Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hijackthis log [RESOLVED]

Started by jigsawbill , Jul 22 2008 11:03 AM

This topic is locked

#1
jigsawbill

Posted 22 July 2008 - 11:03 AM

Member

Member
48 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:54 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 216.198.106.243/24
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphc5ucj0etel] C:\WINDOWS\system32\lphc5ucj0etel.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.h...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194818675593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194480800796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E466BE2-BF58-46C2-861D-00AFB77427CB}: NameServer = 216.163.120.19,216.163.120.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E466BE2-BF58-46C2-861D-00AFB77427CB}: NameServer = 216.163.120.19,216.163.120.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E466BE2-BF58-46C2-861D-00AFB77427CB}: NameServer = 216.163.120.19,216.163.120.21
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8749 bytes

#2
Mike

Posted 22 July 2008 - 11:32 AM

Malware Monger

Retired Staff
2,745 posts

Hi there,

Are you familiar with the National Rural Telecommunications Cooperative and Farmers Telephone Cooperative ?

You have Ad-aware, Spybot Seach and destroy and windows defender running, you will need to temporarily disable these, simply go here and follow the instructions for each one
http://wiki.castleco...toring_Programs

Then,

You may want to print these instructions as you wont have access to this thread throughout some of these steps.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

And,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.

Edited by Mike, 22 July 2008 - 11:47 AM.

#3
Mike

Posted 22 July 2008 - 11:46 AM

Malware Monger

Retired Staff
2,745 posts

Also, after reading your problem do this for me...

Download the HostsXpert 3.7 - Hosts File Manager.

Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper right corner (If available).
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

#4
jigsawbill

Posted 22 July 2008 - 01:13 PM

Member

Topic Starter
Member
48 posts

Hi Mike, I have been busy trying to do as instructed, however this mess won't allow me to download anything, matter of fact my only access to the net is through Google, my internet express is useless. I have rund all of the above spywares and then at your suggestion I have taken them out. I am getting a blue screen with messages such as "Bogus Driver", "No more IRP stack locations", and then IRQL not less or equal. This screen will lappear and the only way to get rid of it is f8. I have even removed some programs which were of questionable origin. I did manage to get the sdfix onto my desktop, but it will not unzip or install, no matter what I do. Thanks for your patience.

#5
Mike

Posted 22 July 2008 - 01:40 PM

Malware Monger

Retired Staff
2,745 posts

Good, let's see if we can get you to run SDFix in safemode, try installing it then, post back and tell me if it works or not and we will go from there.

Also see if you have an easier time downloading the tools in safe mode with networking - run hosts expert first and see if things improve in that direction.

Two questions I would like to know the answer to, Do you have a windows CD and do you have a USB drive where you could possibly transfer the tools from another computer to the infected one?

#6
Mike

Posted 22 July 2008 - 01:41 PM

Malware Monger

Retired Staff
2,745 posts

Also try renaming SDFix to SD-Fix or something and see if it runs.

#7
jigsawbill

Posted 22 July 2008 - 01:41 PM

Member

Topic Starter
Member
48 posts

Mike:
Farmers Telephone Cooperative is the former name of our local telephone co. It is now Farmers Telecommunications Cooperative.

#8
jigsawbill

Posted 22 July 2008 - 01:56 PM

Member

Topic Starter
Member
48 posts

I do have windows xp disc, but I cannot get into boot to disc bios, I do have a western digital usb harddrive, but no extra computer to load from.

#9
Mike

Posted 22 July 2008 - 02:13 PM

Malware Monger

Retired Staff
2,745 posts

OK, I just want to make sure you have your Windows CD handy in case we need it.

Have you gotten SDFix to install? How about when it's renamed? And Deckards' System Scanner?

#10
jigsawbill

Posted 22 July 2008 - 02:21 PM

Member

Topic Starter
Member
48 posts

No, I can't get sd-fix to install any where, and the other will not download now, I can't get anything to download at present. This thing has just about shut me down.

#11
Mike

Posted 22 July 2008 - 02:28 PM

Malware Monger

Retired Staff
2,745 posts

OK, let's try this please.

If need be, try and download it in safe mode with networking, then reboot back into normal mode.

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, don't overlook this!

If it is really too hard to get it installed just continue, as you have the windows CD handy.

Please download this file - combofix.exe by sUBs

Save it to your Desktop
Please, never rename Combofix unless instructed.
Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

"%userprofile%\desktop\ComboFix.exe" /KillAll
Click OK and this will start ComboFix in a special way.
When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:

ComboFix.txt
Fresh HijackThis log run after all the other tools have performed their cleanup.

Edited by Mike, 22 July 2008 - 02:29 PM.

#12
jigsawbill

Posted 22 July 2008 - 02:33 PM

Member

Topic Starter
Member
48 posts

Wait, wait, Deckards just got through and is running right now, I will send report quick as I can.

#13
jigsawbill

Posted 22 July 2008 - 02:42 PM

Member

Topic Starter
Member
48 posts

Here is main text from deckards:

Deckard's System Scanner v20071014.68
Run by ole bill on 2008-07-22 20:23:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
19: 2008-07-23 01:25:47 UTC - RP19 - Deckard's System Scanner Restore Point
18: 2008-07-23 01:03:40 UTC - RP18 - Software Distribution Service 3.0
17: 2008-07-22 23:50:31 UTC - RP17 - Removed Windows Defender
16: 2008-07-22 23:42:17 UTC - RP16 - Software Distribution Service 3.0
15: 2008-07-22 22:56:27 UTC - RP15 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-07-20 17:09:11 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).

-- HijackThis (run as ole bill.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:57 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ole bill\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ole bill.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 216.198.106.243/24
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphc5ucj0etel] C:\WINDOWS\system32\lphc5ucj0etel.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.h...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194818675593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194480800796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E466BE2-BF58-46C2-861D-00AFB77427CB}: NameServer = 216.163.120.19,216.163.120.21
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6870 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\progra~1\verizo~1\vzacce~1\smndis5.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-22 20:18:30 0 d-------- C:\WINDOWS\LastGood
2008-07-22 20:11:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-22 20:11:09 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-22 20:11:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-22 20:11:09 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-22 20:11:09 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-22 20:11:09 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-22 20:11:09 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-22 20:11:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-22 20:11:09 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-22 20:11:09 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-22 20:11:09 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-22 20:11:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-22 20:11:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-22 20:11:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-07-22 20:11:08 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-22 19:42:48 0 d-------- C:\sd-fix
2008-07-20 19:54:04 0 d-------- C:\WINDOWS\setupupd
2008-07-20 12:05:44 0 d-------- C:\WINDOWS\Prefetch
2008-07-20 11:16:34 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-19 20:15:54 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-19 19:27:13 60928 --a------ C:\WINDOWS\system32\blphc5ucj0etel.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-15 12:22:51 0 d-------- C:\Documents and Settings\ole bill\Application Data\Smith Micro
2008-07-15 11:58:42 0 d-------- C:\Program Files\Novatel Wireless
2008-07-02 06:31:44 0 d-------- C:\Documents and Settings\ole bill\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2008-07-02 04:26:37 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 04:11:37 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-02 04:11:36 0 d-------- C:\Program Files\NOS

-- Find3M Report ---------------------------------------------------------------

2008-07-22 18:50:37 0 d-------- C:\Program Files\Windows Defender
2008-07-22 17:11:54 0 d-------- C:\Program Files\Lavasoft
2008-07-20 11:56:48 23328 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-20 07:27:51 0 d-------- C:\Program Files\Enigma Software Group
2008-07-02 04:32:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-02 04:26:37 0 d-------- C:\Program Files\Common Files
2008-05-31 11:32:33 0 d-------- C:\Program Files\eGames
2008-05-29 13:27:22 0 d-------- C:\Program Files\Common Files\DirectX

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/06/2003 03:16 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 04:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"nwiz"="nwiz.exe" [10/06/2003 03:16 PM C:\WINDOWS\system32\nwiz.exe]
"HPHUPD06"="c:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [12/16/2004 05:29 PM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [12/16/2004 05:10 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe" [11/24/2004 07:17 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [04/10/2002 05:44 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"lphc5ucj0etel"="C:\WINDOWS\system32\lphc5ucj0etel.exe" []
"services"="C:\WINDOWS\services.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/7/2007 1:33:59 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\digital imaging\bin\hpqthb08.exe [2/10/2006 8:56:20 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

-- End of Deckard's System Scanner: finished at 2008-07-22 20:38:09 ------------

#14
jigsawbill

Posted 22 July 2008 - 02:44 PM

Member

Topic Starter
Member
48 posts

here is extra text:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 254.98 MiB / 43.96 MiB
Pagefile Memory (total/avail): 4241.93 MiB / 4034.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.64 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 96.32 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00REA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:

\\.\PHYSICALDRIVE2 - HP Photosmart 8400 USB Device

\\.\PHYSICALDRIVE1 - HP Photosmart 8700 USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ole bill\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OLEBILL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ole bill
LOGONSERVER=\\OLEBILL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Adaptec Shared\System
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OLEBIL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\OLEBIL~1\LOCALS~1\Temp
USERDOMAIN=OLEBILL
USERNAME=ole bill
USERPROFILE=C:\Documents and Settings\ole bill
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

ole bill (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Media Player --> msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
ArcSoft PhotoImpression --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoImpression\Uninst.isu"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Big Picture Program --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Big_Picture\ST6UNST.LOG"
Conexant SmartHSFi V92 56K DF PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Creation Station Special Edition --> C:\PROGRA~1\eGames\CREATI~1\UNWISE.EXE C:\PROGRA~1\eGames\CREATI~1\INSTALL.LOG
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Drop --> C:\PROGRA~1\eGames\Drop\UNWISE.EXE C:\PROGRA~1\eGames\Drop\INSTALL.LOG
Drop! --> C:\PROGRA~1\eGames\Drop!\UNWISE.EXE C:\PROGRA~1\eGames\Drop!\INSTALL.LOG
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Extreme Picture Creator --> C:\WINDOWS\Extreme Picture Creator Uninstaller.exe
Fanarona --> C:\PROGRA~1\eGames\Fanarona\UNWISE.EXE C:\PROGRA~1\eGames\Fanarona\INSTALL.LOG
Fishing Special Edition --> C:\PROGRA~1\eGames\FISHIN~1\UNWISE.EXE C:\PROGRA~1\eGames\FISHIN~1\INSTALL.LOG
GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Go-Moku --> C:\PROGRA~1\eGames\Go-Moku\UNWISE.EXE C:\PROGRA~1\eGames\Go-Moku\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoyle Solitaire --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HSOL00\Uninst.isu
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Scanjet G4000 series 8.0 --> C:\Program Files\HP\Digital Imaging\{012338A2-2570-4819-B3B7-CBA2658F15EE}\setup\hpzscr01.exe -datfile hpgscr17.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jetcast 1.1.1 --> C:\Program Files\Jetcast\uninst.exe
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mobile Broadband Drivers --> MsiExec.exe /X{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem User Guide --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Modem User Guide\DeIsL1.isu" -c"C:\Program Files\Modem User Guide\_ISREG32.DLL"
NVIDIA Display Driver --> C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
OCR Software by I.R.I.S 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Penguin Puzzle --> C:\PROGRA~1\eGames\PENGUI~1\UNWISE.EXE C:\PROGRA~1\eGames\PENGUI~1\INSTALL.LOG
Photosmart 320,370,7400,8100,8400,8700 Series --> C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\setup\hpzscr01.exe -datfile hphscr01.dat
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Puzzle Master 2 Special Edition --> C:\PROGRA~1\eGames\PUZZLE~1\UNWISE.EXE C:\PROGRA~1\eGames\PUZZLE~1\INSTALL.LOG
Quick Imager --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Imager\ST6UNST.LOG"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Super Collapse! 3 --> C:\PROGRA~1\MUMBOJ~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\MUMBOJ~1\SUPERC~1\INSTALL.LOG
The Print Shop 21 --> MsiExec.exe /I{9EF149EC-2375-429A-910D-1EFA489B67F6}
The Print Shop Photo Pro --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\THEPRI~1\DeIsL1.isu" -c"C:\PROGRA~1\BRODER~1\THEPRI~1\psfinst2.dll"
Windows Driver Package - Hewlett-Packard Image (03/27/2007 8.3.0.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\hpxpg400_70420C4DEACC11B70F7464506789E17A6123B8A7\hpxpg400.inf
Windows Driver Package - Hewlett-Packard Image (04/10/2007 9.0.0.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\hpxpg400_BA82357A6E5939B02532A357533B5AF3948F5E83\hpxpg400.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wood Workshop --> MsiExec.exe /X{7AACE39E-A19F-468A-B130-6DBA27203075}

-- Application Event Log -------------------------------------------------------

Event Record #/Type4663 / Error
Event Submitted/Written: 07/22/2008 06:36:55 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126637809.

Event Record #/Type4662 / Error
Event Submitted/Written: 07/22/2008 06:36:39 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4661 / Error
Event Submitted/Written: 07/22/2008 06:29:13 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4660 / Error
Event Submitted/Written: 07/22/2008 06:25:42 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4658 / Warning
Event Submitted/Written: 07/22/2008 06:19:50 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type27665 / Error
Event Submitted/Written: 07/22/2008 08:15:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type27663 / Warning
Event Submitted/Written: 07/22/2008 08:14:55 PM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to power off OLEBILL failed

Event Record #/Type27662 / Error
Event Submitted/Written: 07/22/2008 08:13:35 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type27661 / Error
Event Submitted/Written: 07/22/2008 08:13:29 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type27660 / Error
Event Submitted/Written: 07/22/2008 08:13:26 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

-- End of Deckard's System Scanner: finished at 2008-07-22 20:38:09 ------------

#15
Mike

Posted 22 July 2008 - 03:02 PM

Malware Monger

Retired Staff
2,745 posts

I'm sorry to leave you here at this point, but I will have to post back tomorrow as it is about time for me to hit the sack.

For now limit your PC usage if possible.

Thanks,

Mike

Edit, also I would look into backing up your important data seeing as your computer isn't to stable at the moment.

Edited by Mike, 22 July 2008 - 03:03 PM.