Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cscript.exe - Bad Image [CLOSED]

Started by Kenneth Moore , Jul 28 2008 02:37 AM

  • This topic is locked This topic is locked

#1
Kenneth Moore
Posted 28 July 2008 - 02:37 AM

Kenneth Moore

    New Member

  • Member
  • Pip
  • 3 posts
When I start my PC I get a message. The message title is "cscript.exe - Bad Image". The message is "The application or DLL C:\WINDOWS\system32\vbscript.dll is not a valid Windows image. Please check check this against your installation diskette."
Also, when I goto system informaton I get the same message with a different title "CiceroUIWndFrame: helpctr.exe - Bad Image".
This has been appearing for about a month to six weeks now. AT first it was just a annoyance which I decided to grin and bare at login. However now the system performance slows down from time to time causing my work to almost come to a standstill for a few minutes at a time.

I have pasted my spyware scan log, hijackthis log and uninstall log as requested by the forum rules.
I will await your feedback as to how to remove whatever infection I have picked up.

thanks for the help in advance.
Kenneth Moore.


-----------SPYWARE LOG START-----------

Malwarebytes' Anti-Malware 1.23
Database version: 1000
Windows 5.1.2600 Service Pack 2

09:12:37 28/07/2008
mbam-log-7-28-2008 (09-12-37).txt

Scan type: Quick Scan
Objects scanned: 69901
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

-----------SPYWARE LOG END-----------


-----------HijackThis LOG START-----------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:16:35, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\program files\umsd 2.3\umsd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bret Taylor\Stickies\Stickies.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\crkkmoor\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com...DT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com...DT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.226.147.212:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd 2.3\umsd.exe sys_auto_run C:\Program Files\UMSD 2.3
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: MS Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Stickies.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O15 - Trusted Zone: http://www.ebay.ie
O15 - Trusted Zone: http://*.ebay.ie
O15 - Trusted Zone: http://www.ebay.ie (HKLM)
O15 - Trusted Zone: http://*.ebay.ie (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193771613125
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7868 bytes

-----------HijackThis LOG END-----------


-----------Uninstall List START-----------

Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Agile eXpress
AutoHotkey 1.0.47.06
AutoIt v3.2.10.0
CDDRV_Installer
CutePDF Writer 2.7
Electronic NCMR
FFConfigManager 2.3.202
FlexFlow_Client 2.3.201
Flextronics Inventory Service Europe
Flextronics Outlook Help Addin
GIMP 2.4.5
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IDAutomation.com Code 39 Free Font
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
ispVMSystem 13.2
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_01
Java™ 6 Update 3
Java™ 6 Update 5
KhalInstallWrapper
Legacy OAB Download Regulation
LiveUpdate 2.0 (Symantec Corporation)
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Outlook 2003
Microsoft Office Standard Edition 2003
Microsoft Office Visio Standard 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.16)
MSXML 6.0 Parser (KB933579)
PDXplorer
Purge Application
SciTE4AutoIt3 8-3-2008
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
SoundMAX
Spybot - Search & Destroy
Stickies
Symantec AntiVirus
Tecnomatix-Unicam Quality System 2.1
TSPARC v2.0.10
UMSD
UniCam Security and Licensing
UniTrack II [Enterprise Edition]
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB916846)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
ViewCompanion Pro v 4.09
ViewStation 6.2
VirtuaWin v4.0.1
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip

-----------Uninstall List END-----------
  • 0

Advertisements

#2
sage5
Posted 01 August 2008 - 07:20 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Kenneth Moore,

Welcome to Geeks to Go!
I am sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:



Deckard's System Scanner

Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
in your next reply.

Edited by sage5, 01 August 2008 - 07:20 AM.

  • 0

#3
Kenneth Moore
Posted 01 August 2008 - 09:27 AM

Kenneth Moore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks,

As requested Main.txt

Deckard's System Scanner v20071014.68
Run by crkkmoor on 2008-08-01 16:23:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-08-01 15:23:57 UTC - RP541 - Deckard's System Scanner Restore Point
54: 2008-08-01 10:55:47 UTC - RP540 - System Checkpoint
53: 2008-07-31 10:12:59 UTC - RP539 - System Checkpoint
52: 2008-07-29 15:03:10 UTC - RP538 - Removed Opera 9.51
51: 2008-07-29 14:40:49 UTC - RP537 - Installed Opera 9.51


-- First Restore Point --
1: 2008-05-06 09:21:52 UTC - RP487 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-01 16:25:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Flextronics Int\FlexInvSVC\FlexInvService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\DWRCST.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\UMSD 2.3\UMSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\uslcstst.exe
C:\Documents and Settings\crkkmoor\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.crk.flextronics.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by FLEXTRONICS
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.226.147.212:3128
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.crk.flextronics.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com...DT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com...DT/0409/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd 2.3\umsd.exe sys_auto_run C:\Program Files\UMSD 2.3
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: MS Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Stickies.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ebay.ie (HKLM)
O15 - Trusted Zone: http://www.ebay.ie (HKLM)
O15 - Trusted Zone: http://ebay.ie (HKCU)
O15 - Trusted Zone: http://www.ebay.ie (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193771613125
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O17 - HKLM\Software\..\Telephony: DomainName = europe.ad.flextronics.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = europe.ad.flextronics.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = europe.ad.flextronics.com
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxsrvc.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: Flextronics Inventory Service (FlexInvSvc) - Flextronics Int - C:\Program Files\Flextronics Int\FlexInvSVC\FlexInvService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


--
End of file - 8703 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ispDev - c:\windows\system32\drivers\isp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S2 EZUSB (Cypress General Purpose USB Driver (ezusb.sys)) - c:\windows\system32\drivers\ezusb.sys <Not Verified; cypress semiconductor; cypress semiconductor ezusb>
S3 OEMSTOR (USB Mass Storage) - c:\windows\system32\drivers\usbmsdk.sys <Not Verified; USB Mass Storage.; USB Mass Storage Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DWMRCS (DameWare Mini Remote Control) - c:\windows\system32\dwrcs.exe -service <Not Verified; DameWare Development LLC; DameWare Development DWRCS>
R2 FlexInvSvc (Flextronics Inventory Service) - "c:\program files\flextronics int\flexinvsvc\flexinvservice.exe" <Not Verified; Flextronics Int; FlextronicsInvService>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-30 08:56:45 0 d-------- C:\QualityReports
2008-07-30 08:20:54 28672 --a------ C:\WINDOWS\Uninst.dll
2008-07-30 08:20:54 676 --a------ C:\WINDOWS\Quality.reg
2008-07-30 08:20:49 0 d-------- C:\Program Files\Unicam
2008-07-30 08:20:02 0 d-------- C:\Documents and Settings\crkkmoor\WINDOWS
2008-07-30 08:18:53 0 d--h----- C:\WINDOWS\system32\dwrcssft
2008-07-29 15:42:21 0 d-------- C:\Documents and Settings\crkkmoor\Application Data\Opera
2008-07-29 15:40:52 0 d-------- C:\Program Files\Opera
2008-07-28 09:06:06 0 d-------- C:\Documents and Settings\crkkmoor\Application Data\Malwarebytes
2008-07-28 09:06:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 09:06:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 09:05:13 0 d-------- C:\Program Files\Common Files\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-08-01 08:13:08 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-29 16:03:29 0 d-------- C:\Documents and Settings\crkkmoor\Application Data\Mozilla
2008-07-28 15:03:52 0 d-------- C:\Program Files\Unitrack II
2008-07-28 09:05:13 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [24/07/2001 22:34]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [06/11/2003 16:22]
"PLoader"="c:\program files\umsd 2.3\umsd.exe" [02/08/2002 08:48]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [04/08/2004 08:56]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29/11/2007 03:17 C:\WINDOWS\KHALMNPR.Exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/08/2005 22:00]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [18/08/2005 13:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"DameWare MRC Agent"="C:\WINDOWS\system32\DWRCST.exe" [24/03/2008 12:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"Stickies"="C:\Program Files\Bret Taylor\Stickies\Stickies.exe" [14/03/2007 12:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunLogonScriptSync"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=1 (0x1)
"Wallpaper"=\\10.226.144.14\Baan_Config\Flex\ScreenSaver\sbs_800x600.jpg
"WallpaperStyle"=0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 09/01/2008 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=RunOnStartup.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-110102\Scripts\Logon\0\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-133206\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-133206\Scripts\Logon\1\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-133250\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-133318\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-171219\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-171464\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-171548\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-23200\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-23200\Scripts\Logon\1\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-23247\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-23247\Scripts\Logon\1\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-28637\Scripts\Logon\0\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-31666\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-39758\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-39758\Scripts\Logon\1\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-51786\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-51786\Scripts\Logon\1\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-51828\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-51828\Scripts\Logon\1\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-51867\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-51867\Scripts\Logon\1\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-51897\Scripts\Logon\0\0]
"Script"=SWinstalled.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-776561741-725345543-51897\Scripts\Logon\1\0]
"Script"=OlkChangePRF.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""




-- Hosts -----------------------------------------------------------------------

127.0.0.1 .archivioadulti.com
127.0.0.1 .internet-explorer.name
127.0.0.1 .katasearch.com
127.0.0.1 .preferiti-windows.com
127.0.0.1 .qoogler.com
127.0.0.1 .tuttoavolonta.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com

7885 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-01 16:25:51 ------------




and extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 502.8 MiB / 230.25 MiB
Pagefile Memory (total/avail): 1229.57 MiB / 930.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.71 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 61.37 GiB free.
D: is CDROM (No Media)
H: is Network (NTFS)
J: is Network (NTFS)
L: is Network (NTFS)
M: is Network (NTFS)
P: is Network (NTFS)
U: is Network (NTFS)

\\.\PHYSICALDRIVE0 - WDC WD800BB-60JKC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

AV: Symantec AntiVirus Corporate Edition v9.0.5.1000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\crkkmoor\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CRKW0103
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\crkkmoor
LOGONSERVER=\\EUCRK001
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;\\crknt13\babtec5$\apps\redist
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\crkkmoor\LOCALS~1\Temp
TMP=C:\DOCUME~1\crkkmoor\LOCALS~1\Temp
USERDNSDOMAIN=EUROPE.AD.FLEXTRONICS.COM
USERDOMAIN=EUROPE
USERNAME=crkkmoor
USERPROFILE=C:\Documents and Settings\crkkmoor
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
crkndonn (admin)
crkmnorr (admin)
crkrmaie (new local, net ready)
crkcweir (admin)
crkpbros (new local, net ready)
crkdkell (admin)
crkkmoor (admin)
crkcguin
crkdmurp (new local, net ready)
crkghick
crkunitr
crkitorr (new local, net ready)
crkcmulh (new local, net ready)
crkrnoon (new local, net ready)
crkMMCAU (new local, net ready)
crkbmcin (new local, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agile eXpress --> "C:\Agile\Agile eXpress9.0\Uninstall\Uninstall Agile eXpress9.0.exe"
AutoHotkey 1.0.47.06 --> C:\Program Files\AutoHotkey\uninst.exe
AutoIt v3.2.10.0 --> C:\Program Files\AutoIt3\Uninstall.exe
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DameWare Development Mirror Driver Uninstall --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 DwMirror.inf
Electronic NCMR --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Automatic NCMR\ST6UNST.LOG"
FFConfigManager 2.3.202 --> MsiExec.exe /I{4DC7AA66-BB91-4FFE-A20E-7C6ACBF17BBB}
FlexFlow_Client 2.3.201 --> MsiExec.exe /I{81DFE4D4-1BEB-4F88-9F1F-1BA632C479B3}
Flextronics Inventory Service Europe --> MsiExec.exe /I{F2B231F0-9125-4234-AB28-33C1E36CCE37}
Flextronics Outlook Help Addin --> MsiExec.exe /I{3A7653AA-45C7-4C30-B949-2C72131882DC}
GIMP 2.4.5 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\crkkmoor\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IDAutomation.com Code 39 Free Font --> C:\Program Files\IDAutomation.com Code 39 Free Font\uninstall.exe
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
ispVMSystem 13.2 --> C:\ispTOOLS\ispvmsystem\unins000.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Legacy OAB Download Regulation --> MsiExec.exe /X{D4F045B7-44B4-4464-94F1-0EA4CD8EBBA9}
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 --> MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Standard 2003 --> MsiExec.exe /I{90530409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
PDXplorer --> MsiExec.exe /I{DF5EE00E-5176-4385-BF56-5D725F94EC9D}
Purge Application --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Purge\ST6UNST.LOG"
QualitySystem --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Unicam\Quality\Quality.isu" -c"C:\WINDOWS\uninst.dll"
SciTE4AutoIt3 8-3-2008 --> C:\Program Files\AutoIt3\SciTE\uninst.exe
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stickies --> MsiExec.exe /I{0A770EE2-905F-4DBD-8963-2E4F0FAFD66F}
Symantec AntiVirus --> MsiExec.exe /I{2CFECCAA-8CB0-459B-9636-40430DBC8951}
Tecnomatix-Unicam Quality System 2.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Tecnomatix-Unicam\Quality System\Qual21.isu" -c"C:\WINDOWS\system32\UnInstQS21.dll"
TSPARC v2.0.10 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Flextronics\TSPARC\irunin.ini"
UMSD --> C:\Program Files\UMSD 2.3\AdvDrvIns.exe -u "C:\Program Files\UMSD 2.3"
UniCam Security and Licensing --> C:\WINDOWS\IsUninst.exe -fC:\UCW\SecLicse.isu
UniTrack II [Enterprise Edition] --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Unitrack II\ST6UNST.LOG"
ViewCompanion Pro v 4.09 --> "C:\Program Files\ViewCompanion Pro\unins000.exe"
ViewStation 6.2 --> C:\WINDOWS\IsUninst.exe -fC:\VIEW\Uninst.isu
VirtuaWin v4.0.1 --> "C:\Program Files\VirtuaWin\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type8620 / Error
Event Submitted/Written: 08/01/2008 11:34:08 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application QualityManager.exe, version 1.0.0.265, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8619 / Error
Event Submitted/Written: 08/01/2008 11:33:08 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application QualityManager.exe, version 1.0.0.265, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8618 / Error
Event Submitted/Written: 08/01/2008 11:32:18 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application QualityManager.exe, version 1.0.0.265, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8597 / Error
Event Submitted/Written: 07/31/2008 08:20:17 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application QualityManager.exe, version 1.0.0.265, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8596 / Error
Event Submitted/Written: 07/31/2008 08:20:17 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application QualityManager.exe, version 1.0.0.265, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8861 / Warning
Event Submitted/Written: 08/01/2008 08:51:06 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP Color LaserJet 2600n for Windows NT x86 Version-3 was added or updated. Files:- IMFNT5.DLL, SDNT5UI.DLL, SDhp2600.SDD, SDhp2600.HLP, A2600IP.DLL, hp2600n.img, SDhp2600.DLL, SDhp2600.UNZ, SUhp2600.DLL, SUhp2600.ENT, SUhp2600.VER, VSHP2600.DLL, HP2600IR.DLL, ZLHP2600.DLL, ZSHP2600.EXE, ZSHP2600.HLP, IMF32.DLL, IMFPRINT.DLL, QDPRINT.DLL, SD32.DLL, SDIMF32.DLL, SDDM32.DLL, SDDMUI.DLL, SR32.DLL, SUXML.DLL, XERCES-C.DLL, ZGDI32.DLL, ZJBIG.DLL, ZLM.DLL, ZSPOOL.DLL, ZSPOOL32.EXE, ZTAG32.DLL, ZUNINST.EXE, SDNTUM4.DLL.

Event Record #/Type8850 / Error
Event Submitted/Written: 08/01/2008 08:14:39 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Cypress General Purpose USB Driver (ezusb.sys) service failed to start due to the following error:
%%1058

Event Record #/Type8843 / Error
Event Submitted/Written: 07/31/2008 01:39:33 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Event Record #/Type8842 / Error
Event Submitted/Written: 07/31/2008 01:39:31 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1068" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type8831 / Error
Event Submitted/Written: 07/31/2008 08:16:04 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Cypress General Purpose USB Driver (ezusb.sys) service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-08-01 16:25:51 ------------




hope you can help.

thanks,
Kenneth.
  • 0

#4
sage5
Posted 03 August 2008 - 06:38 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
I see very little sign of anything malware related in those logs.

Can you provide me with a Startup list using HijackThis?

Create a Startup list:
  • Open HiJackThis
  • Click on the Open Misc Tools Section button.
  • Make sure that the 2 boxes next to the Generate Startuplist log button are ticked
  • Now click on the Generate Startuplist log button.
  • NotePad will open a new window. This file is C:\Program Files\Trend Micro\HijackThis\startuplist.txt
  • Copy and paste the text from the log into your next post.

  • 0

#5
sage5
Posted 10 August 2008 - 07:26 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP