Thank you for your reply sage5 here are those txt files
SmitFraudFix v2.304
Scan done at 11:22:00.40, Sat 03/15/2008
Run from C:\Documents and Settings\ben\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\csrss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS1\System32\lvhidsvc.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\wscntfy.exe
C:\WINDOWS1\System32\hkcmd.exe
C:\Program Files\TVR\RecSche.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS1\system32\cmd.exe
C:\WINDOWS1\System32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1
C:\WINDOWS1\privacy_danger FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ben
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ben\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ben\FAVORI~1
C:\DOCUME~1\ben\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\ben\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\ben\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\ben\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\ben\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\ben\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS1\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: drnpfdxkfw.dll
BHO: GNX Rolex - {1E88C4FE-1FD6-427A-ADE5-86F647BEA2F0}
TypeLib: {31E6DEDD-03C3-460D-9E17-D2716BD2AC17}
Interface: {3CEE686E-43BD-40A1-B791-BACD67486E6C}
Interface: {4C117776-CEEB-403D-9DBF-5997A88B260D}
[!] Suspicious: etlrlws.dll
Toolbar: etlrlws - {EB2B30CB-5CB8-4734-8DEC-67708302DCAF}
TypeLib: {0014B5E5-E576-4C52-8F03-FA32788FF7CC}
Interface: {29A4EC4B-1078-43A1-A0EF-0477C356CCE8}
Classe: etlrlws.bltm
Classe: etlrlws.ToolBar.1
[!] Suspicious: altvxvm.dll
SSODL: altvxvm - {4FB6683F-1B09-43E9-AC4F-F995DAB0246F}
[!] Suspicious: bokpkov.dll
SSODL: bokpkov - {7C2ACCAA-605C-4F6B-B71D-5D3F64C92BA6}
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 172.16.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDC11AC8-6678-4E32-84D8-57BA9ACE5A73}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDC11AC8-6678-4E32-84D8-57BA9ACE5A73}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BDC11AC8-6678-4E32-84D8-57BA9ACE5A73}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Deckard's System Scanner v20071014.68
Run by ben on 2008-03-15 11:23:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 247 MiB (512 MiB recommended).System Drive C: has 3.37 GiB (less than 15%) free.-- HijackThis (run as ben.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:48 AM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\csrss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS1\System32\lvhidsvc.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\wscntfy.exe
C:\WINDOWS1\System32\hkcmd.exe
C:\Program Files\TVR\RecSche.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS1\System32\wbem\wmiprvse.exe
C:\WINDOWS1\System32\wbem\wmiprvse.exe
C:\Documents and Settings\ben\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ben.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarerefer...=...6Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GNX Rolex - {1E88C4FE-1FD6-427A-ADE5-86F647BEA2F0} - C:\WINDOWS1\drnpfdxkfw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS1\IECodecPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: etlrlws - {EB2B30CB-5CB8-4734-8DEC-67708302DCAF} - C:\WINDOWS1\etlrlws.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS1\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS1\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Workflow] E:\Install\Workflow.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Setup Initialization] rundll32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O16 - DPF: CabBuilder -
http://kiw.imgag.com...llerControl.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail....es/MSNPUpld.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.r...ip/RdxIE601.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) -
http://upload.facebo...toUploader3.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1182808906437O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1182808892296O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.ad...ash/swflash.cabO16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
http://walmart.pnime...upv2.0.0.10.cab?
O21 - SSODL: altvxvm - {4FB6683F-1B09-43E9-AC4F-F995DAB0246F} - C:\WINDOWS1\altvxvm.dll
O21 - SSODL: bokpkov - {7C2ACCAA-605C-4F6B-B71D-5D3F64C92BA6} - C:\WINDOWS1\bokpkov.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS1\System32\lvhidsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS1\SYSTEM32\slserv.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS1\privacy_danger\index.htm
--
End of file - 8630 bytes
-- Files created between 2008-02-15 and 2008-03-15 -----------------------------
2008-03-15 11:21:47 25600 --a------ C:\WINDOWS1\system32\WS2Fix.exe
2008-03-15 11:21:47 289144 --a------ C:\WINDOWS1\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-15 11:21:47 86528 --a------ C:\WINDOWS1\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-15 11:21:47 288417 --a------ C:\WINDOWS1\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-15 11:21:47 53248 --a------ C:\WINDOWS1\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-03-15 11:21:47 82432 --a------ C:\WINDOWS1\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-15 11:21:47 51200 --a------ C:\WINDOWS1\system32\dumphive.exe
2008-03-15 01:49:04 0 d-------- C:\Program Files\Trend Micro
2008-03-15 01:46:18 0 d-------- C:\WINDOWS1\system32\ActiveScan
2008-03-15 01:34:28 0 d-------- C:\Program Files\Enigma Software Group
2008-03-14 22:12:16 0 d-------- C:\WINDOWS1\privacy_danger
2008-03-14 16:25:52 98304 --a------ C:\WINDOWS1\fmsxwqs.exe
2008-03-14 16:25:52 172032 --a------ C:\WINDOWS1\etlrlws.dll
2008-03-14 16:25:52 221184 --a------ C:\WINDOWS1\drnpfdxkfw.dll
2008-03-14 16:25:52 221184 --a------ C:\WINDOWS1\bokpkov.dll
2008-03-14 16:25:52 208896 --a------ C:\WINDOWS1\altvxvm.dll
2008-03-11 10:13:42 0 d-------- C:\Documents and Settings\ben\Application Data\Yahoo!
2008-03-11 10:04:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-11 10:02:47 0 d-------- C:\Program Files\Yahoo!
2008-03-08 20:00:21 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 20:00:00 0 d-------- C:\Program Files\Windows Live
2008-03-08 19:59:39 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-07 22:24:52 0 d-------- C:\Program Files\Common Files\xing shared
-- Find3M Report ---------------------------------------------------------------
2008-03-15 11:22:07 3114 --a------ C:\WINDOWS1\system32\tmp.reg
2008-03-14 18:01:18 0 d-------- C:\Documents and Settings\ben\Application Data\gtk-2.0
2008-03-14 16:09:25 0 d-------- C:\Documents and Settings\ben\Application Data\LimeWire
2008-03-08 20:00:21 0 d-------- C:\Program Files\Common Files
2008-03-08 16:15:17 0 d-------- C:\Documents and Settings\ben\Application Data\uTorrent
2008-03-07 22:23:36 0 d-------- C:\Program Files\Real
2008-03-07 22:21:23 0 d-------- C:\Program Files\Common Files\Real
2008-03-06 20:00:39 0 d-------- C:\Documents and Settings\ben\Application Data\Real
2008-02-25 15:15:24 0 d-------- C:\Documents and Settings\ben\Application Data\Macromedia
2008-02-14 08:33:24 0 d-------- C:\Program Files\LimeWire
2008-02-06 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-05 00:56:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-23 23:56:48 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-01-20 20:30:27 0 d-------- C:\Documents and Settings\ben\Application Data\U3
2008-01-20 17:10:51 0 d-------- C:\Documents and Settings\ben\Application Data\FarStone
2008-01-20 17:07:58 0 --a------ C:\WINDOWS1\system32\FSDataSvr.sys
2008-01-20 17:07:06 5501 --a------ C:\WINDOWS1\system32\dptlcg32.dll
2008-01-20 17:04:34 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-20 17:04:04 0 d-------- C:\Program Files\temp
2008-01-19 16:06:02 0 d-------- C:\Program Files\GIMP-2.0
2008-01-17 09:30:42 0 d-------- C:\Documents and Settings\ben\Application Data\WinRAR
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E88C4FE-1FD6-427A-ADE5-86F647BEA2F0}]
03/14/2008 12:19 PM 221184 --a------ C:\WINDOWS1\drnpfdxkfw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}]
12/01/2005 05:39 PM 113152 --a------ C:\WINDOWS1\IECodecPlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS1\System32\igfxtray.exe" [03/11/2003 09:24 AM]
"HotKeysCmds"="C:\WINDOWS1\System32\hkcmd.exe" [03/11/2003 09:11 AM]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" []
"RecSche"="C:\Program Files\TVR\RecSche.exe" [05/09/2004 08:34 PM]
"WinDVRCtrl"="C:\WINDOWS1\WDVRCtrl.exe" []
"ScanRegistry"="C:\W" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 06:41 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 01:00 AM]
"Workflow"="E:\Install\Workflow.exe" []
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [03/26/2003 09:15 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 06:14 AM]
"Microsoft Setup Initialization"="rundll32.exe" [08/03/2004 09:56 PM C:\WINDOWS1\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/07/2008 10:16 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Setup Initialization"=rundll32.exe
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS1\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"altvxvm"= {4FB6683F-1B09-43E9-AC4F-F995DAB0246F} - C:\WINDOWS1\altvxvm.dll [03/14/2008 12:19 PM 208896]
"bokpkov"= {7C2ACCAA-605C-4F6B-B71D-5D3F64C92BA6} - C:\WINDOWS1\bokpkov.dll [03/14/2008 12:19 PM 221184]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{935b3954-c725-11dc-907c-0007e9434a91}]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{935b3976-c725-11dc-907c-0007e9434a91}]
AutoRun\command- F:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-03-15 11:24:19 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 246.73 MiB / 84.61 MiB
Pagefile Memory (total/avail): 605.89 MiB / 378.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.26 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 3.38 GiB free.
D: is CDROM (No Media)
E: is CDROM (Unformatted)
\\.\PHYSICALDRIVE0 - WDC WD400EB-11CPF0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\ben\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\ben\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS1\\system32\\rundll32.exe"="C:\\WINDOWS1\\system32\\rundll32.exe:*:Disabled:rundll32"
"C:\\WINDOWS1\\system32\\system.exe"="C:\\WINDOWS1\\system32\\system.exe:*:Enabled:system"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ben\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BEN-1C232D19C92
ComSpec=C:\WINDOWS1\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ben
LOGONSERVER=\\BEN-1C232D19C92
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS1\system32;C:\WINDOWS1;C:\WINDOWS1\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS1
TEMP=C:\DOCUME~1\ben\LOCALS~1\Temp
TMP=C:\DOCUME~1\ben\LOCALS~1\Temp
USERDOMAIN=BEN-1C232D19C92
USERNAME=ben
USERPROFILE=C:\Documents and Settings\ben
windir=C:\WINDOWS1
-- User Profiles ---------------------------------------------------------------
ben
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS1\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /X{46AC899A-9ECB-43DC-85DE-272E0D116A1E}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS1\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS1\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVI Movie Player --> C:\Program Files\AVI Movie Player\uninstall.exe
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS1\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterVideo AVControlSDK --> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe"
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kate's Video Converter 3.0.2 --> "C:\Program Files\Kate's Video Converter\unins000.exe"
LimeWire 4.16.4 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS1\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS1\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Smart Link 56K Modem --> C:\WINDOWS1\Modio\SLAMR2KO\Setup.exe /Remove
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
TVR --> C:\Program Files\TVR\Uninstal.EXE
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS1\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type2641 / Error
Event Submitted/Written: 03/15/2008 11:16:01 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type2638 / Success
Event Submitted/Written: 03/15/2008 11:10:42 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type2620 / Success
Event Submitted/Written: 03/14/2008 05:33:05 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type2601 / Success
Event Submitted/Written: 03/14/2008 04:19:05 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type2557 / Success
Event Submitted/Written: 03/12/2008 05:01:27 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2037 / Error
Event Submitted/Written: 03/15/2008 11:17:38 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.
Event Record #/Type2035 / Error
Event Submitted/Written: 03/15/2008 11:12:36 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460
Event Record #/Type2012 / Error
Event Submitted/Written: 03/15/2008 11:07:11 AM / 03/15/2008 11:07:41 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.
Event Record #/Type2011 / Error
Event Submitted/Written: 03/15/2008 11:07:11 AM / 03/15/2008 11:07:41 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.
Event Record #/Type2010 / Error
Event Submitted/Written: 03/15/2008 11:07:11 AM / 03/15/2008 11:07:41 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.
-- End of Deckard's System Scanner: finished at 2008-03-15 11:18:58 ------------