Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to run exe files, Can't download updated HJT [RESOLVED]

Started by rudd815 , Aug 09 2008 10:39 AM

  • This topic is locked This topic is locked

#1
rudd815
Posted 09 August 2008 - 10:39 AM

rudd815

    Member

  • Member
  • PipPip
  • 16 posts
Unable to run exe files, Can't download updated HJT due to it being an exe

Logfile of HijackThis v1.99.1
Scan saved at 09:32:07, on 8/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MONIEC\Desktop\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152469941828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics....com/serval.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab40641.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab40641.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

Attached Files


Edited by rudd815, 09 August 2008 - 10:54 AM.

  • 0

Advertisements

#2
Rorschach112
Posted 09 August 2008 - 11:54 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#3
rudd815
Posted 09 August 2008 - 01:14 PM

rudd815

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I saved the file to my desktop but am unable to open it. After I right-click there is not an option to open.
  • 0

#4
Rorschach112
Posted 09 August 2008 - 01:51 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try this

Download to your desktop "FixPolicies.exe", a self-extracting ZIP archive from HERE.

Double-click FixPolicies.exe.
Click the Install button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
A black box will briefly appear and then close.
Reboot the computer so the changes can take affect.



Then double click it and run it


If it fails do this


Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

  • 0

#5
rudd815
Posted 09 August 2008 - 02:26 PM

rudd815

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
After starting the program, program asks for a file association for nircmd.com. Where is that file located.
  • 0

#6
Rorschach112
Posted 10 August 2008 - 08:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try this

Run DSS again, using these instructions:

Click START> Run - then copy the following bold blue text and paste it into the Run box & click OK

"%userprofile%\desktop\dss.exe" /daft

Read the disclaimer and click OK.

Click on Scan.

Place a checkmark next to the entries displayed when the scan is finished then Click on Fix.

Repeat the scan; you should get a message "All Associations OK!"

Next, click Save Log, and post this log in your next reply.



Then reboot and try ComboFix

If it fails go onto Runscanner
  • 0

#7
rudd815
Posted 10 August 2008 - 11:20 AM

rudd815

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
When I open run and enter "%userprofile%\desktop\dss.exe" /daft, it tells me that it can't find it.
  • 0

#8
Rorschach112
Posted 10 August 2008 - 11:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok try runscanner there
  • 0

#9
rudd815
Posted 10 August 2008 - 11:53 AM

rudd815

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Processes did not work


Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : MONIEC-365CC586
Creation time : 8/10/2008 10:50:35 AM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.6.3.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\ctfmon.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\program files\internet explorer\iexplore.exe (Microsoft Corporation)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\docume~1\moniec\locals~1\temp\temporary directory 1 for runscanner.zip\runscanner.exe (Runscanner.net)
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\windows\explorer.exe (Microsoft Corporation)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\lavasoft\ad-aware se plus\ad-watch.exe (Lavasoft Sweden)

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\cconnect\cconnect.exe (BroadJump)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
c:\program files\bonjour\mdnsresponder.exe (Bonjour Service)
c:\program files\navnt\defwatch.exe (DefWatch)
c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
c:\windows\system32\lexbces.exe (LexBce Server)
c:\program files\navnt\rtvscan.exe (Norton AntiVirus Client)
* c:\program files\spyware doctor\pctsauxs.exe (PC Tools Auxiliary Service)
* c:\program files\spyware doctor\pctssvc.exe (PC Tools Security Service)
c:\program files\tversity\media server\mediaserver.exe (TVersityMediaServer)
c:\windows\system32\mspmspsv.exe (WMDM PMSP Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
c:\windows\system32\drivers\aspi32.sys (ASPI32)
- c:\windows\system32\drivers\beep.sys (Beep)
c:\windows\system32\drivers\cdr4_xp.sys (Cdr4_xp)
c:\windows\system32\drivers\cdralw2k.sys (Cdralw2k)
c:\windows\system32\drivers\cercsr6.sys (cercsr6)
- c:\windows\system32\drivers\changer.sys (Changer)
* c:\windows\system32\drivers\ikfilesec.sys (File Security Driver)
C:\WINDOWS\system32\drivers\v4cb011d.sys (FinePix Digital Camera 020717)
* C:\WINDOWS\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
* C:\WINDOWS\system32\drivers\hamachi.sys (Hamachi Network Interface)
- c:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
c:\program files\navnt\navap.sys (NAVAP)
c:\program files\navnt\navapel.sys (NAVAPEL)
- c:\progra~1\common~1\symant~1\virusd~1\20080521.003\naveng.sys (NAVENG)
- c:\progra~1\common~1\symant~1\virusd~1\20080521.003\navex15.sys (NAVEX15)
- c:\nexon\maplestory\npkcrypt.sys (npkcrypt)
* C:\WINDOWS\system32\drivers\pavboot.sys (pavboot)
- c:\windows\system32\drivers\pcidump.sys (PCIDump)
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- c:\windows\system32\drivers\pdframe.sys (PDFRAME)
- c:\windows\system32\drivers\pdreli.sys (PDRELI)
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
* C:\WINDOWS\system32\drivers\iksysflt.sys (System Filter Driver)
* C:\WINDOWS\system32\drivers\iksyssec.sys (System Security Driver)
c:\windows\system32\drivers\tvichw32.sys (TVICHW32)
- c:\windows\system32\drivers\wdica.sys (WDICA)
C:\WINDOWS\system32\drivers\wmacdriverv32.sys (WmaCDriverV32)

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
c:\program files\bodog poker\bpgame.exe (Bodog) {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}

044 HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
------------------------------------------------------------------
c:\program files\mario forever toolbar\v2.0.0.4\mario_forever_toolbar.dll {463DF6D5-BEC1-4D67-B217-59DB692DFC53}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
c:\program files\mario forever toolbar\v2.0.0.4\mario_forever_toolbar.dll {463DF6D5-BEC1-4D67-B217-59DB692DFC53}

047 Trusted zones
-----------------
Zone: cgi5.ebay.com : https://cgi5.ebay.com
Zone: cox.com : http://cox.com
Zone: cox.com : http://cox.com
Zone: cox.com : https://cox.com
Zone: cox.com : https://cox.com
Zone: coxenterprises.com : http://coxenterprises.com
Zone: coxenterprises.com : https://coxenterprises.com
Zone: coxenterprises.com : https://coxenterprises.com
Zone: coxenterprises.com : http://coxenterprises.com
Zone: superbrokers42.com : https://superbrokers42.com
Zone: wsex.com : https://wsex.com
Zone: www.bodoglife.com : *.www.bodoglife.com
Zone: www.bodoglife.com : https://www.bodoglife.com
Zone: www.wsex.com : http://www.wsex.com
Zone: www.wsex.com : https://www.wsex.com
Zone: www.yahoo.com : http://www.yahoo.com

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
* c:\program files\audible\bin\audibleext.dll (Audible, Inc.) {16148659-720A-457d-850B-2DBD87BB129D}
c:\program files\illustrate\dbpoweramp\dmcshell.dll (Illustrate) {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}
c:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\program files\common files\symantec shared\ssc\vpshell2.dll (Symantec Corporation) {BDA77241-42F6-11d0-85E2-00AA001FE28C}
c:\progra~1\micros~2\office\olkfstub.dll (Microsoft Corporation) {0006F045-0000-0000-C000-000000000046}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
* c:\program files\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
c:\progra~1\common~1\micros~1\webfol~1\msonsext.dll {BDEADF00-C265-11d0-BCED-00A0C90AB50F}
c:\program files\object desktop\windowblinds\wbui.dll (Stardock.Net, Inc) {2F5AC606-70CF-461C-BFE1-734234536262}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
* c:\program files\audible\bin\audibleext.dll (Audible, Inc.) {16148659-720A-457d-850B-2DBD87BB129D}
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
c:\program files\illustrate\dbpoweramp\dbshell.dll (Illustrate) {FED7043D-346A-414D-ACD7-550D052499A7}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
c:\windows\system32\navlogon.dll
c:\progra~1\object~1\window~1\fastload.dll (Stardock)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
C:\WINDOWS\system32\hptcpmon.dll (Hewlett Packard)
C:\WINDOWS\system32\lexlmpm.dll (Lexmark International, Inc.)

073 %windir%\Tasks
------------------
AppleSoftwareUpdate.job : c:\program files\apple software update\softwareupdate.exe (Apple Inc.)
MP Scheduled Quick Scan.job : c:\program files\microsoft windows onecare live\antivirus\mpcmdrun.exe

100 Internet Explorer settings
------------------------------
ProxyOverride HKCU : <local>;*.local
Start Page HKCU : http://www.yahoo.com/

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
c:\program files\support.com\bin\tgctlcm.dll (SupportSoft, Inc.) {01113300-3E00-11D2-8470-0060089874ED}
* c:\windows\downloaded program files\pcpitstop.dll (PC Pitstop) {0E5F0222-96B9-11D3-8997-00104BD12D94}
c:\windows\downloaded program files\housecall_activex.dll (Trend Micro Inc.) {215B8138-A3CF-44C5-803F-8226143CFC0A}
* c:\windows\downloaded program files\as2stubie.dll (Panda Security) {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
c:\windows\downloaded program files\imageuploader3.ocx (Slide, Inc.) {55027008-315F-4F45-BBC3-8BE119764741}
c:\windows\downloaded program files\zpachat.ocx (Microsoft Corporation) {5736C456-EA94-4AAC-BB08-917ABDD035B3}
GUID / CLSID not found {77E32299-629F-43C6-AB77-6A1E6D7663F6}
c:\windows\downlo~1\tseasy~1.ocx (Trend Micro Inc.) {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}
c:\windows\downloaded program files\zintro.ocx (Microsoft Corporation) {B8BE5E93-A60C-4D26-A2DC-220313175592}
c:\windows\downloaded program files\activex_atl_lexmark.dll {C52439A0-2693-4E40-B141-9F9AD5257241}
c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
c:\program files\java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
c:\program files\java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
c:\windows\downloaded program files\stproxy.dll (Microsoft Corporation) {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}
c:\windows\downloaded program files\driveragent.ocx (Touchstone Software Corp) {E8F628B5-259A-4734-97EE-BA914D7BE941}
c:\progra~1\pcpits~1\av\pav.dll (PCPitstop) {EFAEF0E4-F044-4D57-9900-1C3FF18524C9}
c:\windows\downloaded program files\checkerszpa.ocx (Microsoft Corporation) {FF3C5A9F-5A91-4930-80E8-4709194C2AD3}
c:\windows\downloaded program files\zpa_backgammon.ocx (Microsoft Corporation) {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}
* c:\windows\downloaded program files\pcpitstop2.dll (PC Pitstop LLC) {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}

107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
---------------------------------------------------------------------------------
c:\program files\bonjour\mdnsnsp.dll (Apple Inc.)

120 Domain/DNS hijacking
------------------------
TcpIp NameServer : 208.67.220.220,208.67.222.222

121 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
--------------------------------------------------------------------------
- karina.dat

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{d9d43ab0-8d37-11db-83fc-0008740fbaa8} : F:\setupSNK.exe

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\progra~1\kongsoft\easycd~1\menuha~1.dll {8331A1DE-43C5-4F79-A2AE-0E656856B193}
c:\program files\common files\symantec shared\ssc\vpshell2.dll (Symantec Corporation) {BDA77241-42F6-11d0-85E2-00AA001FE28C}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
-------------------------------------------------------
c:\progra~1\kongsoft\easycd~1\menuha~1.dll {8331A1DE-43C5-4F79-A2AE-0E656856B193}
c:\program files\common files\symantec shared\ssc\vpshell2.dll (Symantec Corporation) {BDA77241-42F6-11d0-85E2-00AA001FE28C}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
------------------------------------------------------------
c:\program files\common files\symantec shared\ssc\vpshell2.dll (Symantec Corporation) {BDA77241-42F6-11d0-85E2-00AA001FE28C}
c:\program files\common files\symantec shared\ssc\vpshell2.dll (Symantec Corporation) {BDA77241-42F6-11d0-85E2-00AA001FE28C}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
---------------------------------------------------------------
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
-------------------------------------------------------
* c:\program files\audible\bin\audibleext.dll (Audible, Inc.) Audible Column Ext
c:\program files\illustrate\dbpoweramp\dbshell.dll (Illustrate) dBpoweramp Column Handler
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info
  • 0

#10
Rorschach112
Posted 10 August 2008 - 12:02 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you attach the .run file please
  • 0

Advertisements

#11
rudd815
Posted 10 August 2008 - 12:13 PM

rudd815

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
See attached

Attached Files


  • 0

#12
Rorschach112
Posted 10 August 2008 - 03:31 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

  • Save it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in red and in blue.
  • Click the button at the top called Fix selected items
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC





Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#13
rudd815
Posted 10 August 2008 - 08:55 PM

rudd815

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 511.01 MiB / 141.3 MiB
Pagefile Memory (total/avail): 1248.28 MiB / 928.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.86 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 279.45 GiB total, 6.65 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST330062 2AS SCSI Disk Device - 279.46 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.45 GiB - C:

\\.\PHYSICALDRIVE1 - HP Photosmart C4150 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\MONIEC\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MONIEC-365CC586
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MONIEC
LOGONSERVER=\\MONIEC-365CC586
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MONIEC\LOCALS~1\Temp
TMP=C:\DOCUME~1\MONIEC\LOCALS~1\Temp
USERDOMAIN=MONIEC-365CC586
USERNAME=MONIEC
USERPROFILE=C:\Documents and Settings\MONIEC
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

MONIEC (admin)
Tyler
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Advanced Disk Cleaner 4.7 --> "C:\Program Files\Innovative Solutions\Advanced Disk Cleaner\unins000.exe"
Advanced Uninstaller PRO 2006 - version 7 --> "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\unins000.exe"
Advanced WindowsCare 2.30 Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audible Download Manager --> C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall
Battle.net --> C:\WINDOWS\bnetunin.exe
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD347316-609E-4149-983C-84B40338D38A}\setup.exe" -l0x9 -removeonly
Battleship - Fleet Command (remove only) --> "C:\Program Files\Yahoo! Games\Battleship - Fleet Command\Uninstall.exe"
BearShare --> C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
BitPim 1.0.1 --> "C:\Program Files\BitPim\unins000.exe"
Bodog Poker Version 2.15.9.3 --> "C:\Program Files\Bodog Poker\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll"
BugOff 1.10 --> C:\Documents and Settings\MONIEC\Local Settings\Temp\wz09db\BugOff.exe /uninstall
CDMaster32 --> C:\Program Files\Zittware\CDMaster32\uninstall.exe CDMaster32
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
CorrectConnect --> C:\WINDOWS\ISUninst.exe -f"C:\Program Files\CConnect\Uninst.isu" -c"C:\Program Files\CConnect\Uninst.dll"
Cox Online Support Controls --> "C:\Program Files\SupportSoft\unins000.exe"
dBpowerAMP Arrange Music --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Arrange Music.dat
dBpowerAMP Channel Split --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Channel Split.dat
dBpowerAMP Length Split --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Length Split.dat
dBpoweramp m4a Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpowerAMP Multi-Encoder --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Multi-Encoder.dat
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpowerAMP Rename Extension --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Rename Extension.dat
dBpowerAMP Tag From Filename --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Tag From Filename.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverMagic --> MsiExec.exe /I{5BEB2F46-3723-47CF-BF7F-39C453B9D977}
Easy CD Ripper 2.26 --> C:\Program Files\Kongsoft\Easy CD Ripper\uninst.exe
Free WMA to MP3 Converter 1.08 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Hamachi 1.0.1.1 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iPhoneBrowser --> MsiExec.exe /I{A0F7CEAC-8F77-4936-8DDD-0AD4028A5486}
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MapleStory --> MsiExec.exe /I{9DA92370-2929-4A4D-B3DF-B1651D77C6AA}
MGI PhotoSuite 8.1 (Remove Only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite 8.1\Uninst.isu" -c"C:\Program Files\MGI\PhotoSuite 8.1\CustomUninstall.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo Trial --> "C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mobipocket Reader 6.0 --> MsiExec.exe /I{3B9EF902-F253-4B0A-9EA8-6596BBCB6B28}
Motorola Driver Installation --> MsiExec.exe /I{0D442113-1F96-40DE-948C-5850CE7B8005}
Motorola USB Drivers --> C:\PROGRA~1\MOTORO~1\UNWISE.EXE C:\PROGRA~1\MOTORO~1\INSTALL.LOG
MP3 Player Utilities 3.5.02 --> MsiExec.exe /I{0DE7211B-A7CB-4112-8D62-142A0EBDFAD9}
MP3 Player Utilities 3.68 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Optimizer XP --> MsiExec.exe /I{1724C2C4-1DD8-4BA9-91BB-52E635F45B4F}
OverDrive Media Console --> MsiExec.exe /I{16D9439B-DF3D-43D1-A727-4B335300D07A}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PartyPokerNet --> "C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Program Files\PartyGaming.Net\PartyPokerNet\install.log"
PC Pitstop Exterminate 1.0 --> "C:\Program Files\PCPitstop\Exterminate\unins000.exe"
PC Pitstop Optimize2 2.0 --> "C:\Documents and Settings\MONIEC\Desktop\Spyware\Optimize2\unins000.exe"
PCPitstop Panda AntiVirus Scan (remove only) --> C:\Program Files\PCPitstop\AV\Uninst.exe
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Red Orb Zone for Warlords III: Darklords Rising --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Red Orb Zone\DeIsL1.isu"
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Samsung USB Driver (MCCI 4.34) WHQL v3.0 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FAD03728-DA19-4313-959F-872A9C432A86}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SolSuite --> C:\PROGRA~1\SolSuite\UNWISE.EXE C:\PROGRA~1\SolSuite\INSTALL.LOG
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
Sylvania ® Monitor Driver --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Sylvania\Sylvania Monitor\DeIsL1.isu" -c"C:\Program Files\Sylvania\Sylvania Monitor\_ISREG32.DLL"
Transcoding --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD299C88-F7B4-4868-97EB-DD731B35F4CB}\Setup.exe" -l0x9
TVersity Codec Pack 1.1 --> C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 0.9.11.4 beta --> C:\Program Files\TVersity\Media Server\uninst.exe
Unreal Tournament --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
USB Driver Vers. 3.2 --> C:\Program Files\USB Driver Vers. 3.2\uninstall.exe
USB MP3 Player WIN98 Drivers --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MP3\U-MP3\Uninst.isu"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warcraft II BNE --> C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
Warlords III: Darklords Rising --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\REDORB~1\WARLOR~1\DeIsL1.isu"
WindowBlinds --> C:\PROGRA~1\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
winpwn 2.0.0.3 --> C:\Program Files\winpwn\uninstall winpwn.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.6 --> "C:\Program Files\WinSCP\unins000.exe"
WMAConvert 2.5.3 --> "C:\Program Files\WMAConvert\unins000.exe"
World Domination Demo --> C:\PROGRA~1\WORLDD~1\UNWISE.EXE C:\PROGRA~1\WORLDD~1\INSTALL.LOG
World in Conflict - DEMO --> C:\Program Files\InstallShield Installation Information\{D24CD157-E4C4-4184-9465-B5C025E736AD}\setup.exe -runfromtemp -l0x0009 -removeonly
WorldPx 3.7.1 --> "C:\Program Files\WorldPx\unins000.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1518 / Warning
Event Submitted/Written: 08/10/2008 07:47:28 PM
Event ID/Source: 22 / Norton AntiVirus
Event Description:
Norton AntiVirus Realtime Protection failed to load.

Event Record #/Type1514 / Warning
Event Submitted/Written: 08/09/2008 01:37:22 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'OutlookMAPI' failed during request for component '{6485D24A-C2AC-11D1-AD3E-00A0C911C9C0}'

Event Record #/Type1512 / Warning
Event Submitted/Written: 08/09/2008 01:37:19 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'OutlookMAPI' failed during request for component '{6485D24A-C2AC-11D1-AD3E-00A0C911C9C0}'

Event Record #/Type1510 / Warning
Event Submitted/Written: 08/09/2008 01:37:15 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'OutlookMAPI' failed during request for component '{6485D24A-C2AC-11D1-AD3E-00A0C911C9C0}'

Event Record #/Type1505 / Warning
Event Submitted/Written: 08/09/2008 01:30:08 PM
Event ID/Source: 22 / Norton AntiVirus
Event Description:
Norton AntiVirus Realtime Protection failed to load.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18869 / Error
Event Submitted/Written: 08/10/2008 07:47:42 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep

Event Record #/Type18867 / Error
Event Submitted/Written: 08/10/2008 07:47:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%2

Event Record #/Type18866 / Error
Event Submitted/Written: 08/10/2008 07:47:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Genesys Logic USB Scanner Controller NT 5.0 service failed to start due to the following error:
%%2

Event Record #/Type18858 / Error
Event Submitted/Written: 08/10/2008 07:46:15 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type18857 / Error
Event Submitted/Written: 08/10/2008 01:34:32 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-08-10 19:52:19 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 511.01 MiB / 141.3 MiB
Pagefile Memory (total/avail): 1248.28 MiB / 928.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.86 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 279.45 GiB total, 6.65 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST330062 2AS SCSI Disk Device - 279.46 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.45 GiB - C:

\\.\PHYSICALDRIVE1 - HP Photosmart C4150 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\MONIEC\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MONIEC-365CC586
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MONIEC
LOGONSERVER=\\MONIEC-365CC586
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MONIEC\LOCALS~1\Temp
TMP=C:\DOCUME~1\MONIEC\LOCALS~1\Temp
USERDOMAIN=MONIEC-365CC586
USERNAME=MONIEC
USERPROFILE=C:\Documents and Settings\MONIEC
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

MONIEC (admin)
Tyler
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Advanced Disk Cleaner 4.7 --> "C:\Program Files\Innovative Solutions\Advanced Disk Cleaner\unins000.exe"
Advanced Uninstaller PRO 2006 - version 7 --> "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\unins000.exe"
Advanced WindowsCare 2.30 Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audible Download Manager --> C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall
Battle.net --> C:\WINDOWS\bnetunin.exe
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD347316-609E-4149-983C-84B40338D38A}\setup.exe" -l0x9 -removeonly
Battleship - Fleet Command (remove only) --> "C:\Program Files\Yahoo! Games\Battleship - Fleet Command\Uninstall.exe"
BearShare --> C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
BitPim 1.0.1 --> "C:\Program Files\BitPim\unins000.exe"
Bodog Poker Version 2.15.9.3 --> "C:\Program Files\Bodog Poker\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll"
BugOff 1.10 --> C:\Documents and Settings\MONIEC\Local Settings\Temp\wz09db\BugOff.exe /uninstall
CDMaster32 --> C:\Program Files\Zittware\CDMaster32\uninstall.exe CDMaster32
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
CorrectConnect --> C:\WINDOWS\ISUninst.exe -f"C:\Program Files\CConnect\Uninst.isu" -c"C:\Program Files\CConnect\Uninst.dll"
Cox Online Support Controls --> "C:\Program Files\SupportSoft\unins000.exe"
dBpowerAMP Arrange Music --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Arrange Music.dat
dBpowerAMP Channel Split --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Channel Split.dat
dBpowerAMP Length Split --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Length Split.dat
dBpoweramp m4a Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpowerAMP Multi-Encoder --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Multi-Encoder.dat
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpowerAMP Rename Extension --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Rename Extension.dat
dBpowerAMP Tag From Filename --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Tag From Filename.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverMagic --> MsiExec.exe /I{5BEB2F46-3723-47CF-BF7F-39C453B9D977}
Easy CD Ripper 2.26 --> C:\Program Files\Kongsoft\Easy CD Ripper\uninst.exe
Free WMA to MP3 Converter 1.08 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Hamachi 1.0.1.1 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iPhoneBrowser --> MsiExec.exe /I{A0F7CEAC-8F77-4936-8DDD-0AD4028A5486}
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MapleStory --> MsiExec.exe /I{9DA92370-2929-4A4D-B3DF-B1651D77C6AA}
MGI PhotoSuite 8.1 (Remove Only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite 8.1\Uninst.isu" -c"C:\Program Files\MGI\PhotoSuite 8.1\CustomUninstall.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo Trial --> "C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mobipocket Reader 6.0 --> MsiExec.exe /I{3B9EF902-F253-4B0A-9EA8-6596BBCB6B28}
Motorola Driver Installation --> MsiExec.exe /I{0D442113-1F96-40DE-948C-5850CE7B8005}
Motorola USB Drivers --> C:\PROGRA~1\MOTORO~1\UNWISE.EXE C:\PROGRA~1\MOTORO~1\INSTALL.LOG
MP3 Player Utilities 3.5.02 --> MsiExec.exe /I{0DE7211B-A7CB-4112-8D62-142A0EBDFAD9}
MP3 Player Utilities 3.68 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Optimizer XP --> MsiExec.exe /I{1724C2C4-1DD8-4BA9-91BB-52E635F45B4F}
OverDrive Media Console --> MsiExec.exe /I{16D9439B-DF3D-43D1-A727-4B335300D07A}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PartyPokerNet --> "C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Program Files\PartyGaming.Net\PartyPokerNet\install.log"
PC Pitstop Exterminate 1.0 --> "C:\Program Files\PCPitstop\Exterminate\unins000.exe"
PC Pitstop Optimize2 2.0 --> "C:\Documents and Settings\MONIEC\Desktop\Spyware\Optimize2\unins000.exe"
PCPitstop Panda AntiVirus Scan (remove only) --> C:\Program Files\PCPitstop\AV\Uninst.exe
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Red Orb Zone for Warlords III: Darklords Rising --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Red Orb Zone\DeIsL1.isu"
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Samsung USB Driver (MCCI 4.34) WHQL v3.0 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FAD03728-DA19-4313-959F-872A9C432A86}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SolSuite --> C:\PROGRA~1\SolSuite\UNWISE.EXE C:\PROGRA~1\SolSuite\INSTALL.LOG
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
Sylvania ® Monitor Driver --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Sylvania\Sylvania Monitor\DeIsL1.isu" -c"C:\Program Files\Sylvania\Sylvania Monitor\_ISREG32.DLL"
Transcoding --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD299C88-F7B4-4868-97EB-DD731B35F4CB}\Setup.exe" -l0x9
TVersity Codec Pack 1.1 --> C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 0.9.11.4 beta --> C:\Program Files\TVersity\Media Server\uninst.exe
Unreal Tournament --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
USB Driver Vers. 3.2 --> C:\Program Files\USB Driver Vers. 3.2\uninstall.exe
USB MP3 Player WIN98 Drivers --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MP3\U-MP3\Uninst.isu"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warcraft II BNE --> C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
Warlords III: Darklords Rising --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\REDORB~1\WARLOR~1\DeIsL1.isu"
WindowBlinds --> C:\PROGRA~1\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
winpwn 2.0.0.3 --> C:\Program Files\winpwn\uninstall winpwn.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.6 --> "C:\Program Files\WinSCP\unins000.exe"
WMAConvert 2.5.3 --> "C:\Program Files\WMAConvert\unins000.exe"
World Domination Demo --> C:\PROGRA~1\WORLDD~1\UNWISE.EXE C:\PROGRA~1\WORLDD~1\INSTALL.LOG
World in Conflict - DEMO --> C:\Program Files\InstallShield Installation Information\{D24CD157-E4C4-4184-9465-B5C025E736AD}\setup.exe -runfromtemp -l0x0009 -removeonly
WorldPx 3.7.1 --> "C:\Program Files\WorldPx\unins000.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1518 / Warning
Event Submitted/Written: 08/10/2008 07:47:28 PM
Event ID/Source: 22 / Norton AntiVirus
Event Description:
Norton AntiVirus Realtime Protection failed to load.

Event Record #/Type1514 / Warning
Event Submitted/Written: 08/09/2008 01:37:22 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'OutlookMAPI' failed during request for component '{6485D24A-C2AC-11D1-AD3E-00A0C911C9C0}'

Event Record #/Type1512 / Warning
Event Submitted/Written: 08/09/2008 01:37:19 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'OutlookMAPI' failed during request for component '{6485D24A-C2AC-11D1-AD3E-00A0C911C9C0}'

Event Record #/Type1510 / Warning
Event Submitted/Written: 08/09/2008 01:37:15 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'OutlookMAPI' failed during request for component '{6485D24A-C2AC-11D1-AD3E-00A0C911C9C0}'

Event Record #/Type1505 / Warning
Event Submitted/Written: 08/09/2008 01:30:08 PM
Event ID/Source: 22 / Norton AntiVirus
Event Description:
Norton AntiVirus Realtime Protection failed to load.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18869 / Error
Event Submitted/Written: 08/10/2008 07:47:42 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep

Event Record #/Type18867 / Error
Event Submitted/Written: 08/10/2008 07:47:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%2

Event Record #/Type18866 / Error
Event Submitted/Written: 08/10/2008 07:47:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Genesys Logic USB Scanner Controller NT 5.0 service failed to start due to the following error:
%%2

Event Record #/Type18858 / Error
Event Submitted/Written: 08/10/2008 07:46:15 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type18857 / Error
Event Submitted/Written: 08/10/2008 01:34:32 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-08-10 19:52:19 ------------

Deckard's System Scanner v20071014.68
Run by MONIEC on 2008-08-10 19:48:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-08-11 02:49:03 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-08-09 21:02:52 UTC - RP2 - System Checkpoint
1: 2008-08-08 02:40:34 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.65 GiB (less than 15%) free.


-- HijackThis (run as MONIEC.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:32, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MONIEC\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MONIEC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152469941828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics....com/serval.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab40641.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab40641.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: karina.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6953 bytes

-- File Associations -----------------------------------------------------------

.bat - unable to read key
.bat - unable to read key
.bat - unable to read key
.com - unable to read key
.com - unable to read key
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.exe - unable to read key
.exe - unable to read key
.lnk - unable to read key
.pif - unable to read key
.reg - unable to read key
.reg - unable to read key
.reg - unable to read key
.scr - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 WmaCDriverV32 - c:\windows\system32\drivers\wmacdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 FINEPIX_PCC (FinePix Digital Camera 020717) - c:\windows\system32\drivers\v4cb011d.sys <Not Verified; FUJI PHOTO FILM CO.,LTD.; USB PC Camera>
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20080521.003\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20080521.003\navex15.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 TVersityMediaServer - "c:\program files\tversity\media server\mediaserver.exe"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-08 07:41:13 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-07-13 12:53:54 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-09 13:05:38 0 d-------- C:\327882R2FWJFW
2008-08-09 12:27:08 1238 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-09 09:30:33 0 d-------- C:\Program Files\Trend Micro
2008-08-08 13:11:35 0 d-------- C:\Program Files\Smart Virus Remover
2008-08-08 13:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-08 13:02:05 0 d-------- C:\VundoFix Backups
2008-08-08 12:50:03 0 d-------- C:\HJT
2008-08-08 10:48:21 0 d-------- C:\bintheredunthat
2008-08-08 10:43:55 0 d-------- C:\BFU
2008-08-06 18:50:04 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Malwarebytes
2008-08-06 18:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 08:33:11 0 d-------- C:\Documents and Settings\MONIEC\Application Data\TmpRecentIcons
2008-08-01 20:24:32 0 d-------- C:\Program Files\iPod
2008-07-30 21:25:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-07-26 07:13:14 0 d--h----- C:\WINDOWS\PIF
2008-07-25 23:53:35 0 d-------- C:\Program Files\WinSCP
2008-07-25 21:19:23 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Uniblue
2008-07-25 18:39:27 0 d-------- C:\Utilities
2008-07-24 23:02:25 0 d-------- C:\Program Files\Bonjour
2008-07-24 22:53:17 0 d-------- C:\Program Files\Safari
2008-07-24 21:37:23 169984 --a------ C:\Documents and Settings\MONIEC\ZiPhoneGUI.exe <Not Verified; ; ZiPhoneGUI>
2008-07-24 21:37:23 301568 --a------ C:\Documents and Settings\MONIEC\ziphone.exe <Not Verified; ZiPhone http://www.ziphone.org; ZiPhone>
2008-07-24 21:37:23 0 d-------- C:\Documents and Settings\MONIEC\no
2008-07-24 21:37:23 6166462 --a------ C:\Documents and Settings\MONIEC\Inga.dat
2008-07-24 21:37:23 3356266 --a------ C:\Documents and Settings\MONIEC\igor.dat
2008-07-24 21:37:23 15 --a------ C:\Documents and Settings\MONIEC\I WANT THE Z ICON BACK.bat
2008-07-24 21:37:23 15 --a------ C:\Documents and Settings\MONIEC\ENTER DFU MODE.bat
2008-07-24 21:37:23 0 d-------- C:\Documents and Settings\MONIEC\docs
2008-07-24 21:37:23 9354 --a------ C:\Documents and Settings\MONIEC\dfu.dat
2008-07-24 21:37:23 17 --a------ C:\Documents and Settings\MONIEC\ACTIVATE JAILBREAK IPHONE.bat
2008-07-24 21:37:21 33550336 --a------ C:\Documents and Settings\MONIEC\zibri.dat
2008-07-24 21:37:21 17 --a------ C:\Documents and Settings\MONIEC\UNLOCK ACTIVATE JAILBREAK IPHONE.bat
2008-07-24 21:37:21 311296 --a------ C:\Documents and Settings\MONIEC\QTMLClient.dll <Not Verified; Apple Inc.; QuickTime>
2008-07-24 21:37:21 17 --a------ C:\Documents and Settings\MONIEC\JAILBREAK IPHONE IPOD.bat
2008-07-24 21:37:21 1085440 --a------ C:\Documents and Settings\MONIEC\iTunesMobileDevice.dll <Not Verified; Apple Inc.; iTunesMobileDevice>


-- Find3M Report ---------------------------------------------------------------

2008-08-09 22:59:16 0 d-------- C:\Program Files\Bodog Poker
2008-08-09 13:18:45 0 d-------- C:\Program Files\Orb Networks
2008-08-09 08:53:19 0 d-------- C:\Program Files\PCPitstop
2008-08-08 07:41:11 0 d-------- C:\Program Files\Apple Software Update
2008-08-01 20:26:34 0 d-------- C:\Program Files\iTunes
2008-07-28 07:24:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-28 07:23:06 0 d-------- C:\Documents and Settings\MONIEC\Application Data\AdobeUM
2008-07-26 22:48:39 0 d-------- C:\Program Files\winpwn
2008-07-26 07:13:02 0 d-------- C:\Program Files\PartyGaming.Net
2008-07-25 19:35:19 0 d-------- C:&
  • 0

#14
rudd815
Posted 10 August 2008 - 10:08 PM

rudd815

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Deckard's System Scanner v20071014.68
Run by MONIEC on 2008-08-10 21:07:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 6.64 GiB (less than 15%) free.


-- HijackThis (run as MONIEC.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:33, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MONIEC\Desktop\dss.lnk
C:\PROGRA~1\TRENDM~1\HIJACK~1\MONIEC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152469941828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics....com/serval.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab40641.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab40641.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6474 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-09 13:05:38 0 d-------- C:\327882R2FWJFW
2008-08-09 12:27:08 1238 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-09 09:30:33 0 d-------- C:\Program Files\Trend Micro
2008-08-08 13:11:35 0 d-------- C:\Program Files\Smart Virus Remover
2008-08-08 13:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-08 13:02:05 0 d-------- C:\VundoFix Backups
2008-08-08 12:50:03 0 d-------- C:\HJT
2008-08-08 10:48:21 0 d-------- C:\bintheredunthat
2008-08-08 10:43:55 0 d-------- C:\BFU
2008-08-06 18:50:04 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Malwarebytes
2008-08-06 18:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 08:33:11 0 d-------- C:\Documents and Settings\MONIEC\Application Data\TmpRecentIcons
2008-08-01 20:24:32 0 d-------- C:\Program Files\iPod
2008-07-30 21:25:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-07-26 07:13:14 0 d--h----- C:\WINDOWS\PIF
2008-07-25 23:53:35 0 d-------- C:\Program Files\WinSCP
2008-07-25 21:19:23 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Uniblue
2008-07-25 18:39:27 0 d-------- C:\Utilities
2008-07-24 23:02:25 0 d-------- C:\Program Files\Bonjour
2008-07-24 22:53:17 0 d-------- C:\Program Files\Safari
2008-07-24 21:37:23 169984 --a------ C:\Documents and Settings\MONIEC\ZiPhoneGUI.exe <Not Verified; ; ZiPhoneGUI>
2008-07-24 21:37:23 301568 --a------ C:\Documents and Settings\MONIEC\ziphone.exe <Not Verified; ZiPhone http://www.ziphone.org; ZiPhone>
2008-07-24 21:37:23 0 d-------- C:\Documents and Settings\MONIEC\no
2008-07-24 21:37:23 6166462 --a------ C:\Documents and Settings\MONIEC\Inga.dat
2008-07-24 21:37:23 3356266 --a------ C:\Documents and Settings\MONIEC\igor.dat
2008-07-24 21:37:23 15 --a------ C:\Documents and Settings\MONIEC\I WANT THE Z ICON BACK.bat
2008-07-24 21:37:23 15 --a------ C:\Documents and Settings\MONIEC\ENTER DFU MODE.bat
2008-07-24 21:37:23 0 d-------- C:\Documents and Settings\MONIEC\docs
2008-07-24 21:37:23 9354 --a------ C:\Documents and Settings\MONIEC\dfu.dat
2008-07-24 21:37:23 17 --a------ C:\Documents and Settings\MONIEC\ACTIVATE JAILBREAK IPHONE.bat
2008-07-24 21:37:21 33550336 --a------ C:\Documents and Settings\MONIEC\zibri.dat
2008-07-24 21:37:21 17 --a------ C:\Documents and Settings\MONIEC\UNLOCK ACTIVATE JAILBREAK IPHONE.bat
2008-07-24 21:37:21 311296 --a------ C:\Documents and Settings\MONIEC\QTMLClient.dll <Not Verified; Apple Inc.; QuickTime>
2008-07-24 21:37:21 17 --a------ C:\Documents and Settings\MONIEC\JAILBREAK IPHONE IPOD.bat
2008-07-24 21:37:21 1085440 --a------ C:\Documents and Settings\MONIEC\iTunesMobileDevice.dll <Not Verified; Apple Inc.; iTunesMobileDevice>


-- Find3M Report ---------------------------------------------------------------

2008-08-09 22:59:16 0 d-------- C:\Program Files\Bodog Poker
2008-08-09 13:18:45 0 d-------- C:\Program Files\Orb Networks
2008-08-09 08:53:19 0 d-------- C:\Program Files\PCPitstop
2008-08-08 07:41:11 0 d-------- C:\Program Files\Apple Software Update
2008-08-01 20:26:34 0 d-------- C:\Program Files\iTunes
2008-07-28 07:24:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-28 07:23:06 0 d-------- C:\Documents and Settings\MONIEC\Application Data\AdobeUM
2008-07-26 22:48:39 0 d-------- C:\Program Files\winpwn
2008-07-26 07:13:02 0 d-------- C:\Program Files\PartyGaming.Net
2008-07-25 19:35:19 0 d-------- C:\Program Files\Spyware Doctor
2008-07-25 18:53:45 0 d-------- C:\Program Files\iLiberty
2008-07-24 23:02:01 0 d-------- C:\Program Files\QuickTime
2008-06-26 16:46:15 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Adobe
2008-06-10 16:48:36 0 d-------- C:\Program Files\WorldPx
2008-05-12 18:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 18:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 18:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 18:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 18:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 18:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [05/25/2005 12:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CorrectConnect.lnk - C:\Program Files\CConnect\CConnect.exe [7/3/2006 10:03:42 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 22:34 24576 C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TPSrv"=2 (0x2)
"PNMSRV"=2 (0x2)
"pmshellsrv"=2 (0x2)
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)
"PAVFNSVR"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-10 21:08:06 ------------
  • 0

#15
Rorschach112
Posted 11 August 2008 - 05:13 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: karina.dat

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Run DSS again, using these instructions:

Click START> Run - then copy the following bold blue text and paste it into the Run box & click OK

"%userprofile%\desktop\dss.exe" /daft

Read the disclaimer and click OK.

Click on Scan.

Place a checkmark next to the entries displayed when the scan is finished then Click on Fix.

Repeat the scan; you should get a message "All Associations OK!"

Next, click Save Log, and post this log in your next reply.




Reboot and do this



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP