Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Media Lic. instaling third party BHO's and annoying .dll files


  • Please log in to reply

#1
fawbushra aka Rob

fawbushra aka Rob

    New Member

  • Member
  • Pip
  • 3 posts
I am having issues with my winpatrol program find and preventing erratic .dll's trying to run on start up and can't get them to cease. Here is my HijackThis log and unistall log below it with a break.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:36 AM, on 7/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\efcDTMFv.dll
O2 - BHO: (no name) - {E031DA40-649C-4F23-8468-BCCCB2F99BC7} - C:\WINDOWS\system32\awtqpPjj.dll (file missing)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [lauchsrv] C:\WINDOWS\lauchsrv.exe i
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BM07571d33] Rundll32.exe "C:\WINDOWS\system32\fvyiklkb.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fubar.com...geUploader5.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1202530440546
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://www.fubar.com...geUploader5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: efcDTMFv - C:\WINDOWS\SYSTEM32\efcDTMFv.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fb_inet_server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8492 bytes


----------------------------------------------------------------------------------------------------------------------------------------

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Ahead Nero Burning ROM
Apple Software Update
avast! Antivirus
Belarc Advisor 7.2
BitTornado 0.3.18
BootSkin
Creative DVD Audio Plugin for Audigy Series
DB CIF Cam
Disney Pix 2.2
Disney Pix Downloader
DivX
Dual-Core Optimizer
DVD Shrink 3.2
DVDFab HD Decrypter 4.0.6.2
Enigma Browser (remove only)
Firebird 2.0.3
FixYa Expert Utility
getPlus®_ocx
Google Earth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
hp deskjet 5100
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
Hunting Unlimited 2008 1.0
InterVideo DeviceService
InterVideo WinDVD 7
i-Speeder
Java™ 6 Update 3
Java™ 6 Update 5
kBilling Invoicing Software
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 6.0
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Netflix Movie Viewer
NVIDIA Drivers
overland
PC Alert 4
Photo Viewer V2.4
QuickTime
Realtek AC'97 Audio
Roxio Easy Media Creator 7 Basic DVD Edition
SAM Broadcaster (remove only)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
SI Swimsuit Calendar
Spelling Dictionaries Support For Adobe Reader 8
SpyHunter
Sunflowers and Roses Gallery Wallpaper
System Requirements Lab
Temperature Converter
ToneThis 3.0
Tracks Eraser Pro v5.1
UISDMC64W Device Driver
Ulead VideoStudio 11
Update for Office 2007 (KB946691)
Update for Windows XP (KB951978)
VIA Platform Device Manager
Winamp
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Video 9 Advanced Profile Codec
Windows Presentation Foundation
Windows Registry Repair Pro
Windows XP Service Pack 3
WinPatrol
WinRAR archiver
Wintuneup Pro
XoftSpySE
Xvid 1.1.2 final uninstall
Yahoo! Messenger

Ty for any help provided.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello fawbushra aka Rob

Welcome to G2Go. :)
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
fawbushra aka Rob

fawbushra aka Rob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Deckard's System Scanner v20071014.68
Run by USER on 2008-07-18 16:14:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-07-18 20:14:44 UTC - RP185 - Deckard's System Scanner Restore Point
80: 2008-07-18 15:01:25 UTC - RP184 - Last known good configuration
79: 2008-07-18 15:01:20 UTC - RP183 - System Checkpoint
78: 2008-07-18 15:01:20 UTC - RP182 - System Checkpoint
77: 2008-07-18 15:01:20 UTC - RP181 - System Checkpoint


-- First Restore Point --
1: 2008-07-18 15:01:08 UTC - RP105 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as USER.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:12 PM, on 7/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Enigma Browser\Enigma.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\32J06JLO\dss[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\USER.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5BFC7E92-BAEC-498E-95CE-DA39D2A398C8} - C:\WINDOWS\system32\ljJDUkkh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\efcDTMFv.dll
O2 - BHO: (no name) - {E031DA40-649C-4F23-8468-BCCCB2F99BC7} - C:\WINDOWS\system32\awtqpPjj.dll (file missing)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [lauchsrv] C:\WINDOWS\lauchsrv.exe i
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BM07571d33] Rundll32.exe "C:\WINDOWS\system32\unlructu.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fubar.com...geUploader5.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1202530440546
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://www.fubar.com...geUploader5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: efcDTMFv - C:\WINDOWS\SYSTEM32\efcDTMFv.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fb_inet_server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8837 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080718-024727-874 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
backup-20080718-024916-293 O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastacces...bls_speedop.cab
backup-20080718-024916-514 O4 - HKLM\..\Run: [BM07571d33] Rundll32.exe "C:\WINDOWS\system32\fvyiklkb.dll",s
backup-20080718-024917-665 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
backup-20080718-024917-842 O23 - Service: CAILI - Unknown owner - C:\WINDOWS\system32\caili.exe
backup-20080718-103331-256 O2 - BHO: (no name) - {E031DA40-649C-4F23-8468-BCCCB2F99BC7} - C:\WINDOWS\system32\awtqpPjj.dll (file missing)
backup-20080718-103331-652 O20 - Winlogon Notify: efcDTMFv - C:\WINDOWS\SYSTEM32\efcDTMFv.dll
backup-20080718-103331-809 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080718-103331-851 O2 - BHO: (no name) - {7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\efcDTMFv.dll
backup-20080718-103332-226 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 RushTopDevice - c:\program files\msi\core center\rushtop.sys (file missing)
S3 SQTECH905C (DB CIF Cam) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FirebirdServerDefaultInstance (Firebird Server - DefaultInstance) - c:\program files\firebird\firebird_2_0\bin\fb_inet_server.exe -s <Not Verified; FirebirdSQL Project; Firebird SQL Server>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe (file missing)
S3 Autocomplete (AutoComplete Service) - c:\program files\acesoft\tracks eraser pro\autocomp.exe <Not Verified; Acesoft; AUTOCOMP>
S4 CAILI - c:\windows\system32\caili.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Creative WebCam
Device ID: USB\VID_041E&PID_400D\5&378877D&0&1
Manufacturer:
Name: Creative WebCam
PNP Device ID: USB\VID_041E&PID_400D\5&378877D&0&1
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_70941462&REV_86\3&13C0B0C5&0&84
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_70941462&REV_86\3&13C0B0C5&0&84
Service:


-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-18 11:03:59 78336 --a------ C:\WINDOWS\system32\sbcavpau.dll
2008-07-18 11:02:07 91648 --a------ C:\WINDOWS\system32\unlructu.dll
2008-07-18 11:00:58 1293 --ahs---- C:\WINDOWS\system32\hkkUDJjl.ini2
2008-07-18 11:00:53 319488 --a------ C:\WINDOWS\system32\ljJDUkkh.dll
2008-07-18 10:49:52 0 dr-h----- C:\Documents and Settings\USER\Recent
2008-07-18 08:42:56 174592 --a------ C:\WINDOWS\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 08:41:06 0 d-------- C:\Program Files\Enigma Software Group
2008-07-18 02:44:03 0 d-------- C:\Program Files\Trend Micro
2008-07-18 02:33:12 1969 --ahs---- C:\WINDOWS\system32\jjPpqtwa.ini2
2008-07-18 02:21:37 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-18 00:32:42 1532 --ahs---- C:\WINDOWS\system32\twyHkUtv.ini2
2008-07-18 00:27:34 25600 --a------ C:\WINDOWS\system32\efcDTMFv.dll
2008-07-14 09:06:55 0 d--h----- C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-07-14 09:06:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-07-14 09:06:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-14 09:06:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-07-14 09:06:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-14 09:06:55 0 d-------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-07-14 09:06:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-07-14 09:06:55 0 d-------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-07-14 09:06:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-14 09:06:55 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-14 09:06:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-07-14 09:06:55 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-14 09:06:54 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-04 23:43:52 23 --a------ C:\Documents and Settings\USER\jagex_runescape_preferences.dat <JAGEX_~1.DAT>
2008-06-30 21:53:23 0 d-------- C:\Program Files\QuickTime
2008-06-30 21:53:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-30 21:53:10 0 d-------- C:\Program Files\Apple Software Update
2008-06-30 21:53:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-30 08:56:59 0 d-------- C:\Documents and Settings\USER\Application Data\Ulead Systems
2008-06-30 08:56:08 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-06-30 08:54:26 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-30 08:54:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-30 08:54:25 0 d-------- C:\Program Files\Ulead Systems
2008-06-23 22:47:42 37760 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
2008-06-23 22:47:42 25216 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
2008-06-23 22:47:40 0 d-------- C:\Program Files\DB CIF Cam
2008-06-23 22:47:37 0 d-------- C:\Documents and Settings\USER\Application Data\InstallShield
2008-06-23 22:47:34 0 d-------- C:\Program Files\Disney Pix Downloader
2008-06-23 22:47:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 22:45:46 0 d-------- C:\Program Files\Disney Pix 2.2


-- Find3M Report ---------------------------------------------------------------

2008-07-18 11:07:37 0 d-------- C:\Program Files\Enigma Browser
2008-07-18 11:07:37 0 d-------- C:\Documents and Settings\USER\Application Data\Enigma Browser
2008-07-18 01:26:35 0 d-------- C:\Program Files\XoftSpySE
2008-07-17 23:53:51 0 d-------- C:\Documents and Settings\USER\Application Data\mIRC
2008-07-17 23:24:04 0 d-------- C:\Program Files\mIRC
2008-06-30 08:56:15 0 d-------- C:\Program Files\Common Files\InterVideo
2008-06-30 08:56:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-30 08:54:26 0 d-------- C:\Program Files\Common Files
2008-06-28 10:19:18 0 d-------- C:\Program Files\Winamp
2008-06-28 10:18:33 0 d-------- C:\Documents and Settings\USER\Application Data\Winamp
2008-06-16 16:09:40 0 d-------- C:\Program Files\kBilling
2008-06-15 22:49:36 0 d-------- C:\Program Files\ToneThis 3.0
2008-06-15 22:48:01 0 d-------- C:\Program Files\ToneThis 3.5
2008-06-15 10:27:05 0 d-------- C:\Documents and Settings\USER\Application Data\FunWebProducts
2008-05-20 08:28:59 0 d-------- C:\Program Files\Ascentive
2008-04-29 13:14:08 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- End of Deckard's System Scanner: finished at 2008-07-18 16:16:32 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2046.48 MiB / 1533.92 MiB
Pagefile Memory (total/avail): 5984.54 MiB / 5594.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.59 MiB

C: is Fixed (NTFS) - 65.44 GiB total, 50.14 GiB free.
D: is Fixed (NTFS) - 9.09 GiB total, 9.04 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 111.79 GiB total, 44.57 GiB free.
H: is Fixed (FAT32) - 149.01 GiB total, 115.04 GiB free.

\\.\PHYSICALDRIVE1 - WDC WD1200JB-00GVC0 - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00FMA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 65.44 GiB - C:
\PARTITION1 - Extended Partition - 9.09 GiB - D:

\\.\PHYSICALDRIVE2 - DMI ST3160212A IEEE 1394 SBP2 Device - 149.05 GiB - 1 partition
\PARTITION0 - Unknown - 149.05 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\USER\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
COLLECTIONID=COL7299
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\USER
ITEMID=oj-21918-1
LANG=1033
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
OSVER=winXPP
Path=C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONID=1213033857637g1u0355c.austin.hp.com670d6062:11a7ef65e83:2513
SESSIONNAME=Console
SWUTVER=1.0.18.30716
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\USER\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\USER\LOCALS~1\Temp
TOOLPATH=/C:/Program%20Files/Hewlett-Packard/HP%20Software%20Update/install.htm
UPDATEDIR=C:\DOCUME~1\USER\LOCALS~1\Temp\rad9DAD3.tmp
USERDOMAIN=HOME
USERNAME=USER
USERPROFILE=C:\Documents and Settings\USER
VERSION=2.1.5
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

USER (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type1853 / Warning
Event Submitted/Written: 07/18/2008 10:54:22 AM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.

Event Record #/Type1851 / Error
Event Submitted/Written: 07/18/2008 10:53:02 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1849 / Error
Event Submitted/Written: 07/18/2008 10:52:41 AM
Event ID/Source: 1010 / Windows Product Activation
Event Description:
The Windows license was restored due to a system error. You might need to reactivate your Windows product.

Event Record #/Type1846 / Error
Event Submitted/Written: 07/18/2008 09:49:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type1845 / Error
Event Submitted/Written: 07/18/2008 09:49:20 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7907 / Error
Event Submitted/Written: 07/18/2008 10:54:13 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The My Web Search Service service failed to start due to the following error:
%%3

Event Record #/Type7903 / Error
Event Submitted/Written: 07/18/2008 09:53:34 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type7902 / Warning
Event Submitted/Written: 07/18/2008 09:53:03 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7894 / Error
Event Submitted/Written: 07/18/2008 09:12:03 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type7893 / Error
Event Submitted/Written: 07/18/2008 09:12:02 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-07-18 16:16:32 ------------
  • 0

#4
fawbushra aka Rob

fawbushra aka Rob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Deckard's System Scanner v20071014.68
Run by USER on 2008-07-18 16:14:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-07-18 20:14:44 UTC - RP185 - Deckard's System Scanner Restore Point
80: 2008-07-18 15:01:25 UTC - RP184 - Last known good configuration
79: 2008-07-18 15:01:20 UTC - RP183 - System Checkpoint
78: 2008-07-18 15:01:20 UTC - RP182 - System Checkpoint
77: 2008-07-18 15:01:20 UTC - RP181 - System Checkpoint


-- First Restore Point --
1: 2008-07-18 15:01:08 UTC - RP105 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as USER.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:12 PM, on 7/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Enigma Browser\Enigma.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\32J06JLO\dss[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\USER.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5BFC7E92-BAEC-498E-95CE-DA39D2A398C8} - C:\WINDOWS\system32\ljJDUkkh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\efcDTMFv.dll
O2 - BHO: (no name) - {E031DA40-649C-4F23-8468-BCCCB2F99BC7} - C:\WINDOWS\system32\awtqpPjj.dll (file missing)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [lauchsrv] C:\WINDOWS\lauchsrv.exe i
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BM07571d33] Rundll32.exe "C:\WINDOWS\system32\unlructu.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fubar.com...geUploader5.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1202530440546
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://www.fubar.com...geUploader5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: efcDTMFv - C:\WINDOWS\SYSTEM32\efcDTMFv.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fb_inet_server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8837 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080718-024727-874 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
backup-20080718-024916-293 O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastacces...bls_speedop.cab
backup-20080718-024916-514 O4 - HKLM\..\Run: [BM07571d33] Rundll32.exe "C:\WINDOWS\system32\fvyiklkb.dll",s
backup-20080718-024917-665 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
backup-20080718-024917-842 O23 - Service: CAILI - Unknown owner - C:\WINDOWS\system32\caili.exe
backup-20080718-103331-256 O2 - BHO: (no name) - {E031DA40-649C-4F23-8468-BCCCB2F99BC7} - C:\WINDOWS\system32\awtqpPjj.dll (file missing)
backup-20080718-103331-652 O20 - Winlogon Notify: efcDTMFv - C:\WINDOWS\SYSTEM32\efcDTMFv.dll
backup-20080718-103331-809 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080718-103331-851 O2 - BHO: (no name) - {7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\efcDTMFv.dll
backup-20080718-103332-226 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 RushTopDevice - c:\program files\msi\core center\rushtop.sys (file missing)
S3 SQTECH905C (DB CIF Cam) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FirebirdServerDefaultInstance (Firebird Server - DefaultInstance) - c:\program files\firebird\firebird_2_0\bin\fb_inet_server.exe -s <Not Verified; FirebirdSQL Project; Firebird SQL Server>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe (file missing)
S3 Autocomplete (AutoComplete Service) - c:\program files\acesoft\tracks eraser pro\autocomp.exe <Not Verified; Acesoft; AUTOCOMP>
S4 CAILI - c:\windows\system32\caili.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Creative WebCam
Device ID: USB\VID_041E&PID_400D\5&378877D&0&1
Manufacturer:
Name: Creative WebCam
PNP Device ID: USB\VID_041E&PID_400D\5&378877D&0&1
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_70941462&REV_86\3&13C0B0C5&0&84
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_70941462&REV_86\3&13C0B0C5&0&84
Service:


-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-18 11:03:59 78336 --a------ C:\WINDOWS\system32\sbcavpau.dll
2008-07-18 11:02:07 91648 --a------ C:\WINDOWS\system32\unlructu.dll
2008-07-18 11:00:58 1293 --ahs---- C:\WINDOWS\system32\hkkUDJjl.ini2
2008-07-18 11:00:53 319488 --a------ C:\WINDOWS\system32\ljJDUkkh.dll
2008-07-18 10:49:52 0 dr-h----- C:\Documents and Settings\USER\Recent
2008-07-18 08:42:56 174592 --a------ C:\WINDOWS\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 08:41:06 0 d-------- C:\Program Files\Enigma Software Group
2008-07-18 02:44:03 0 d-------- C:\Program Files\Trend Micro
2008-07-18 02:33:12 1969 --ahs---- C:\WINDOWS\system32\jjPpqtwa.ini2
2008-07-18 02:21:37 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-18 00:32:42 1532 --ahs---- C:\WINDOWS\system32\twyHkUtv.ini2
2008-07-18 00:27:34 25600 --a------ C:\WINDOWS\system32\efcDTMFv.dll
2008-07-14 09:06:55 0 d--h----- C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-07-14 09:06:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-07-14 09:06:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-14 09:06:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-07-14 09:06:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-14 09:06:55 0 d-------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-07-14 09:06:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-07-14 09:06:55 0 d-------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-07-14 09:06:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-14 09:06:55 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-14 09:06:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-07-14 09:06:55 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-14 09:06:54 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-04 23:43:52 23 --a------ C:\Documents and Settings\USER\jagex_runescape_preferences.dat <JAGEX_~1.DAT>
2008-06-30 21:53:23 0 d-------- C:\Program Files\QuickTime
2008-06-30 21:53:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-30 21:53:10 0 d-------- C:\Program Files\Apple Software Update
2008-06-30 21:53:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-30 08:56:59 0 d-------- C:\Documents and Settings\USER\Application Data\Ulead Systems
2008-06-30 08:56:08 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-06-30 08:54:26 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-30 08:54:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-30 08:54:25 0 d-------- C:\Program Files\Ulead Systems
2008-06-23 22:47:42 37760 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
2008-06-23 22:47:42 25216 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
2008-06-23 22:47:40 0 d-------- C:\Program Files\DB CIF Cam
2008-06-23 22:47:37 0 d-------- C:\Documents and Settings\USER\Application Data\InstallShield
2008-06-23 22:47:34 0 d-------- C:\Program Files\Disney Pix Downloader
2008-06-23 22:47:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 22:45:46 0 d-------- C:\Program Files\Disney Pix 2.2


-- Find3M Report ---------------------------------------------------------------

2008-07-18 11:07:37 0 d-------- C:\Program Files\Enigma Browser
2008-07-18 11:07:37 0 d-------- C:\Documents and Settings\USER\Application Data\Enigma Browser
2008-07-18 01:26:35 0 d-------- C:\Program Files\XoftSpySE
2008-07-17 23:53:51 0 d-------- C:\Documents and Settings\USER\Application Data\mIRC
2008-07-17 23:24:04 0 d-------- C:\Program Files\mIRC
2008-06-30 08:56:15 0 d-------- C:\Program Files\Common Files\InterVideo
2008-06-30 08:56:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-30 08:54:26 0 d-------- C:\Program Files\Common Files
2008-06-28 10:19:18 0 d-------- C:\Program Files\Winamp
2008-06-28 10:18:33 0 d-------- C:\Documents and Settings\USER\Application Data\Winamp
2008-06-16 16:09:40 0 d-------- C:\Program Files\kBilling
2008-06-15 22:49:36 0 d-------- C:\Program Files\ToneThis 3.0
2008-06-15 22:48:01 0 d-------- C:\Program Files\ToneThis 3.5
2008-06-15 10:27:05 0 d-------- C:\Documents and Settings\USER\Application Data\FunWebProducts
2008-05-20 08:28:59 0 d-------- C:\Program Files\Ascentive
2008-04-29 13:14:08 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- End of Deckard's System Scanner: finished at 2008-07-18 16:16:32 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2046.48 MiB / 1533.92 MiB
Pagefile Memory (total/avail): 5984.54 MiB / 5594.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.59 MiB

C: is Fixed (NTFS) - 65.44 GiB total, 50.14 GiB free.
D: is Fixed (NTFS) - 9.09 GiB total, 9.04 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 111.79 GiB total, 44.57 GiB free.
H: is Fixed (FAT32) - 149.01 GiB total, 115.04 GiB free.

\\.\PHYSICALDRIVE1 - WDC WD1200JB-00GVC0 - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00FMA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 65.44 GiB - C:
\PARTITION1 - Extended Partition - 9.09 GiB - D:

\\.\PHYSICALDRIVE2 - DMI ST3160212A IEEE 1394 SBP2 Device - 149.05 GiB - 1 partition
\PARTITION0 - Unknown - 149.05 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\USER\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
COLLECTIONID=COL7299
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\USER
ITEMID=oj-21918-1
LANG=1033
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
OSVER=winXPP
Path=C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONID=1213033857637g1u0355c.austin.hp.com670d6062:11a7ef65e83:2513
SESSIONNAME=Console
SWUTVER=1.0.18.30716
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\USER\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\USER\LOCALS~1\Temp
TOOLPATH=/C:/Program%20Files/Hewlett-Packard/HP%20Software%20Update/install.htm
UPDATEDIR=C:\DOCUME~1\USER\LOCALS~1\Temp\rad9DAD3.tmp
USERDOMAIN=HOME
USERNAME=USER
USERPROFILE=C:\Documents and Settings\USER
VERSION=2.1.5
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

USER (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type1853 / Warning
Event Submitted/Written: 07/18/2008 10:54:22 AM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.

Event Record #/Type1851 / Error
Event Submitted/Written: 07/18/2008 10:53:02 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1849 / Error
Event Submitted/Written: 07/18/2008 10:52:41 AM
Event ID/Source: 1010 / Windows Product Activation
Event Description:
The Windows license was restored due to a system error. You might need to reactivate your Windows product.

Event Record #/Type1846 / Error
Event Submitted/Written: 07/18/2008 09:49:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type1845 / Error
Event Submitted/Written: 07/18/2008 09:49:20 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7907 / Error
Event Submitted/Written: 07/18/2008 10:54:13 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The My Web Search Service service failed to start due to the following error:
%%3

Event Record #/Type7903 / Error
Event Submitted/Written: 07/18/2008 09:53:34 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type7902 / Warning
Event Submitted/Written: 07/18/2008 09:53:03 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7894 / Error
Event Submitted/Written: 07/18/2008 09:12:03 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type7893 / Error
Event Submitted/Written: 07/18/2008 09:12:02 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-07-18 16:16:32 ------------
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.
==================
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP