 4.1.4 --> MsiExec.exe /X{F96EBCDA-4DCA-4852-9D58-765FCB412447}
BlackBerry JDE 4.2.1 --> MsiExec.exe /X{9CE87FC6-D94B-43A4-A171-F06009C8D810}
BlackBerry v4.2.1 for the 8100 Series Wireless Handheld --> MsiExec.exe /X{C9416263-0E35-41C9-91C0-32100F0D3448}
BlueVoda Website Builder 9.2 --> C:\WINDOWS\iun6002.exe "C:\Program Files\BlueVoda Website Builder\irunin.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Costco Photo Organizer --> MsiExec.exe /X{17A7FDBC-FB38-4258-B623-BCBA212BC25D}
D-Link DWA-652 Xtreme N Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}\setup.exe" -l0x9 -removeonly
Deadlock --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Games\Deadlock\DeIsL1.isu"
diccionarios.com --> C:\Program Files\diccionarios\uninstall.exe -uninstall -prompt
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EGS Recipe Center --> MsiExec.exe /I{17800CFC-97EC-40A5-AB42-A8B66DC74D77}
Empire Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Fingerprint Sensor Minimum Install --> MsiExec.exe /I{0763E426-FB61-4CD3-B8C7-01A0F37CAAEB}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
HijackThis 2.0.2 --> "C:\DOCUME~1\Reiko\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe" /uninstall
Inst5657 --> MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
Instant Invoice n CashBook 2007 --> "C:\Program Files\EzySoft\Instant Invoice\unins000.exe"
Integrated Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Development Kit 5.0 Update 13 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150130}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 13 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150130}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KTP Ware PS/2-WDM 5.0.3.6 --> rundll32.exe "C:\Program Files\Elantech\KTUninst.dll",KTech_Uninstall 0
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Maxtor OneTouch III --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9} /l1033
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
MGTEK dopisp --> MsiExec.exe /I{FC550484-2862-49C3-A85A-802457F9AABA}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Reiko\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NetBeans IDE 5.5.1 --> C:\Program Files\netbeans-5.5.1\_uninst\uninstaller.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OmniPass 4.00.32 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x9
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PractiCount and Invoice 3.1 (Standard) --> "C:\Program Files\PractiCount and Invoice\unins000.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Retrospect Express HD 1.1 --> MsiExec.exe /I{A4952AA3-FCBF-4D28-9DC4-A3935FDC5805}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rosetta Stone 2.1.4.1A --> "C:\Program Files\Rosetta Stone\RS2.1.4.1A_Support\Uninstall_Rosetta Stone 2.1.4.1A\Uninstall Rosetta Stone 2.1.4.1A.exe"
Rosetta Stone V3 --> MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Scorched3D 41.3 --> C:\Program Files\Scorched3D\uninst.exe
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.5.1.15 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SwiftView Viewer --> C:\Program Files\SwiftView\svinst.exe -Uninstall
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Wheel of Time --> C:\games\WheelOfTime\System\Setup.exe uninstall "Wheel of Time"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Select Switch --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Zoo Tycoon 2 - Marine Mania --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B406605B-45FE-4D8F-8250-1E77479583AE}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4923 / Warning
Event Submitted/Written: 03/10/2008 02:03:56 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4906 / Warning
Event Submitted/Written: 03/05/2008 11:24:16 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4900 / Warning
Event Submitted/Written: 03/05/2008 01:30:37 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4895 / Error
Event Submitted/Written: 03/03/2008 07:39:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008d39.
Processing media-specific event for [services.exe!ws!]

Event Record #/Type4889 / Warning
Event Submitted/Written: 03/03/2008 02:07:33 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32704 / Warning
Event Submitted/Written: 03/10/2008 09:37:46 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ALLRED27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ALLRED27 can't undo changes that you allow.

For more information please see the following:
%ALLRED275

Scan ID: {040D88CF-6605-45E3-B1E3-2D626A718773}

User: ALLRED\Reiko

Name: %ALLRED271

ID: %ALLRED272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ALLRED276

Alert Type: %ALLRED278

Detection Type: 1.1.1593.02

Event Record #/Type32703 / Warning
Event Submitted/Written: 03/10/2008 09:37:46 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ALLRED27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ALLRED27 can't undo changes that you allow.

For more information please see the following:
%ALLRED275

Scan ID: {5D7910A4-DB3F-4C64-997A-D357CFE0D296}

User: ALLRED\Reiko

Name: %ALLRED271

ID: %ALLRED272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ALLRED276

Alert Type: %ALLRED278

Detection Type: 1.1.1593.02

Event Record #/Type32702 / Warning
Event Submitted/Written: 03/10/2008 09:37:46 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ALLRED27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ALLRED27 can't undo changes that you allow.

For more information please see the following:
%ALLRED275

Scan ID: {A135010B-B76B-43F0-AF4F-127022CD2288}

User: ALLRED\Reiko

Name: %ALLRED271

ID: %ALLRED272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ALLRED276

Alert Type: %ALLRED278

Detection Type: 1.1.1593.02

Event Record #/Type32701 / Warning
Event Submitted/Written: 03/10/2008 09:37:43 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ALLRED27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ALLRED27 can't undo changes that you allow.

For more information please see the following:
%ALLRED275

Scan ID: {CBB2E014-F155-43D8-9121-D85A66065703}

User: ALLRED\Reiko

Name: %ALLRED271

ID: %ALLRED272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ALLRED276

Alert Type: %ALLRED278

Detection Type: 1.1.1593.02

Event Record #/Type32700 / Warning
Event Submitted/Written: 03/10/2008 09:37:43 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ALLRED27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ALLRED27 can't undo changes that you allow.

For more information please see the following:
%ALLRED275

Scan ID: {58E7C36F-A103-41D8-8FAA-1A8634F8AC6A}

User: ALLRED\Reiko

Name: %ALLRED271

ID: %ALLRED272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ALLRED276

Alert Type: %ALLRED278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-03-10 21:37:55 ------------

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Reiko on 2008-03-10 21:36:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2008-03-11 02:36:31 UTC - RP349 - Deckard's System Scanner Restore Point
93: 2008-03-10 23:15:23 UTC - RP348 - System Checkpoint
92: 2008-03-09 22:15:44 UTC - RP347 - System Checkpoint
91: 2008-03-08 18:38:37 UTC - RP346 - System Checkpoint
90: 2008-03-07 07:16:57 UTC - RP345 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-12 04:04:35 UTC - RP256 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Reiko.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:25 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Documents and Settings\Reiko\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Reiko.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pclaptops.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {504ECB49-969A-4F10-B5E8-881191072413} (Image Uploader 3.0 Control) - http://www.heritagem...ageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - http://www.swiftview...all_a_green.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9107 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,3
.js - JSFile - shell\open\command - C:\WINDOWS\system32\WScript.exe "%1" %*
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2
.vbs - VBSFile - shell\open\command - C:\WINDOWS\system32\WScript.exe "%1" %*
.vbs - VBSFile - shell\edit\command - C:\WINDOWS\system32\Notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 CPEb - c:\windows\system32\drivers\cpeb.sys <Not Verified; Compal; >
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\program files\d-link\d-link dwa-652 xtreme n notebook adapter\acs.exe <Not Verified; Atheros; Atheros Configuration Service (ACS)>
R2 NTService1 (MaxSyncService) - "c:\program files\maxtor\onetouch\utils\syncservices.exe" <Not Verified; ; SyncServices>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 RetroExpLauncher (Retrospect Express HD Launcher) - c:\progra~1\retros~1\retros~1.1\retrorun.exe <Not Verified; EMC Dantz; Retrospect Express HD>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-10 16:25:25 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-22 21:00:00 394 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (805-PRO-Reiko).job


-- Files created between 2008-02-10 and 2008-03-10 -----------------------------

2008-03-03 00:02:45 0 d-------- C:\WINDOWS\CSC
2008-03-02 08:52:00 0 d-------- C:\WINDOWS\Backup
2008-03-02 08:24:39 0 d-------- C:\Program Files\RegistryFix
2008-03-02 00:09:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-02 00:08:37 0 d-------- C:\Program Files\Security Task Manager
2008-03-01 10:14:23 0 dr-h----- C:\Documents and Settings\Reiko\Recent
2008-03-01 09:59:25 0 d-------- C:\Program Files\CCleaner
2008-02-28 00:07:59 237636 -----n--- C:\WINDOWS\system32\wsimd.dll <Not Verified; Atheros Communications, Inc.; wsimd>
2008-02-28 00:07:59 245830 -----n--- C:\WINDOWS\system32\wsfwDS.dll <Not Verified; Atheros Communications, Inc.; wsfwds>
2008-02-28 00:07:59 53248 -r------- C:\WINDOWS\system32\dsaNac.dll <Not Verified; Devicescape, Inc.; Devicescape NAC Notify DLL>
2008-02-28 00:07:59 1253432 -r------- C:\WINDOWS\system32\dsa.dll <Not Verified; Devicescape; Devicescape Windows WPA Supplicant (Core 0.4.3)>
2008-02-28 00:07:59 0 d-------- C:\WINDOWS\pcidevice
2008-02-27 23:56:08 0 d-------- C:\Program Files\BitTorrent_DNA
2008-02-27 23:56:08 0 d-------- C:\Documents and Settings\Reiko\Application Data\BitTorrent DNA
2008-02-27 23:50:17 0 d-------- C:\WINDOWS\system32\nvctrl.exe
2008-02-27 23:50:17 0 d-------- C:\WINDOWS\system32\mssearchnet.exe
2008-02-27 23:50:17 0 d-------- C:\WINDOWS\system32\drpmon.dll
2008-02-27 23:50:17 0 d-------- C:\WINDOWS\system32\atmclk.exe
2008-02-27 23:50:17 0 d-------- C:\WINDOWS\svcproc.exe
2008-02-27 23:50:17 0 d-------- C:\WINDOWS\nail.exe
2008-02-23 20:24:26 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-02-23 20:23:59 0 d-------- C:\Program Files\Pure Networks
2008-02-23 20:22:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-02-23 17:55:02 0 d-------- C:\Program Files\D-Link
2008-02-21 00:17:05 6553600 --a------ C:\Documents and Settings\Reiko\ntuser.dat
2008-02-17 22:36:06 0 d-------- C:\Documents and Settings\Reiko\.scorched3d
2008-02-17 22:27:42 0 d-------- C:\Program Files\Scorched3D


-- Find3M Report ---------------------------------------------------------------

2008-03-10 17:15:02 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-10 02:03:30 0 d-------- C:\Program Files\LogMeIn
2008-03-01 01:18:34 0 d-------- C:\Program Files\Common Files
2008-03-01 01:18:33 0 d-------- C:\Program Files\Dynacom Technologies, Inc
2008-03-01 01:16:13 0 d-------- C:\Program Files\Dynacom Accounting 10
2008-02-28 08:27:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-27 23:56:08 0 d-------- C:\Program Files\AceMoney
2008-02-27 23:54:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-24 14:44:50 0 d-------- C:\Program Files\Games
2008-02-24 13:41:06 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-24 13:37:14 0 d-------- C:\Documents and Settings\Reiko\Application Data\OpenOffice.org2
2008-02-02 13:12:18 0 d-------- C:\Program Files\SpywareBlaster
2008-01-24 18:38:54 0 d-------- C:\Program Files\Azureus
2008-01-24 18:38:16 0 d-------- C:\Documents and Settings\Reiko\Application Data\Azureus
2008-01-23 20:29:52 0 d-------- C:\Program Files\Helper
2008-01-21 19:36:10 0 d-------- C:\Documents and Settings\Reiko\Application Data\Adobe
2008-01-21 10:10:54 5537 --a------ C:\WINDOWS\mozver.dat
2008-01-18 18:26:48 0 d-------- C:\Program Files\BlueVoda Website Builder
2008-01-18 18:26:05 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-01-16 14:56:31 0 d-------- C:\Program Files\DivX
2008-01-15 00:07:26 0 d-------- C:\Program Files\Recipe Center
2008-01-08 18:46:10 54764 --a------ C:\WINDOWS\system32\xpdx.sys
2007-12-20 21:07:17 14 --a------ C:\Program Files\Sysconfig
2007-12-20 21:07:17 14 --a------ C:\Program Files\SpySpotter
2007-12-20 21:07:17 14 --a------ C:\Program Files\ql
2007-12-20 21:07:17 14 --a------ C:\Program Files\Daily Weather Forecast
2007-12-20 21:07:17 14 --a------ C:\Program Files\couponsandoffers
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\WinSoftware
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\Windows ControlAd
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\SearchUpgrader
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\Oem Common
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\Malware-Wiped
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\InetGet2
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\InetGet
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\DriveCleaner Free
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\Download
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\Companion Wizard
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\CMEII
2007-12-20 21:07:17 14 --a------ C:\Program Files\Common Files\BTLink
2007-12-20 21:07:17 14 --a------ C:\Program Files\CMMan
2007-12-20 21:07:17 14 --a------ C:\Program Files\Accoona
2007-12-20 21:07:16 14 --a------ C:\Program Files\VVSN
2007-12-20 21:07:16 14 --a------ C:\Program Files\SufSideKick 3
2007-12-20 21:07:16 14 --a------ C:\Program Files\SearchRelevant
2007-12-20 21:07:16 14 --a------ C:\Program Files\C2Media
2007-12-20 21:07:16 14 --a------ C:\Program Files\180search Assistant Programs
2007-12-20 21:07:15 14 --a------ C:\Program Files\winupdates
2007-12-20 21:07:14 14 --a------ C:\Program Files\Windupdates
2007-12-20 21:07:14 14 --a------ C:\Program Files\MyglobalSearch
2007-12-20 21:07:13 14 --a------ C:\Program Files\wildtangent
2007-12-20 21:07:13 14 --a------ C:\Program Files\tvs
2007-12-20 21:07:13 14 --a------ C:\Program Files\Media Gateway
2007-12-20 21:07:13 14 --a------ C:\Program Files\funwebproducts
2007-12-20 21:07:12 14 --a------ C:\Program Files\TV Media
2007-12-20 21:07:12 14 --a------ C:\Program Files\MBKWBar
2007-12-20 21:07:11 14 --a------ C:\Program Files\WebRebates
2007-12-20 21:07:11 14 --a------ C:\Program Files\ViewPoint
2007-12-20 21:07:10 14 --a------ C:\Program Files\ErrorGuard
2007-12-20 21:07:09 14 --a------ C:\Program Files\wintools
2007-12-20 21:07:09 14 --a------ C:\Program Files\cmeii
2007-12-20 21:07:09 14 --a------ C:\Program Files\180solutions
2007-12-20 21:07:08 14 --a------ C:\Program Files\mywebsearch
2007-12-20 21:07:08 14 --a------ C:\Program Files\mysearch
2007-12-20 21:07:07 14 --a------ C:\Program Files\toolbar
2007-12-20 21:07:07 14 --a------ C:\Program Files\Outlook
2007-12-20 21:07:07 14 --a------ C:\Program Files\NavExcel
2007-12-20 21:07:07 14 --a------ C:\Program Files\hotbar
2007-12-20 21:07:07 14 --a------ C:\Program Files\hbinst
2007-12-20 21:07:07 14 --a------ C:\Program Files\gmt
2007-12-20 21:07:07 14 --a------ C:\Program Files\CAS
2007-12-20 21:07:06 14 --a------ C:\Program Files\Notify
2007-12-20 21:07:06 14 --a------ C:\Program Files\MediaLoads
2007-12-20 21:07:06 14 --a------ C:\Program Files\InetGet2
2007-12-20 21:07:06 14 --a------ C:\Program Files\InetGet
2007-12-20 21:07:06 14 --a------ C:\Program Files\FYI
2007-12-20 21:07:05 14 --a------ C:\Program Files\ZipCodec
2007-12-20 21:07:05 14 --a------ C:\Program Files\Winsupdater
2007-12-20 21:07:05 14 --a------ C:\Program Files\WebRebates4
2007-12-20 21:07:05 14 --a------ C:\Program Files\Media_Codec
2007-12-20 21:07:05 14 --a------ C:\Program Files\Epicenter
2007-12-20 21:07:04 14 --a------ C:\Program Files\WinMediaCodec
2007-12-20 21:07:04 14 --a------ C:\Program Files\vb
2007-12-20 21:07:03 14 --a------ C:\Program Files\Windows ControlAd
2007-12-20 21:07:03 14 --a------ C:\Program Files\SpywareHeal
2007-12-20 21:07:03 14 --a------ C:\Program Files\DriveCleaner Free
2007-12-20 21:07:03 14 --a------ C:\Program Files\Companion Wizard
2007-12-20 21:07:02 14 --a------ C:\Program Files\OIN Search
2007-12-20 21:07:02 14 --a------ C:\Program Files\MailSkinner
2007-12-20 21:07:01 14 --a------ C:\Program Files\Webhance
2007-12-20 21:07:01 14 --a------ C:\Program Files\SpyTrooper
2007-12-20 21:07:01 14 --a------ C:\Program Files\Bho Plugin
2007-12-20 21:07:00 14 --a------ C:\Program Files\Video Access Activex
2007-12-20 21:07:00 14 --a------ C:\Program Files\Internet Security
2007-12-20 21:06:59 14 --a------ C:\Program Files\Video Access Add-on
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\vidmon
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\vidctrl
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\smpi1
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\privacy_danger
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\nsvsvc
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\nfomon
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\msdrives
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\micro1
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\bund1
2007-12-20 21:06:49 14 --a------ C:\WINDOWS\system32\$sys$filesystem
2007-12-20 21:06:37 14 --a------ C:\WINDOWS\inet20091
2007-12-20 21:06:36 14 --a------ C:\WINDOWS\Winsecurity
2007-12-20 21:06:36 14 --a------ C:\WINDOWS\iNetPal
2007-12-20 21:06:36 14 --a------ C:\WINDOWS\inet20027
2007-12-20 21:06:36 14 --a------ C:\WINDOWS\inet20026
2007-12-20 21:06:36 14 --a------ C:\WINDOWS\Exefld
2007-12-20 21:06:35 14 --a------ C:\WINDOWS\isrvs
2007-12-20 21:06:35 14 --a------ C:\WINDOWS\elitetoolbar
2007-12-20 21:06:35 14 --a------ C:\WINDOWS\elitesidebar
2007-12-20 21:06:35 14 --a------ C:\WINDOWS\elitebar
2007-12-20 21:06:35 14 --a------ C:\WINDOWS\cfgmgr52


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [04/17/2006 02:34 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 AM C:\WINDOWS\Alcmtr.exe]
"AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 01:50 AM C:\WINDOWS\AGRSMMSG.exe]
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [03/27/2006 02:36 PM]
"tsnp2std"="C:\WINDOWS\system32\tsnp2std.exe" [03/31/2006 09:52 PM]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [10/20/2005 04:18 PM]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [04/19/2006 02:12 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/03/2006 03:07 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/02/2006 11:50 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/16/2006 05:31 PM]
"nwiz"="nwiz.exe" [03/16/2006 05:31 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/16/2006 05:31 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/07/2006 06:15 PM]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [03/27/2006 04:04 PM]
"RetroExpress"="C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe" [02/06/2006 09:22 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 10:41 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 04:09 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [04/22/2005 09:19 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\Reiko\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 10:57:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/24/2006 9:13:24 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/24/2006 9:13:24 PM]
Wireless Connection Manager.lnk - C:\Program File
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#5
amapala

amapala

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here's the report (no prompt for restart):

Malwarebytes' Anti-Malware 1.08
Database version: 477

Scan type: Full Scan (C:\|)
Objects scanned: 224824
Time elapsed: 1 hour(s), 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Deckard\System Scanner\backup\WINDOWS\temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xpdx.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\xpdx.sys
    C:\Program Files\Sysconfig
    C:\Program Files\SpySpotter
    C:\Program Files\couponsandoffers
    C:\Program Files\Common Files\WinSoftware
    C:\Program Files\Common Files\Windows ControlAd
    C:\Program Files\Common Files\SearchUpgrader
    C:\Program Files\Common Files\Oem Common
    C:\Program Files\Common Files\Malware-Wiped
    C:\Program Files\Common Files\InetGet2
    C:\Program Files\Common Files\InetGet
    C:\Program Files\Common Files\DriveCleaner Free
    C:\Program Files\Common Files\Companion Wizard
    C:\Program Files\Common Files\CMEII
    C:\Program Files\Common Files\BTLink
    C:\Program Files\CMMan
    C:\Program Files\Accoona
    C:\Program Files\VVSN
    C:\Program Files\SufSideKick 3
    C:\Program Files\SearchRelevant
    C:\Program Files\C2Media
    C:\Program Files\180search Assistant Programs
    C:\Program Files\winupdates
    C:\Program Files\Windupdates
    C:\Program Files\MyglobalSearch
    C:\Program Files\tvs
    C:\Program Files\Media Gateway
    C:\Program Files\funwebproducts
    C:\Program Files\TV Media
    C:\Program Files\MBKWBar
    C:\Program Files\WebRebates
    C:\Program Files\ViewPoint
    C:\Program Files\ErrorGuard
    C:\Program Files\wintools
    C:\Program Files\cmeii
    C:\Program Files\180solutions
    C:\Program Files\mywebsearch
    C:\Program Files\mysearch
    C:\Program Files\toolbar
    C:\Program Files\NavExcel
    C:\Program Files\hotbar
    C:\Program Files\hbinst
    C:\Program Files\gmt
    C:\Program Files\CAS
    C:\Program Files\Notify
    C:\Program Files\MediaLoads
    C:\Program Files\InetGet2
    C:\Program Files\InetGet
    C:\Program Files\FYI
    C:\Program Files\ZipCodec
    C:\Program Files\Winsupdater
    C:\Program Files\WebRebates4
    C:\Program Files\Media_Codec
    C:\Program Files\WinMediaCodec
    C:\Program Files\vb
    C:\Program Files\Windows ControlAd
    C:\Program Files\SpywareHeal
    C:\Program Files\DriveCleaner Free
    C:\Program Files\Companion Wizard
    C:\Program Files\OIN Search
    C:\Program Files\MailSkinner
    C:\Program Files\Webhance
    C:\Program Files\SpyTrooper
    C:\Program Files\Bho Plugin
    C:\Program Files\Video Access Activex
    C:\Program Files\Internet Security
    C:\Program Files\Video Access Add-on
    C:\WINDOWS\system32\vidmon
    C:\WINDOWS\system32\vidctrl
    C:\WINDOWS\system32\smpi1
    C:\WINDOWS\system32\privacy_danger
    C:\WINDOWS\system32\nsvsvc
    C:\WINDOWS\system32\nfomon
    C:\WINDOWS\system32\msdrives
    C:\WINDOWS\system32\micro1
    C:\WINDOWS\system32\bund1
    C:\WINDOWS\system32\$sys$filesystem
    C:\WINDOWS\inet20091
    C:\WINDOWS\Winsecurity
    C:\WINDOWS\iNetPal
    C:\WINDOWS\inet20027
    C:\WINDOWS\inet20026
    C:\WINDOWS\Exefld
    C:\WINDOWS\isrvs
    C:\WINDOWS\elitetoolbar
    C:\WINDOWS\elitesidebar
    C:\WINDOWS\elitebar
    C:\WINDOWS\cfgmgr52

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==========================
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#7
amapala

amapala

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTMoveIt2 log:

File/Folder C:\WINDOWS\system32\xpdx.sys not found.
C:\Program Files\Sysconfig moved successfully.
C:\Program Files\SpySpotter moved successfully.
C:\Program Files\couponsandoffers moved successfully.
C:\Program Files\Common Files\WinSoftware moved successfully.
C:\Program Files\Common Files\Windows ControlAd moved successfully.
C:\Program Files\Common Files\SearchUpgrader moved successfully.
C:\Program Files\Common Files\Oem Common moved successfully.
C:\Program Files\Common Files\Malware-Wiped moved successfully.
C:\Program Files\Common Files\InetGet2 moved successfully.
C:\Program Files\Common Files\InetGet moved successfully.
C:\Program Files\Common Files\DriveCleaner Free moved successfully.
C:\Program Files\Common Files\Companion Wizard moved successfully.
C:\Program Files\Common Files\CMEII moved successfully.
C:\Program Files\Common Files\BTLink moved successfully.
C:\Program Files\CMMan moved successfully.
C:\Program Files\Accoona moved successfully.
C:\Program Files\VVSN moved successfully.
C:\Program Files\SufSideKick 3 moved successfully.
C:\Program Files\SearchRelevant moved successfully.
C:\Program Files\C2Media moved successfully.
C:\Program Files\180search Assistant Programs moved successfully.
C:\Program Files\winupdates moved successfully.
C:\Program Files\Windupdates moved successfully.
C:\Program Files\MyglobalSearch moved successfully.
C:\Program Files\tvs moved successfully.
C:\Program Files\Media Gateway moved successfully.
C:\Program Files\funwebproducts moved successfully.
C:\Program Files\TV Media moved successfully.
C:\Program Files\MBKWBar moved successfully.
C:\Program Files\WebRebates moved successfully.
C:\Program Files\ViewPoint moved successfully.
C:\Program Files\ErrorGuard moved successfully.
C:\Program Files\wintools moved successfully.
C:\Program Files\cmeii moved successfully.
C:\Program Files\180solutions moved successfully.
C:\Program Files\mywebsearch moved successfully.
C:\Program Files\mysearch moved successfully.
C:\Program Files\toolbar moved successfully.
C:\Program Files\NavExcel moved successfully.
C:\Program Files\hotbar moved successfully.
C:\Program Files\hbinst moved successfully.
C:\Program Files\gmt moved successfully.
C:\Program Files\CAS moved successfully.
C:\Program Files\Notify moved successfully.
C:\Program Files\MediaLoads moved successfully.
C:\Program Files\InetGet2 moved successfully.
C:\Program Files\InetGet moved successfully.
C:\Program Files\FYI moved successfully.
C:\Program Files\ZipCodec moved successfully.
C:\Program Files\Winsupdater moved successfully.
C:\Program Files\WebRebates4 moved successfully.
C:\Program Files\Media_Codec moved successfully.
C:\Program Files\WinMediaCodec moved successfully.
C:\Program Files\vb moved successfully.
C:\Program Files\Windows ControlAd moved successfully.
C:\Program Files\SpywareHeal moved successfully.
C:\Program Files\DriveCleaner Free moved successfully.
C:\Program Files\Companion Wizard moved successfully.
C:\Program Files\OIN Search moved successfully.
C:\Program Files\MailSkinner moved successfully.
C:\Program Files\Webhance moved successfully.
C:\Program Files\SpyTrooper moved successfully.
C:\Program Files\Bho Plugin moved successfully.
C:\Program Files\Video Access Activex moved successfully.
C:\Program Files\Internet Security moved successfully.
C:\Program Files\Video Access Add-on moved successfully.
C:\WINDOWS\system32\vidmon moved successfully.
C:\WINDOWS\system32\vidctrl moved successfully.
C:\WINDOWS\system32\smpi1 moved successfully.
C:\WINDOWS\system32\privacy_danger moved successfully.
C:\WINDOWS\system32\nsvsvc moved successfully.
C:\WINDOWS\system32\nfomon moved successfully.
C:\WINDOWS\system32\msdrives moved successfully.
C:\WINDOWS\system32\micro1 moved successfully.
C:\WINDOWS\system32\bund1 moved successfully.
C:\WINDOWS\system32\$sys$filesystem moved successfully.
C:\WINDOWS\inet20091 moved successfully.
C:\WINDOWS\Winsecurity moved successfully.
C:\WINDOWS\iNetPal moved successfully.
C:\WINDOWS\inet20027 moved successfully.
C:\WINDOWS\inet20026 moved successfully.
C:\WINDOWS\Exefld moved successfully.
C:\WINDOWS\isrvs moved successfully.
C:\WINDOWS\elitetoolbar moved successfully.
C:\WINDOWS\elitesidebar moved successfully.
C:\WINDOWS\elitebar moved successfully.
C:\WINDOWS\cfgmgr52 moved successfully.

OTMoveIt2 v1.0.21 log created on 03112008_203619

------

Panda ActiveScan report:


Incident Status Location

Spyware:Cookie/360i Not disinfected C:\Backup\Documents and Settings\Reiko\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Backup\Documents and Settings\Reiko\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Backup\Documents and Settings\Reiko\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Backup\Documents and Settings\Reiko\Cookies\[email protected][2].txt
Adware:Adware/DollarRevenue Not disinfected C:\Backup\Documents and Settings\Reiko\Desktop\SecureW2_uofu_312.exe
Spyware:Cookie/64.62.232 Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][4].txt
Spyware:Cookie/888 Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][2].txt
Spyware:Cookie/360i Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Backup\Documents and Settings\Toshiko Smith\Cookies\toshiko [email protected][1].txt
Possible Virus. Not disinfected C:\Backup\WINDOWS\system32\PreInstall\WinSE\wxp_x86_0409_v1\update.exe.ref
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\All Users\Desktop\Install Windows Defender\Process.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Reiko\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Reiko\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Temp\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Temp\SpyAxeRemover.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Temp\VirtumundoBeGone.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\Process.exe
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Backup\Documents and Settings\Reiko\Desktop\SecureW2_uofu_312.exe 
    C:\WINDOWS\Process.exe 
    C:\Backup\WINDOWS\system32\PreInstall\WinSE\wxp_x86_0409_v1\update.exe.ref
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
================================================================
Please post the OTMove it log and a new Hijackthis and let me know how things are running?
  • 0

#9
amapala

amapala

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The problem hasn't returned (but it hadn't appeared for a couple of days by the time I got a reply to the post). Still not sure if it's really gone, or if it's just dormant for whatever reason. Any ideas what might have happened?

OTMoveIt2 log:

C:\Backup\Documents and Settings\Reiko\Desktop\SecureW2_uofu_312.exe moved successfully.
C:\WINDOWS\Process.exe moved successfully.
C:\Backup\WINDOWS\system32\PreInstall\WinSE\wxp_x86_0409_v1\update.exe.ref moved successfully.

OTMoveIt2 v1.0.21 log created on 03122008_233029

-----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:35 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Temp\HijackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pclaptops.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {504ECB49-969A-4F10-B5E8-881191072413} (Image Uploader 3.0 Control) - http://www.heritagem...ageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - http://www.swiftview...all_a_green.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9183 bytes
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Not sure what happened but for now your log is clean.
============================================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


You can delete this program when you are done with it.
===============================================================
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present



Now click on Fix Checked and then close Hijackthis.
=====================================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
==============================================
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

PLease uninstall\delete anything that we used tht is left over.
===============================================================
Then I will need you to reset your System Restore points, please note that you will need to log into your computer with an account which has full administrator access.
You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
Click the *System Restore tab
Check *Turn off System Restore
Click *Apply, and then click *OK.

2. Reboot.

3. Turn ON System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
*UN-Check *Turn off System Restore*
Check *Turn on System Restore
Click *Apply, and then click *OK.


How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
===================================================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here

===========================================
I will leave this thread open for a few days to see if anything returns if not then Safe surfing. :)
  • 0

#11
amapala

amapala

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks so much for your help! I'll let you know if it comes back up. You've been great!
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP