Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Hijackthis Log [RESOLVED]


  • This topic is locked This topic is locked

#1
tposter

tposter

    Member

  • Member
  • PipPip
  • 10 posts
Below is my Hijackthis log. I have tried removing the unsafe items being analyzed at www.hijackthis.de a couple of times, but after each reboot, they reappear as if nothing was clean. I am getting slow system speeds, popups abound and my Automatic Windows Update keeps getting disabled. If it matters, Spybot was run also and finds items, I remove them, reboot and run again, still appear in checklist. Thanks!

Windows Vista Home Basic Service Pack 1
Inspiron 530S
Intel Pentium Dual CPU E2160 @ 1.80.GHZ 1.80 GHz
2.00 GB RAM
32-bit Operating System


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:21 PM, on 6/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {E67CA54C-C14A-4B9F-8E46-91E4866C865D} - C:\Windows\system32\hgGxWqoN.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXOEvtU.dll,#1
O4 - HKLM\..\Run: [BM07e1bc95] Rundll32.exe "C:\Windows\system32\njwpoecb.dll",s
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5705 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post.
  • 0

#3
tposter

tposter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok, followed and completed your instructions. File is attached. Thanks!

Attached Files


  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • Click on the "Item Fixer" tab
  • You will notice several entries with a tick in red, click Fix checked.
  • Accept the warning then repeat until they are all gone.



Reboot and do this


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
tposter

tposter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I followed the instructions above and after running fix3 from the zip file and rebooting, I am now unable to connect to the internet. There are several issues going on also. When I try to connect to the internet through networks and sharing, I recieve C:\Windows\system32\connect.dll not found. Looking in that folder, the file is there. I've got major issues now and don't know what to do. Help!
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Open runscanner

Click the History/backup tab

Right click on every entry there and click "Restore to original setting"


Reboot your PC and tell me if your net is working now
  • 0

#7
tposter

tposter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No, internet is still not working. All appears to be the same. Checked the services in msconfig and the only things running there are Group Policy Client and Windows Search.
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you transfer DSS over via a USB key and run it on that PC with the net problem ?
  • 0

#9
tposter

tposter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok, I was able to finally get system restore to run and was able to restore this PC back to this morning. I downloaded and ran ATF Cleaner and RunScanner and I am attaching those results to this post. We'll try this again if you think it will work this time.


Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : TRACY-PC
Creation time : 7/1/2008 9:33:41 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6001.18000
OS : Windows Vista ™ Home Basic
OS Build : 6001
OS SP : Service Pack 1
RunScanner Version : 1.6.3.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

001 Running processes
---------------------
* c:\program files\lavasoft\ad-aware\aawservice.exe (Lavasoft)
* c:\windows\system32\aertsrv.exe (Andrea Electronics Corporation)
* c:\program files\cisco systems\vpn client\cvpnd.exe (Cisco Systems, Inc.)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\dwm.exe (Microsoft Corporation)
c:\program files\google\gmail notifier\gnotify.exe (Google Inc.)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\program files\microsoft intellipoint\ipoint.exe (Microsoft Corporation)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\windows\system32\lsm.exe (Microsoft Corporation)
* c:\program files\common files\microsoft shared\vs7debug\mdm.exe (Microsoft Corporation)
* c:\windows\system32\slsvc.exe (Microsoft Corporation)
* c:\windows\system32\searchfilterhost.exe (Microsoft Corporation)
* c:\windows\system32\searchindexer.exe (Microsoft Corporation)
* c:\windows\system32\searchprotocolhost.exe (Microsoft Corporation)
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe (Sonic Solutions)
* c:\users\tracy\desktop\runscanner.exe (Runscanner.net)
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
* c:\program files\symantec antivirus\rtvscan.exe (Symantec Corporation)
* c:\program files\symantec antivirus\vptray.exe (Symantec Corporation)
* c:\program files\common files\symantec shared\ccsvchst.exe (Symantec Corporation)
* c:\program files\common files\symantec shared\ccapp.exe (Symantec Corporation)
* c:\windows\system32\taskeng.exe (Microsoft Corporation)
* c:\windows\system32\taskeng.exe (Microsoft Corporation)
* c:\windows\system32\taskeng.exe (Microsoft Corporation)
* c:\program files\symantec antivirus\defwatch.exe (Symantec Corporation)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* c:\windows\system32\wudfhost.exe (Microsoft Corporation)
* c:\windows\explorer.exe (Microsoft Corporation)
* c:\windows\system32\rundll32.exe (Microsoft Corporation)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\wininit.exe (Microsoft Corporation)
* c:\program files\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc.)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\google\gmail notifier\gnotify.exe (Google Inc.)
c:\windows\system32\ogwobsxa.dll
c:\windows\system32\qomgfcro.dll

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\peerguardian2\pg2.exe (Methlabs)
* c:\program files\utorrent\utorrent.exe
c:\program files\weather clock\weatherclock.exe (Respect Soft)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\cisco systems\vpn client\cvpnd.exe (Cisco Systems, Inc. VPN Service)
c:\program files\dellsupport\brkrsvc.exe (DSBrokerService)
c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\lavasoft\ad-aware\aawservice.exe (Lavasoft Ad-Aware Service)
* c:\program files\nero\nero 7\nero backitup\nbservice.exe (NBService)
* c:\program files\common files\ahead\lib\nmindexingservice.exe (NMIndexingService)
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe (Roxio Hard Drive Watcher 9)
c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe (RoxMediaDB9)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
c:\windows\system32\drivers\cvpndrva.sys (Cisco Systems Inc. IPSec Driver)
* C:\Windows\system32\drivers\dne2000.sys (Deterministic Network Enhancer Miniport)
c:\program files\dellsupport\gtaction\triggers\dsproct.sys (DSproct)
- c:\windows\system32\drivers\ipinip.sys (IP in IP Tunnel Driver)
- c:\windows\system32\drivers\nwlnkflt.sys (IPX Traffic Filter Driver)
- c:\windows\system32\drivers\nwlnkfwd.sys (IPX Traffic Forwarder Driver)
* C:\Windows\system32\drivers\rtkvhda.sys (Service for Realtek HD Audio (WDM))
C:\Windows\system32\drivers\srtspl.sys (SRTSPL)

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\common files\microsoft shared\information retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}

032 HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
-----------------------------------------------------------------------------------
- rdpclip

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
c:\program files\techsmith\snagit 7\snagitieaddin.dll (TechSmith Corporation) {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
* c:\program files\icq6\icq.exe (ICQ, Inc.) {E59EB121-F339-4851-A3BA-FE49C35617C2}
GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
c:\windows\system32\qomgfcro.dll {28C1EEFB-DD85-4227-BC29-C17D7366B27D}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
c:\windows\system32\hggxwqon.dll {6628D6E3-49A6-4337-8095-C71BC11993F3}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
* c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll (Nero AG) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3}
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8}
c:\program files\techsmith\snagit 7\snagitieaddin.dll (TechSmith Corporation) {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
c:\program files\techsmith\snagit 7\snagitshellext.dll (TechSmith Corporation) {CF74B903-3389-469c-B3B6-0204D204FCBD}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882}
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
* C:\Windows\system32\lsdelete.exe

070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
---------------------------------------------------------------------
c:\windows\system32\hggxwqon.dll

100 Internet Explorer settings
------------------------------
Start Page HKCU : http://www.yahoo.com/

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
* c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)
c:\program files\techsmith\snagit 7\snagitshellext.dll (TechSmith Corporation) {CF74B903-3389-469c-B3B6-0204D204FCBD}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
-------------------------------------------------------
* c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
* c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)
c:\program files\techsmith\snagit 7\snagitshellext.dll (TechSmith Corporation) {CF74B903-3389-469c-B3B6-0204D204FCBD}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
------------------------------------------------------------
* c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)
* c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
---------------------------------------------------------------
c:\program files\techsmith\snagit 7\snagitshellext.dll (TechSmith Corporation) {CF74B903-3389-469c-B3B6-0204D204FCBD}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
-------------------------------------------------------
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) NeroDigitalExt.NeroDigitalColumnHandler
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info

Attached Files


Edited by tposter, 01 July 2008 - 07:42 PM.

  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Lets leave that to be safe

Run DSS and post the logs

Don't attach them
  • 0

Advertisements


#11
tposter

tposter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It will be later tonight before I am able to do this. I had to go back to work today. Thanks!
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Take your time
  • 0

#13
tposter

tposter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Below are the results of running DSS. I work 2 jobs so I am very late doing this tonight. The first is the main.txt file created and the 2nd is the extra.txt file created. Thanks!

Deckard's System Scanner v20071014.68
Run by Tracy on 2008-07-03 00:16:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
8: 2008-07-03 04:00:02 UTC - RP316 - Scheduled Checkpoint
7: 2008-07-02 12:52:24 UTC - RP315 - Installed Ad-Aware
6: 2008-07-02 04:28:01 UTC - RP313 - Last good restore point
5: 2008-07-01 23:19:20 UTC - RP312 - Installed Ad-Aware
4: 2008-07-01 23:05:41 UTC - RP311 - Restore Operation


-- First Restore Point --
1: 2008-06-30 05:49:39 UTC - RP308 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tracy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:39 AM, on 7/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Users\Tracy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tracy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {C28459E5-CF56-4F9F-8FA9-69A3302D897C} - C:\Windows\system32\hgGxWqoN.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tracy\AppData\Local\Temp\rqrolkki.dll,#1
O4 - HKCU\..\Run: [BM07e1bc95] Rundll32.exe "C:\Windows\system32\ogwobsxa.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5613 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080630-231145-205 O4 - HKLM\..\Run: [BM07e1bc95] Rundll32.exe "C:\Windows\system32\njwpoecb.dll",s
backup-20080630-231145-315 O2 - BHO: (no name) - {3827DB86-C061-4238-A30D-7BED7EDE2DFF} - C:\Windows\system32\hgGxWqoN.dll
backup-20080630-231145-556 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080630-231145-646 O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
backup-20080630-231145-832 O2 - BHO: (no name) - {99DCA8DD-A2CE-4611-8EAB-A613DA149022} - C:\Windows\system32\fccbAPgh.dll (file missing)
backup-20080630-231145-938 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnKDuuU.dll,#1
backup-20080630-231145-942 O2 - BHO: {8dd58874-3a02-f6b9-c864-581d123d5f41} - {14f5d321-d185-468c-9b6f-20a347885dd8} - C:\Windows\system32\jsuebh.dll
backup-20080630-232343-209 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
backup-20080630-232343-308 O2 - BHO: (no name) - {86FAFDC2-ECCF-4ECE-B226-D9B68AD476A8} - C:\Windows\system32\hgGxWqoN.dll
backup-20080630-232343-474 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGxWQJc.dll,#1
backup-20080630-232343-684 O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
backup-20080630-232343-694 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
backup-20080630-232343-847 O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
backup-20080630-232343-869 O4 - HKLM\..\Run: [BM07e1bc95] Rundll32.exe "C:\Windows\system32\njwpoecb.dll",s
backup-20080630-232344-110 O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
backup-20080630-232344-611 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
backup-20080630-232344-847 O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
backup-20080630-232344-897 O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} (Cerebus Class) - http://qaorg50.mlxch...trol/WebDog.cab
backup-20080630-232344-979 O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://inrp4.qa.firs...ol/IRCSharc.cab
backup-20080630-233021-132 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXOEvtU.dll,#1
backup-20080630-233021-248 O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
backup-20080630-233021-527 O4 - HKLM\..\Run: [BM07e1bc95] Rundll32.exe "C:\Windows\system32\njwpoecb.dll",s
backup-20080630-233021-696 O2 - BHO: (no name) - {E67CA54C-C14A-4B9F-8E46-91E4866C865D} - C:\Windows\system32\hgGxWqoN.dll
backup-20080630-233021-873 O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
backup-20080701-001953-116 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
backup-20080701-001953-396 O13 - Gopher Prefix:
backup-20080701-001953-574 O4 - HKLM\..\Run: [BM07e1bc95] Rundll32.exe "C:\Windows\system32\njwpoecb.dll",s
backup-20080701-001953-663 O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
backup-20080701-001953-759 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXOEvtU.dll,#1
backup-20080701-001953-813 O2 - BHO: (no name) - {E67CA54C-C14A-4B9F-8E46-91E4866C865D} - C:\Windows\system32\hgGxWqoN.dll
backup-20080701-002528-120 O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
backup-20080701-002528-415 O2 - BHO: (no name) - {EF22A291-5ABC-4D5B-8E62-8017A45E9826} - C:\Windows\system32\hgGxWqoN.dll
backup-20080701-002528-725 O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
backup-20080701-002528-935 O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
backup-20080701-002528-945 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccdayxu.dll,#1
backup-20080701-003232-993 O2 - BHO: (no name) - {3AE447A0-2C65-4EEE-A1E4-8D18DAB47DD4} - C:\Windows\system32\hgGxWqoN.dll
backup-20080701-003233-290 O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
backup-20080701-003233-510 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxywVlLD.dll,#1
backup-20080701-003417-432 O2 - BHO: (no name) - {3AE447A0-2C65-4EEE-A1E4-8D18DAB47DD4} - C:\Windows\system32\hgGxWqoN.dll
backup-20080701-003417-877 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxywVlLD.dll,#1
backup-20080701-003417-919 O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
backup-20080701-004407-637 O2 - BHO: (no name) - {120CE670-59E8-4AC0-8A1C-7C852B2F4323} - C:\Windows\system32\hgGxWqoN.dll
backup-20080701-004407-947 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtsTkLf.dll,#1
backup-20080701-005550-475 O2 - BHO: (no name) - {73ECF96F-376E-4537-B13E-527427BFB02D} - C:\Windows\system32\hgGxWqoN.dll
backup-20080701-005550-613 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqOFYSM.dll,#1

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Not Verified; Symantec Corporation; AutoProtect>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-02 00:28:09 0 d-------- C:\Program Files\rhcar8j0e5d3
2008-07-01 09:11:34 0 d-------- C:\Program Files\Lavasoft
2008-07-01 09:11:33 0 d-------- C:\Users\All Users\Lavasoft
2008-07-01 02:37:44 0 d-------- C:\VundoFix Backups
2008-07-01 01:05:53 91136 --a------ C:\Windows\system32\ogwobsxa.dll
2008-07-01 01:05:12 345 --ahs---- C:\Windows\system32\NoUwxyay.ini2
2008-07-01 01:05:02 320000 --a------ C:\Windows\system32\yayxwUoN.dll
2008-07-01 00:59:59 57856 --a------ C:\Windows\system32\mlJBSlKc.dll
2008-06-30 23:01:25 81920 --a------ C:\Windows\system32\ksrglolc.dll
2008-06-30 22:47:13 103424 --a------ C:\Windows\system32\jsuebh.dll
2008-06-30 22:47:12 103424 --a------ C:\Windows\system32\onfsunat.dll
2008-06-30 22:44:03 91136 --a------ C:\Windows\system32\njwpoecb.dll
2008-06-30 22:43:23 654315 --ahs---- C:\Windows\system32\NoqWxGgh.ini2
2008-06-30 22:43:19 320000 --a------ C:\Windows\system32\hgGxWqoN.dll
2008-06-30 22:38:11 0 -rahs---- C:\MSDOS.SYS
2008-06-30 22:38:11 0 -rahs---- C:\IO.SYS
2008-06-30 01:50:29 82432 --a------ C:\Windows\system32\xrqselqm.dll
2008-06-30 01:48:39 1233 --ahs---- C:\Windows\system32\hgPAbccf.ini2
2008-06-30 01:06:02 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-06-11 09:41:01 368912 --a------ C:\Windows\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-11 09:41:01 29696 --a------ C:\Windows\system32\vb5stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-11 09:41:01 0 d-------- C:\Windows\MSAPPS
2008-06-11 09:41:00 317952 --a------ C:\Windows\system32\ROBOEX32.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2008-06-11 09:40:59 72704 --a------ C:\Windows\system32\Odbctl32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-06-11 09:40:59 407312 --a------ C:\Windows\system32\MSREPL35.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-06-11 09:40:59 252176 --a------ C:\Windows\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-11 09:40:59 169984 --a------ C:\Windows\system32\MSLTUS35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-11 09:40:59 24848 --a------ C:\Windows\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-11 09:40:59 123664 --a------ C:\Windows\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-11 09:40:58 540944 --a------ C:\Windows\system32\sqloledb.dll <Not Verified; Microsoft Corporation; Microsoft OLE DB Provider for SQL Server>
2008-06-11 09:40:58 1045776 --a------ C:\Windows\system32\Msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-11 09:40:57 28944 --a------ C:\Windows\system32\msrecr40.dll <Not Verified; Microsoft Corporation; Microsoft ® Jet>
2008-06-11 09:40:57 74000 --a------ C:\Windows\system32\msrclr40.dll <Not Verified; Microsoft Corporation; Microsoft ® Jet>
2008-06-11 09:40:56 217088 --a------ C:\Windows\system32\Missouri.dll <Not Verified; ; Missouri.DLL>
2008-06-11 09:40:47 0 d-------- C:\Program Files\GeacInterealty
2008-06-10 17:35:12 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-07-03 00:15:08 0 d-------- C:\Users\Tracy\AppData\Roaming\uTorrent
2008-07-02 08:46:07 0 d-------- C:\Users\Tracy\AppData\Roaming\Weather Clock
2008-07-02 08:46:07 0 d-------- C:\Users\Tracy\AppData\Roaming\Mp3tag
2008-07-02 08:46:00 0 d-------- C:\Program Files\DivX
2008-07-02 08:46:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 17:29:16 0 d-------- C:\Program Files\PeerGuardian2
2008-07-01 15:19:06 0 d-------- C:\Program Files\Common Files
2008-06-30 23:00:15 0 d-------- C:\Program Files\Trend Micro
2008-06-30 22:50:53 0 d-------- C:\Program Files\Google
2008-06-11 09:41:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-10 22:39:04 0 d-------- C:\Program Files\Windows Mail
2008-05-20 22:53:42 0 d-------- C:\Program Files\AnMing
2008-05-20 20:45:42 0 d-------- C:\Program Files\LG Electronics
2008-05-15 08:40:17 0 d-------- C:\Program Files\Weather Clock
2008-05-14 09:34:37 0 d-------- C:\Program Files\uTorrent
2008-05-10 14:27:17 0 d-------- C:\Program Files\Zune
2008-05-06 12:41:09 0 d-------- C:\Program Files\Citrix
2008-05-06 10:14:59 23104 --a------ C:\Windows\system32\svcprmpt.dll
2008-05-06 10:14:58 30976 --a------ C:\Windows\rascntrl.dll
2008-05-05 23:55:13 0 d-------- C:\Program Files\Apple Software Update
2008-04-15 17:17:46 385060 --a------ C:\Windows\system32\GeacView.dll <Not Verified; Geac Corp; GeacView Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C28459E5-CF56-4F9F-8FA9-69A3302D897C}]
06/30/2008 10:43 PM 320000 --a------ C:\Windows\system32\hgGxWqoN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 07:12 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/28/2006 08:34 AM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 05:48 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 07:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 08:40 PM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [01/30/2008 12:34 AM]
"WeatherClock"="C:\Program Files\Weather Clock\WeatherClock.exe" [05/07/2008 10:39 PM]
"Weather Clock"="" []
"MSServer"="C:\Users\Tracy\AppData\Local\Temp\rqrolkki.dll,#1" []
"BM07e1bc95"="C:\Windows\system32\ogwobsxa.dll,s" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{28C1EEFB-DD85-4227-BC29-C17D7366B27D}"= C:\Windows\system32\mlJBSlKc.dll [06/30/2008 01:43 AM 57856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\hgGxWqoN

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\Windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04d28f09]
rundll32.exe "C:\Windows\system32\ksrglolc.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM07e1bc95]
Rundll32.exe "C:\Windows\system32\ogwobsxa.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
c:\dell\dsca.exe 3

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Users\Tracy\AppData\Local\Temp\qoMCuvTn.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-03 00:20:51 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2045.45 MiB / 1111.86 MiB
Pagefile Memory (total/avail): 4330.21 MiB / 3385.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.26 MiB

C: is Fixed (NTFS) - 222.78 GiB total, 111.76 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.69 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3250820AS ATA Device - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 222.78 GiB - C:

\\.\PHYSICALDRIVE1 - HP PSC 1610 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)
AS: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tracy\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRACY-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tracy
LOCALAPPDATA=C:\Users\Tracy\AppData\Local
LOGONSERVER=\\TRACY-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Tracy\AppData\Local\Temp
TMP=C:\Users\Tracy\AppData\Local\Temp
USERDOMAIN=Tracy-PC
USERNAME=Tracy
USERPROFILE=C:\Users\Tracy
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Tracy


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Acoustica CD/DVD Label Maker --> C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Cheetah Audio Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1914510-38B5-4835-83D8-A188073E542F}\Setup.exe"
Cisco Systems VPN Client 5.0.01.0600 --> MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}
Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Dell DataSafe Online --> MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Support Center --> MsiExec.exe /X{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
FileZilla Client 3.0.4.1 --> C:\Program Files\FileZilla Client\uninstall.exe
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KeyText v3 --> "C:\Program Files\KeyText\unins000.exe"
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 To Ringtone Gold 5.23 --> "C:\Program Files\AnMing\unins000.exe"
Mp3tag v2.40 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Premium --> MsiExec.exe /X{847CAE64-4CD2-4B2D-AF00-978FF5431033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Paint Shop Pro 7 ESD --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SnagIt 7 --> MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\Windows\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Weather Clock 3.5 --> "C:\Program Files\Weather Clock\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Xilisoft Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zune --> c:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type13203 / Error
Event Submitted/Written: 07/03/2008 00:12:42 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x00009c00,
process id 0x5d4, application start time 0xExplorer.EXE0.

Event Record #/Type13183 / Success
Event Submitted/Written: 07/02/2008 08:47:44 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type13182 / Success
Event Submitted/Written: 07/02/2008 08:47:42 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type13178 / Success
Event Submitted/Written: 07/02/2008 08:47:28 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type13166 / Warning
Event Submitted/Written: 07/02/2008 08:42:00 AM
Event ID/Source: 6000 / Wlclntfy
Event Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type40118 / Warning
Event Submitted/Written: 07/02/2008 11:20:31 PM
Event ID/Source: 27 / e1express
Event Description:
Intel® 82562V-2 10/100 Network Connection
Link has been disconnected.

Event Record #/Type40106 / Warning
Event Submitted/Written: 07/02/2008 11:00:50 PM
Event ID/Source: 27 / e1express
Event Description:
Intel® 82562V-2 10/100 Network Connection
Link has been disconnected.

Event Record #/Type40088 / Error
Event Submitted/Written: 07/02/2008 08:53:55 AM
Event ID/Source: 7030 / Service Control Manager
Event Description:
Lavasoft Ad-Aware Service

Event Record #/Type39996 / Error
Event Submitted/Written: 07/02/2008 08:47:42 AM
Event ID/Source: 1048 / LSM
Event Description:
Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Event Record #/Type39995 / Error
Event Submitted/Written: 07/02/2008 08:47:23 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos



-- End of Deckard's System Scanner: finished at 2008-07-03 00:20:51 ------------
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\rhcar8j0e5d3
    C:\VundoFix Backups
    C:\Windows\system32\ogwobsxa.dll
    C:\Windows\system32\NoUwxyay.ini2
    C:\Windows\system32\yayxwUoN.dll
    C:\Windows\system32\mlJBSlKc.dll
    C:\Windows\system32\ksrglolc.dll
    C:\Windows\system32\jsuebh.dll
    C:\Windows\system32\onfsunat.dll
    C:\Windows\system32\njwpoecb.dll
    C:\Windows\system32\NoqWxGgh.ini2
    C:\Windows\system32\hgGxWqoN.dll
    C:\Windows\system32\xrqselqm.dll
    C:\Windows\system32\hgPAbccf.ini2
    C:\Windows\system32\svcprmpt.dll
    C:\Windows\rascntrl.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04d28f09
    C:\Windows\system32\ksrglolc.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM07e1bc95
    C:\Windows\system32\ogwobsxa.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer
    C:\Users\Tracy\AppData\Local\Temp\qoMCuvTn.dll
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log
  • 0

#15
tposter

tposter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
This is the OTMoveiT2 log file before the reboot as requested:

Explorer killed successfully
Folder move failed. C:\Program Files\rhcar8j0e5d3 scheduled to be moved on reboot.
C:\VundoFix Backups moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ogwobsxa.dll
C:\Windows\system32\ogwobsxa.dll NOT unregistered.
C:\Windows\system32\ogwobsxa.dll moved successfully.
File move failed. C:\Windows\system32\NoUwxyay.ini2 scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\yayxwUoN.dll
C:\Windows\system32\yayxwUoN.dll NOT unregistered.
File move failed. C:\Windows\system32\yayxwUoN.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\mlJBSlKc.dll
C:\Windows\system32\mlJBSlKc.dll NOT unregistered.
File move failed. C:\Windows\system32\mlJBSlKc.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\ksrglolc.dll
C:\Windows\system32\ksrglolc.dll NOT unregistered.
C:\Windows\system32\ksrglolc.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\jsuebh.dll
C:\Windows\system32\jsuebh.dll NOT unregistered.
File move failed. C:\Windows\system32\jsuebh.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\onfsunat.dll
C:\Windows\system32\onfsunat.dll NOT unregistered.
C:\Windows\system32\onfsunat.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\njwpoecb.dll
C:\Windows\system32\njwpoecb.dll NOT unregistered.
C:\Windows\system32\njwpoecb.dll moved successfully.
File move failed. C:\Windows\system32\NoqWxGgh.ini2 scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\hgGxWqoN.dll
C:\Windows\system32\hgGxWqoN.dll NOT unregistered.
File move failed. C:\Windows\system32\hgGxWqoN.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\xrqselqm.dll
C:\Windows\system32\xrqselqm.dll NOT unregistered.
C:\Windows\system32\xrqselqm.dll moved successfully.
File move failed. C:\Windows\system32\hgPAbccf.ini2 scheduled to be moved on reboot.
LoadLibrary failed for C:\Windows\system32\svcprmpt.dll
C:\Windows\system32\svcprmpt.dll NOT unregistered.
File move failed. C:\Windows\system32\svcprmpt.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\Windows\rascntrl.dll
C:\Windows\rascntrl.dll NOT unregistered.
File move failed. C:\Windows\rascntrl.dll scheduled to be moved on reboot.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04d28f09 >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04d28f09\\ .
File/Folder C:\Windows\system32\ksrglolc.dll not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM07e1bc95 >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM07e1bc95\\ .
File/Folder C:\Windows\system32\ogwobsxa.dll not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer\\ .
File/Folder C:\Users\Tracy\AppData\Local\Temp\qoMCuvTn.dll not found.
< purity >
< EmptyTemp >
File delete failed. C:\Users\Tracy\AppData\Local\Temp\uwnefsnk.dll scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07032008_181144
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP