Antispywareupdate.net

SmitFraudFix v2.141

Scan done at 16:24:51.11, Sun 03/09/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\Tasks\At1.job Deleted
C:\WINDOWS\Tasks\At2.job Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-09 16:44:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
7: 2008-03-09 21:44:53 UTC - RP175 - Deckard's System Scanner Restore Point
6: 2008-03-05 00:17:19 UTC - RP174 - System Checkpoint
5: 2008-02-10 22:03:00 UTC - RP173 - System Checkpoint
4: 2008-02-06 23:25:10 UTC - RP172 - System Checkpoint
3: 2008-01-31 01:12:48 UTC - RP171 - System Checkpoint

-- First Restore Point --
1: 2007-11-17 21:03:18 UTC - RP169 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:19 PM, on 3/9/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Bat\X_Bat.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E6772E53-EDE8-40F5-AD4A-8948032CE60A} - C:\Program Files\Windows Media Player\nipybafoC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [40f0ryh8tymzdc7] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6083 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>

S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft System Management BIOS Driver
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Microsoft System Management BIOS Driver
PNP Device ID: ROOT\SYSTEM\0003
Service: mssmbios

-- Scheduled Tasks -------------------------------------------------------------

2008-03-09 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-03-09 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-03-08 16:00:00 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-03-08 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-03-07 00:00:00 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-03-06 20:00:00 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-03-06 20:00:00 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-03-04 19:00:00 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-03-04 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-02-28 13:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-02-28 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-02-25 22:00:00 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-02-25 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-02-25 21:00:00 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-02-25 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-02-24 23:00:00 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-02-24 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-02-24 18:00:00 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-02-24 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-02-24 17:00:00 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-02-24 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-02-24 01:00:00 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-02-16 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-02-16 03:00:00 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-01-19 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-01-19 08:00:00 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-01-06 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-01-06 02:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job
2007-12-24 12:00:00 350 --a------ C:\WINDOWS\Tasks\At37.job
2007-12-24 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2007-12-23 15:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job
2007-12-23 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2007-12-23 14:00:04 350 --a------ C:\WINDOWS\Tasks\At39.job
2007-12-23 14:00:03 350 --a------ C:\WINDOWS\Tasks\At15.job
2007-09-29 08:00:00 350 --a------ C:\WINDOWS\Tasks\At34.job
2007-09-29 08:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2007-09-03 09:00:00 350 --a------ C:\WINDOWS\Tasks\At35.job
2007-09-03 09:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2007-08-16 22:20:30 350 --a------ C:\WINDOWS\Tasks\At32.job
2007-08-16 22:20:30 350 --a------ C:\WINDOWS\Tasks\At31.job
2007-08-16 22:20:30 350 --a------ C:\WINDOWS\Tasks\At30.job
2007-08-16 22:20:30 350 --a------ C:\WINDOWS\Tasks\At29.job
2007-06-19 21:18:30 350 --a------ C:\WINDOWS\Tasks\At8.job
2007-06-19 21:18:30 350 --a------ C:\WINDOWS\Tasks\At7.job
2007-06-19 21:18:30 350 --a------ C:\WINDOWS\Tasks\At6.job
2007-06-19 21:18:30 350 --a------ C:\WINDOWS\Tasks\At5.job

-- Files created between 2008-02-09 and 2008-03-09 -----------------------------

2008-03-09 11:20:18 0 d-------- C:\Program Files\Trend Micro
2008-03-09 10:48:47 25856 --a------ C:\WINDOWS\voiceip.dll
2008-03-09 10:48:47 10496 --a------ C:\WINDOWS\stcloader.exe
2008-03-09 10:48:47 0 d-------- C:\Program Files\stc
2008-03-09 10:48:46 19712 --a------ C:\WINDOWS\swin32.dll
2008-03-09 10:48:46 19200 --a------ C:\WINDOWS\cdsm32.dll
2008-03-09 10:48:46 19968 --a------ C:\WINDOWS\bokja.exe
2008-03-09 10:48:45 30464 --a------ C:\WINDOWS\mssvr.exe
2008-03-09 10:48:45 16896 --a------ C:\WINDOWS\mspphe.dll
2008-03-09 10:48:44 20736 --a------ C:\WINDOWS\bjam.dll
2008-03-09 10:48:44 21248 --a------ C:\WINDOWS\2020search2.dll
2008-03-09 10:48:44 17152 --a------ C:\WINDOWS\2020search.dll
2008-03-09 10:48:43 0 d-------- C:\Program Files\seekmo
2008-03-09 10:48:42 0 d-------- C:\Program Files\180search assistant
2008-03-09 10:48:41 27648 --a------ C:\WINDOWS\System32\WER8274.DLL
2008-03-09 10:48:41 20992 --a------ C:\WINDOWS\System32\MSIXU.DLL
2008-03-09 10:48:41 0 d-------- C:\Program Files\zango
2008-03-09 10:48:40 0 d-------- C:\Program Files\180searchassistant
2008-03-09 10:48:39 31488 --a------ C:\WINDOWS\salm.exe
2008-03-09 10:48:39 15104 --a------ C:\WINDOWS\180ax.exe
2008-03-09 10:48:38 28416 --a------ C:\WINDOWS\updatetc.exe
2008-03-09 10:48:38 0 d-------- C:\Program Files\180solutions
2008-03-09 10:48:37 27136 --a------ C:\WINDOWS\saiemod.dll
2008-03-09 10:48:37 0 d-------- C:\WINDOWS\FLEOK
2008-03-09 10:48:35 10240 --a------ C:\WINDOWS\System32\MSNSA32.dll
2008-03-09 10:48:34 19456 --a------ C:\WINDOWS\msapasrc.dll
2008-03-09 10:48:34 11776 --a------ C:\WINDOWS\msa64chk.dll
2008-03-09 10:48:32 16896 --a------ C:\WINDOWS\System32\SIPSPI32.dll
2008-03-09 10:48:32 19968 --a------ C:\WINDOWS\System32\shdocpe.dll
2008-03-09 10:48:32 19200 --a------ C:\WINDOWS\System32\ntnut32.exe
2008-03-09 10:48:32 25088 --a------ C:\WINDOWS\shdocpl.dll
2008-03-09 10:48:31 13568 --a------ C:\WINDOWS\shdocpe.dll
2008-03-09 10:48:31 18944 --a------ C:\WINDOWS\ntnut.exe
2008-03-09 10:48:30 8704 --a------ C:\WINDOWS\winsb.dll
2008-03-09 10:48:30 9728 --a------ C:\WINDOWS\browserad.dll
2008-03-09 10:48:30 15360 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-09 10:48:30 11008 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-09 10:48:30 11008 --a------ C:\WINDOWS\avifile32.dll
2008-03-09 10:48:30 32512 --a------ C:\WINDOWS\autodisc32.dll
2008-03-09 10:48:30 0 d-------- C:\Program Files\Sysmnt
2008-03-09 10:48:29 11264 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-09 10:48:29 24320 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-09 10:48:29 26112 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-09 10:48:28 23808 --a------ C:\WINDOWS\athprxy32.dll
2008-03-09 10:48:28 15104 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-09 10:48:27 16640 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-09 10:48:27 16640 --a------ C:\WINDOWS\asferror32.dll
2008-03-09 10:48:27 8704 --a------ C:\WINDOWS\apphelp32.dll
2008-03-09 10:37:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-09 10:34:06 0 d-------- C:\Program Files\webHancer
2008-03-09 10:34:03 0 d-------- C:\Program Files\Bat
2008-03-09 10:33:58 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-03-09 10:33:14 4 --a------ C:\WINDOWS\System32\winfrun32.bin
2008-03-09 10:33:08 88587 --a------ C:\WINDOWS\System32\mgmrwmrv.exe <Not Verified; Microsoft; runbll>
2008-03-09 10:33:08 0 d-------- C:\Program Files\QdrModule
2008-03-09 10:33:06 0 d-------- C:\Program Files\QdrDrive
2008-03-09 10:32:58 0 d-------- C:\Program Files\ISM
2008-03-05 13:43:16 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe

-- Find3M Report ---------------------------------------------------------------

2008-03-09 16:24:54 1380 --a------ C:\WINDOWS\System32\tmp.reg
2008-03-09 10:33:58 0 d-------- C:\Program Files\Common Files

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
03/07/2008 09:15 PM 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
03/06/2008 07:45 PM 204800 --a------ C:\Program Files\QdrDrive\QdrDrive12.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}]
10/11/2007 01:49 PM 159744 --a------ C:\Program Files\webHancer\programs\whiehlpr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6772E53-EDE8-40F5-AD4A-8948032CE60A}]
C:\Program Files\Windows Media Player\nipybafoC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CEMG555077.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/06/2008 01:30 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07/05/2007 05:36 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/13/2005 11:20 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 03:14 PM]
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" [10/11/2007 01:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [07/16/2003 11:20 AM]
"40f0ryh8tymzdc7"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe" []
"QdrModule13"="C:\Program Files\QdrModule\QdrModule13.exe" [03/06/2008 08:22 PM]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [3/9/2008 10:33:52 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 12:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 11:01:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-03-09 16:47:18 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1400MHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 511.23 MiB / 244.5 MiB
Pagefile Memory (total/avail): 1250.53 MiB / 960.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.05 MiB

C: is Fixed (NTFS) - 27.95 GiB total, 11.88 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2030AT - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.95 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USERXP
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\USERXP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=USERXP
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Victor (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bat --> "C:\Program Files\Bat\un_BatSetup_15041.exe"
Broadcom Gigabit Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Conexant D480 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9D879B-0F98-4059-85A5-D05718A1D6F7}\SETUP.EXE" -l0x9 /remove
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Utility --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0552A36D-0D7E-4FF5-8FDB-6629ABA7C779}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
K-Lite Codec Pack 2.54 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LM1 Manager --> MsiExec.exe /I{9C77F5BC-3F2C-4675-AD28-7A3A23F77199}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Mozilla Firefox (1.5) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)"
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
O2Micro Smartcard Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E1547FCE-F5DD-4D77-8C71-13B6A2B8F527} /l1033
Outerinfo --> "C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe"
Outlook Express Q823353 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
R4 Controller --> C:\WINDOWS\UNWISE.EXE C:\WINDOWS\INSTALL.LOG
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Seismovision 2 (remove only) --> "C:\Program Files\NuGardt Software\Seismovision 2\uninst_seis.exe"
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
webHancer Customer Companion --> C:\Program Files\webHancer\Programs\whInstaller.exe -uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type7753 / Error
Event Submitted/Written: 03/09/2008 04:23:29 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type7752 / Error
Event Submitted/Written: 03/09/2008 04:23:29 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type7743 / Error
Event Submitted/Written: 03/09/2008 11:06:42 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF_Cleaner.exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7668 / Error
Event Submitted/Written: 02/28/2008 11:13:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7546 / Error
Event Submitted/Written: 02/11/2008 00:13:29 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2800.1106, hang module jscript.dll, version 5.6.0.8513, hang address 0x00005893.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type38802 / Error
Event Submitted/Written: 03/09/2008 04:30:44 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ndisrd

Event Record #/Type38799 / Warning
Event Submitted/Written: 03/09/2008 04:29:10 PM / 03/09/2008 04:29:37 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller #2: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type38794 / Error
Event Submitted/Written: 03/09/2008 04:28:05 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type38793 / Error
Event Submitted/Written: 03/09/2008 04:27:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type38792 / Error
Event Submitted/Written: 03/09/2008 04:24:35 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver
Avg7Core
Avg7RsW
Avg7RsXP
Fips
IPSec
MRxSmb
ndisrd
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip
vsdatant

-- End of Deckard's System Scanner: finished at 2008-03-09 16:47:18 ------------

Edited by genstump, 09 March 2008 - 03:49 PM.

#1
genstump

Posted 09 March 2008 - 10:22 AM

Attached Thumbnails

Advertisements

#2
genstump

Posted 09 March 2008 - 03:36 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us