Thank you very much for helping me! I believe I finally got that ugly dll removed from my laptop yesterday. I ran malwarebytes program again and this time the delete on reboot seemed to work! I know I ran this before I posted but didn't get the same results that time. Maybe I did something in between runs to allow it to work, not sure. I feel like I'm almost clean, but I do seem to still have some slowness when booting and shutting down. Maybe some registry cleanup is needed?
Here are my dss logs:
extra.txt
------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 959.48 MiB / 618.02 MiB
Pagefile Memory (total/avail): 1550.59 MiB / 1274.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.77 MiB
C: is Fixed (NTFS) - 55.88 GiB total, 6.12 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - TOSHIBA MK6021GAS - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Microsoft Office Communicator 2007"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Enabled:SR_GUI"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL Connectivity Service"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"="C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe:*:Enabled:Run VNC Viewer"
"C:\\DOCUME~1\\BARTRE~1\\LOCALS~1\\Temp\\win455.tmp.exe"="C:\\DOCUME~1\\BARTRE~1\\LOCALS~1\\Temp\\win455.tmp.exe:*:Enabled:win455.tmp"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Disabled:SAgent4"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communicator"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bart Reed\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BARTLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bart Reed
LOGONSERVER=\\BARTLAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\AVG\AVG8
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BARTRE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BARTRE~1\LOCALS~1\Temp
USERDOMAIN=BARTLAPTOP
USERNAME=Bart Reed
USERPROFILE=C:\Documents and Settings\Bart Reed
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Bart Reed
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AnVir Task Manager --> "C:\Program Files\AnVir Task Manager\AnVir.exe" Uninstall
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belkin Wireless G Notebook Card Software --> C:\Program Files\InstallShield Installation Information\{4E64920B-C80B-4B1C-9DF1-FBCB68029629}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0D32BED-4EA6-11D5-AD9A-0050BA1AB546}\Setup.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
dvdXsoft DVD to iPod Converter 1.16 --> "C:\Program Files\dvdXsoft\dvdXsoft DVD to iPod Converter\unins000.exe"
Easy CD Creator 5 Platinum --> MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoStarter3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" uninst
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON SPR300 Reference Guide --> C:\Program Files\epson\guide\spr300_e\uninstall.exe
Film Factory --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON Software\Film Factory\Uninst.isu"
Garmin POI Loader --> MsiExec.exe /X{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
HijackThis 2.0.2 --> "C:\HijackThis2\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
HP WLAN 54g W450 Network Adapter --> C:\WINDOWS\System32\BCMWLU00.exe verbose
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LG USB Modem driver (ver 3.0) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft Office Communicator 2007 --> MsiExec.exe /X{E5BA0430-919F-46DD-B656-0796F8A5ADFF}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Bart Reed\Application Data\Move Networks\ie_bin\Uninst.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Bart Reed\Application Data\Move Networks\ie_bin\unins000.exe"
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia Internet Tablet Software Update Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D198D2E7-B557-4404-A286-77F249625172}\setup.exe" -l0x9 -removeonly
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PCStitch 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2A69CA0-8BBF-4404-BA68-DB79A3548E34}\Setup.exe" -l0x9 ANYTHING
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SiS M650 --> RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.14B\DeIsL1.isu"&P.U 4 xvga.in&-1
SoftK56 Data Fax CARP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_083C0E11\HXFSETUP.EXE -U -IVEN_1039&DEV_7013&SUBSYS_083C0E11
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Videora iPod Converter 3.06 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
WebIQ Client Software --> C:\WINDOWS\System32\WebIQInstall.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Address AutoComplete --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~2.DLL
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZD Soft Video Recorder --> "C:\Program Files\ZD Soft\Video Recorder\Uninstall.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type4113 / Error
Event Submitted/Written: 07/28/2008 07:28:53 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type4112 / Error
Event Submitted/Written: 07/28/2008 07:28:53 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.
Event Record #/Type4110 / Warning
Event Submitted/Written: 07/28/2008 07:09:57 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type4108 / Warning
Event Submitted/Written: 07/27/2008 06:52:00 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type4106 / Warning
Event Submitted/Written: 07/27/2008 02:38:16 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type38172 / Error
Event Submitted/Written: 07/28/2008 07:21:41 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SjyPkt service failed to start due to the following error:
%%2
Event Record #/Type38170 / Warning
Event Submitted/Written: 07/28/2008 07:21:03 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00173F2FFFD4. The IP address being used is 169.254.179.104.
Event Record #/Type38168 / Error
Event Submitted/Written: 07/28/2008 07:19:59 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SjyPkt service failed to start due to the following error:
%%2
Event Record #/Type38167 / Warning
Event Submitted/Written: 07/28/2008 07:19:49 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{FF5E8435-A78E-46AC-B522-09917BC7295D}.
Event Record #/Type38166 / Warning
Event Submitted/Written: 07/28/2008 07:19:40 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00173F2FFFD4. The IP address being used is 169.254.179.104.
-- End of Deckard's System Scanner: finished at 2008-07-28 07:29:24 ------------
main.txt
----------
Deckard's System Scanner v20071014.68
Run by Bart Reed on 2008-07-28 07:26:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-07-28 11:26:13 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 6.12 GiB (less than 15%) free.-- HijackThis (run as Bart Reed.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:30 AM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D7010v7032\Belkinwcui.exe
C:\Temp\dss.exe
C:\HIJACK~2\Bart Reed.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Merriam-Webster - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Belkin Wireless G Notebook Card Client Utility.lnk = C:\Program Files\Belkin\F5D7010v7032\Belkinwcui.exe
O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm
O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterf...ds/Uploader.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg...ol_v1-0-3-0.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6182 bytes
-- HijackThis Fixed Entries (C:\HIJACK~2\backups\) -----------------------------
backup-20080727-095903-189 O20 - Winlogon Notify: urqPghhi - C:\WINDOWS\SYSTEM32\urqPghhi.dll
backup-20080727-095903-668 O2 - BHO: (no name) - {8BC23AF4-1F68-4E68-A2AE-665A825677B6} - C:\WINDOWS\system32\urqPghhi.dll
backup-20080727-134100-805 O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
backup-20080727-134221-844 O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 PCC_PFW (PC-Cillin Personal Firewall) - c:\windows\system32\drivers\pcc_pfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Personal Firewall 1.5>
R3 vidcap - c:\windows\system32\drivers\vidcap.sys <Not Verified; ZD Soft; ZD Soft Screen Capture Series>
S3 APLMp50 (APLMp50 NDIS Protocol Driver) - c:\windows\system32\drivers\aplmp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 PRISM (Instant Wireless - Network PC CARD Driver) - c:\windows\system32\drivers\prismnds.sys <Not Verified; LINKSYS Corporation; Instant Wireless - Network PC Card>
S3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys (file missing)
S3 usbbus (LGE CDMA Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Multi function Driver>
S3 UsbDiag (LGE CDMA USB Serial Port Drivers) - c:\windows\system32\drivers\lgusbdiag.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Diagnostics Driver>
S3 USBModem (LGE CDMA USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys <Not Verified; LG Soft India; LG CDMA USB Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 OracleOraHome92TNSListener - c:\oracle\ora92\bin\tnslsnr (file missing)
S4 OracleServiceORACLE - c:\oracle\ora92\bin\oracle.exe oracle (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\9ED5406F508B71
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\9ED5406F508B71
Service: NIC1394
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: HP WLAN 54g W450 Network Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00E70E11&REV_02\3&61AAA01&0&48
Manufacturer: Broadcom
Name: HP WLAN 54g W450 Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00E70E11&REV_02\3&61AAA01&0&48
Service: BCM43XX
-- Scheduled Tasks -------------------------------------------------------------
2008-07-28 07:17:17 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-16 08:30:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-28 and 2008-07-28 -----------------------------
2008-07-27 10:38:14 0 d-------- C:\Documents and Settings\Bart Reed\Application Data\Malwarebytes
2008-07-27 10:37:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 10:37:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 10:37:20 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 09:31:24 0 d-------- C:\HijackThis2
2008-07-27 09:00:43 0 d-------- C:\VundoFix Backups
2008-07-27 06:44:12 0 d-------- C:\Program Files\AnVir Task Manager
2008-07-26 14:06:43 0 d-------- C:\!KillBox
2008-07-26 12:27:55 859520 --ahs---- C:\WINDOWS\system32\xwwyHRqr.ini2
2008-07-26 11:31:46 0 d-------- C:\Program Files\Webroot
2008-07-26 11:30:57 164 --a------ C:\install.dat
2008-07-26 08:49:48 21035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
2008-07-21 14:50:14 0 d--h----- C:\$AVG8.VAULT$
2008-07-21 14:44:41 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-21 14:44:40 0 d-------- C:\Documents and Settings\Bart Reed\Application Data\AVGTOOLBAR
2008-07-21 14:43:46 0 d-------- C:\Program Files\AVG
2008-07-21 14:43:45 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-21 12:15:56 858009 --ahs---- C:\WINDOWS\system32\AdMWDcfe.ini2
2008-07-21 12:11:12 0 d-------- C:\Program Files\Outerinfo_BAD
2008-07-21 12:11:10 0 d-------- C:\WINDOWS\T?sks
2008-07-21 12:10:52 0 d-------- C:\Documents and Settings\Bart Reed\Application Data\M?crosoft.NET
2008-07-21 12:10:39 0 d-------- C:\WINDOWS\system32\carH01
-- Find3M Report ---------------------------------------------------------------
2008-07-27 10:37:20 0 d-------- C:\Program Files\Common Files
2008-07-21 12:10:52 0 d-------- C:\Documents and Settings\Bart Reed\Application Data\M?crosoft.NET
2008-07-07 14:12:02 0 d-------- C:\Documents and Settings\Bart Reed\Application Data\Adobe
2008-06-09 13:51:28 0 d-------- C:\Program Files\iTunes
2008-06-09 13:51:27 0 d-------- C:\Program Files\Apple Software Update
2008-06-09 13:11:39 0 d-------- C:\Program Files\iPod
2008-06-09 13:05:16 0 d-------- C:\Program Files\QuickTime
2008-06-02 10:37:24 0 d-------- C:\Documents and Settings\Bart Reed\Application Data\Yahoo!
2008-06-02 09:00:34 0 d-------- C:\Program Files\Microsoft Office Communicator
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/21/2008 02:44 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/21/2008 02:44 PM 2055960]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/21/2008 02:43 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Notebook Card Client Utility.lnk - C:\Program Files\Belkin\F5D7010v7032\Belkinwcui.exe [4/5/2008 7:53:50 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRHywwx
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bart Reed^Start Menu^Programs^Startup^Check for QCharts Updates.lnk]
path=C:\Documents and Settings\Bart Reed\Start Menu\Programs\Startup\Check for QCharts Updates.lnk
backup=C:\WINDOWS\pss\Check for QCharts Updates.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
"C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]
smanager.7.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]
rundll32.exe "C:\WINDOWS\system32\undehlbo.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=3 (0x3)
"wscsvc"=2 (0x2)
"Tmntsrv"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
"PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
"CARPService"=carpserv.exe
"SiS KHooker"=C:\WINDOWS\System32\khooker.exe
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
-- End of Deckard's System Scanner: finished at 2008-07-28 07:29:24 ------------
This topic is locked
Sign In
Create Account
