Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

awvvs.exe and other problems hjt log [CLOSED]

Started by xxthechaomanxx , Jan 09 2008 09:36 PM

This topic is locked

#1
xxthechaomanxx

Posted 09 January 2008 - 09:36 PM

Member

Member
28 posts

ok my computer is realy messed up when i start my computer black boxes come up saying can not run this program and my computer runs very slow on everything theres tons more but i do not know that much about computers so i dont know whats bad and whats not pleaes help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:42 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [a88e9cc2] rundll32.exe "C:\WINDOWS\system32\xjiiytqn.dll",b
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://local.live.com.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143409083265
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 10448 bytes

#2
sage5

Posted 09 January 2008 - 09:47 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi xxthechaomanxx,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
VundoFix.exe
Deckard's System Scanner
OTMoveIt2 by OldTimer.

Run VundoFix.exe:

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click OK in the new window
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Run Deckard's System Scanner:

Close all other windows before proceeding.
Double click on the dss.exe file on your Desktop and follow the prompts.
Scans will run, and 2 text files will open in Notepad.
Close both of the text files.

These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt, extra.txt and C:\vundofix.txt in your next reply.

Cheers,

sage5

#3
xxthechaomanxx

Posted 12 January 2008 - 11:05 AM

Member

Topic Starter
Member
28 posts

here are those logs and i've notice my computer is running slightly faster

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-01-12 11:44:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
116: 2008-01-12 16:44:49 UTC - RP637 - Deckard's System Scanner Restore Point
115: 2008-01-11 20:20:34 UTC - RP636 - Software Distribution Service 3.0
114: 2008-01-11 04:41:53 UTC - RP635 - System Checkpoint
113: 2008-01-10 03:04:42 UTC - RP634 - RegRun Virus Scan
112: 2008-01-09 11:50:44 UTC - RP633 - RegRun Virus Scan

-- First Restore Point --
1: 2007-12-29 15:30:44 UTC - RP522 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:24 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: {7f40db7f-d41e-308b-0734-3124e1755207} - {7025571e-4213-4370-b803-e14df7bd04f7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\xxyyvvu.dll (file missing)
O2 - BHO: (no name) - {F5B663EC-3295-4ACD-A5A0-E8EFF349F372} - C:\WINDOWS\system32\awvvs.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [a88e9cc2] rundll32.exe "C:\WINDOWS\system32\xjiiytqn.dll",b
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://local.live.com.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143409083265
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O20 - Winlogon Notify: xxyyvvu - xxyyvvu.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 11376 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080101-150917-736 O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Administrator\Desktop\New Folder\rockman.gif
backup-20080101-164416-849 F3 - REG:win.ini: load=C:\WINDOWS\system32\gebya.exe
backup-20080109-221753-471 F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvs.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Partizan - c:\windows\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 ppsio2 (PPDevice) - c:\windows\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>

S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
S3 jatmlano - c:\docume~1\admini~1\locals~1\temp\jatmlano.sys (file missing)
S3 ovt519 (EyeToy) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-01-12 11:00:00 284 --ah----- C:\WINDOWS\Tasks\B473A74593285CC9.job
2008-01-12 10:15:26 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-12 06:37:00 280 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy.job

-- Files created between 2007-12-12 and 2008-01-12 -----------------------------

2008-01-11 23:41:42 76864 --a------ C:\WINDOWS\system32\umextrar.dll
2008-01-11 20:58:26 0 d-------- C:\VundoFix Backups
2008-01-11 18:34:45 0 d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2008-01-11 18:33:58 0 d--h----- C:\Documents and Settings\Administrator\Application Data\GTek
2008-01-11 18:32:39 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-01-11 18:32:39 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-01-09 21:59:36 79936 --a------ C:\WINDOWS\system32\leloaitj.dll
2008-01-09 18:51:50 79936 --a------ C:\WINDOWS\system32\yprfjonx.dll
2008-01-09 03:47:26 0 d-------- C:\qrnt
2008-01-01 17:04:59 1 --a------ C:\WINDOWS\system32\awvvs.exe
2008-01-01 16:51:49 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-01 16:50:45 25600 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-01 16:50:45 31138 --a------ C:\WINDOWS\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-01 16:50:20 0 d-------- C:\Program Files\Greatis
2007-12-29 10:31:29 1 --a------ C:\WINDOWS\system32\gebya.exe
2007-12-29 10:30:31 6323 --ahs---- C:\WINDOWS\system32\aybeg.ini2
2007-12-29 10:22:09 0 d-------- C:\Program Files\QdrDrive
2007-12-27 17:21:31 0 d-------- C:\Program Files\SharewareGuide.net
2007-12-27 15:00:51 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-12-27 15:00:48 0 d-------- C:\Program Files\DVDVideoSoft
2007-12-21 21:32:57 0 d-------- C:\Program Files\Trend Micro
2007-12-21 21:17:13 1152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-14 21:59:35 0 d-------- C:\Program Files\particleIllusion 3.0 demo

-- Find3M Report ---------------------------------------------------------------

2008-01-10 20:02:38 0 d-------- C:\Program Files\StepMania
2008-01-09 06:50:14 0 d-------- C:\Program Files\Windows Defender
2008-01-09 06:50:10 0 d-------- C:\Program Files\QuickTime
2008-01-09 06:50:09 0 d-------- C:\Program Files\iTunes
2008-01-09 06:50:02 0 d-------- C:\Program Files\Visioneer OneTouch
2008-01-09 06:49:59 0 d-------- C:\Program Files\REGSHAVE
2008-01-09 06:49:45 0 d-------- C:\Program Files\BitComet
2008-01-09 06:49:43 0 d-------- C:\Program Files\MSN Messenger
2008-01-09 06:49:42 0 d-------- C:\Program Files\Microsoft Location Finder
2008-01-01 14:25:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2007-12-27 15:00:51 0 d-------- C:\Program Files\Common Files
2007-12-16 19:29:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-14 21:57:33 0 d-------- C:\Program Files\REAPER
2007-12-09 13:22:55 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-12-09 13:14:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\REAPER
2007-12-08 23:23:39 0 d-------- C:\Program Files\HammerHead
2007-12-08 23:09:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-08 22:21:37 0 d-------- C:\Program Files\Frets on Fire
2007-12-08 20:39:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Publish Providers
2007-12-08 20:38:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony
2007-12-08 20:37:41 0 d-------- C:\Program Files\Sony
2007-12-08 20:36:46 0 d-------- C:\Program Files\Vstplugins
2007-12-08 20:35:14 0 d-------- C:\Program Files\Sony Setup
2007-11-05 23:25:13 166535 --a------ C:\WINDOWS\Video Cleaner Uninstaller.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7025571e-4213-4370-b803-e14df7bd04f7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}]
C:\WINDOWS\system32\xxyyvvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5B663EC-3295-4ACD-A5A0-E8EFF349F372}]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/04/2004 02:56 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" []
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" []
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" []
"KBD"="C:\HP\KBD\KBD.EXE" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" []
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 11:01 AM C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" []
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" []
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" []
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" []
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" []
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" []
"SoundMan"="SOUNDMAN.EXE" [04/06/2005 05:57 PM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [04/06/2005 05:53 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [04/12/2005 12:10 AM C:\WINDOWS\ALCMTR.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"CaAvTray"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" []
"CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" []
"EarthLink Installer"=" /C" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"runner1"="C:\WINDOWS\mrofinu11.exe" []
"a88e9cc2"="C:\WINDOWS\system32\xjiiytqn.dll" []
"RegRun WinBait"="C:\WINDOWS\winbait.exe" []
"@RegRunOnSecure"="C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" []
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" []
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoFind"=0 (0x0)
"NoRecentDocsMenu"=1
"NoClose"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}"= C:\WINDOWS\system32\xxyyvvu.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvvu]
xxyyvvu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-01-12 11:51:59 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 511.29 MiB / 164.25 MiB
Pagefile Memory (total/avail): 1247.8 MiB / 979.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.11 MiB

C: is Fixed (NTFS) - 143.69 GiB total, 23.27 GiB free.
D: is Fixed (FAT32) - 5.34 GiB total, 0.66 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 5.35 GiB - D:
\PARTITION1 (bootable) - Installable File System - 143.69 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: eTrust EZ Antivirus v7.0.8.1 (Computer Associates)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WAGENSOMER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\WAGENSOMER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
PS5ROOT=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=WAGENSOMER
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe PhotoDeluxe 2.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\PhotoDeluxe 2.0\DeIsL1.isu"
Adobe Premiere 6.0 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Type Manager 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Advanced RealMedia Export Plug-in for Premiere 6.0 --> C:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Agere Systems PCI Soft Modem --> agrsmdel
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F57D8342-E2E4-46F4-915A-F50817CBCB45}\setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BitComet 0.93 --> C:\Program Files\BitComet\uninst.exe
Cleaner 5 EZ --> C:\WINDOWS\unvise32.exe C:\Program Files\Cleaner 5 EZ\uninstal.log
D-Link VGA Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
Deer Hunter 4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 4\Uninst.isu"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Easy CD & DVD Creator 6 --> MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
eTrust EZ Antivirus --> C:\WINDOWS\unvet32.exe
FinePixViewer Ver.3.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
Free YouTube to iPod Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guitar Guru Version 2.1.4 --> "C:\Program Files\Musicnotes\GuitarGuru\unins000.exe"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HammerHead Rhythm Station --> C:\Program Files\HammerHead\Uninstall.exe
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp deskjet 5100 --> msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> MsiExec.exe /X{2FF363D5-F0FC-47C1-ABB5-FB11845F474F}
HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HPIZ350 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{13616DE2-9795-4910-8C93-80D45AF09658} /l1033
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Halo Trial --> "C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Location Finder --> MsiExec.exe /I{EC637522-73A5-4428-8B46-65A621529CC7}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Publisher 2002 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
My DSC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8A3862C-3280-11D6-B2EA-0050BA18806B}\setup.exe"
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NeoPaint --> C:\PROGRA~1\NEOPAI~1\UNWISE.EXE C:\PROGRA~1\NEOPAI~1\INSTALL.LOG
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
OneTouch Version 3.0 --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PaperPort 7.02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program Files\ScanSoft\PaperPort\UnInstl2.dll"
particleIllusion 3.0.2 demo --> "C:\Program Files\particleIllusion 3.0 demo\uninstall\unins000.exe"
Pepakura Designer2 --> "C:\Program Files\tamasoftware\epuninst.exe" /s
Photo Explosion --> MsiExec.exe /X{6F11CEAE-204F-4BF7-8A4D-C17888497DAE}
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Pinnacle Hollywood FX --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Pinnacle Instant PhotoAlbum --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A835519A-4EFC-4554-9D61-0BB4FC54D81B}\Setup.exe" -l0x9 UNINSTALL
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Print Server --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E6FCE5FA-B7B7-4B7E-B4FB-A8929BC3FB0F}\Setup.exe" -uninst
PrintMaster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A35C2323-3CEA-405C-9569-EF5DDE930B2F}\setup.exe" -l0x9 anything
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1033
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
RegRun Security Suite Standard --> C:\Program Files\Greatis\RegRunSuite\R3UR.exe
River Past Video Cleaner --> C:\WINDOWS\Video Cleaner Uninstaller.exe
RollerCoaster Tycoon® 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Scrapbook Factory Deluxe --> MsiExec.exe /X{225DA7CB-C773-4F68-8068-184C4082C2F1}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Noise Reduction Plug-In 2.0h --> MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 9.0 --> MsiExec.exe /X{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
There (remove only) --> "c:\Program Files\There\ThereClientUninst.exe"
Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exe
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta) --> MsiExec.exe /X{619B8475-0F48-41B7-A370-5147F7092989}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahtzee --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu

-- Application Event Log -------------------------------------------------------

Event Record #/Type14346 / Error
Event Submitted/Written: 01/11/2008 11:00:31 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type14345 / Error
Event Submitted/Written: 01/11/2008 11:00:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type14319 / Warning
Event Submitted/Written: 01/09/2008 09:54:49 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type14317 / Warning
Event Submitted/Written: 01/09/2008 09:25:33 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}', feature 'PMStudio' failed during request for component '{52D216D3-D55C-4103-B06B-0C374C062A6A}'

Event Record #/Type14316 / Warning
Event Submitted/Written: 01/09/2008 09:25:33 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}', feature 'PMStudio', component '{4FD6D090-AB3D-4A86-B014-E7B091F99326}' failed. The resource 'C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe' does not exist.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type8320 / Error
Event Submitted/Written: 01/11/2008 03:14:04 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.149 for the Network Card with network address 00112F36257E has been
denied by the DHCP server 172.31.15.248 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type8318 / Warning
Event Submitted/Written: 01/11/2008 09:29:30 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type8300 / Error
Event Submitted/Written: 01/10/2008 07:50:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type8297 / Error
Event Submitted/Written: 01/10/2008 02:50:13 PM / 01/10/2008 02:50:16 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type8277 / Error
Event Submitted/Written: 01/10/2008 06:25:48 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-01-12 11:51:59 ------------

undoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 8:58:26 PM 1/11/2008

Listing files found while scanning....

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 10:32:20 PM 1/11/2008

Listing files found while scanning....

C:\windows\system32\awvvs.dll
C:\WINDOWS\system32\fdsdfvca.dll
C:\WINDOWS\system32\ojptgjar.dll
C:\windows\system32\svvwa.ini
C:\windows\system32\svvwa.ini2

Beginning removal...

Attempting to delete C:\windows\system32\awvvs.dll
C:\windows\system32\awvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fdsdfvca.dll
C:\WINDOWS\system32\fdsdfvca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ojptgjar.dll
C:\WINDOWS\system32\ojptgjar.dll Has been deleted!

Attempting to delete C:\windows\system32\svvwa.ini
C:\windows\system32\svvwa.ini Has been deleted!

Attempting to delete C:\windows\system32\svvwa.ini2
C:\windows\system32\svvwa.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

there you go

thanks

#4
sage5

Posted 12 January 2008 - 05:29 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi xxthechaomanxx,

There is another scan I would like you to do for me

Please download the following & save to your Desktop:
ComboFix

Run ComboFix:

Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Cheers,

sage5

#5
xxthechaomanxx

Posted 12 January 2008 - 08:11 PM

Member

Topic Starter
Member
28 posts

were is the log for combo fix and it said that my time would switch back but it never did

#6
sage5

Posted 13 January 2008 - 03:18 AM

RIP 10/2009

Retired Staff
2,646 posts

That log file should be C:\Combofix.txt.

The clock you may have to change manually.

Cheers,

sage5.

#7
xxthechaomanxx

Posted 13 January 2008 - 07:02 PM

Member

Topic Starter
Member
28 posts

well this is what i found

ComboFix 08-01-13.1 - Administrator 2008-01-12 20:53:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:37 PM, on 2008-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: {7f40db7f-d41e-308b-0734-3124e1755207} - {7025571e-4213-4370-b803-e14df7bd04f7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - (no file)
O2 - BHO: (no name) - {F5B663EC-3295-4ACD-A5A0-E8EFF349F372} - C:\WINDOWS\system32\awvvs.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [a88e9cc2] rundll32.exe "C:\WINDOWS\system32\xjiiytqn.dll",b
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://local.live.com.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143409083265
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O20 - Winlogon Notify: xxyyvvu - xxyyvvu.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 10736 bytes

also windows installer for easy cd and dvd creator 6 randomly pops up sometimes

#8
sage5

Posted 14 January 2008 - 06:55 AM

RIP 10/2009

Retired Staff
2,646 posts

Hi xxthechaomanxx,

The real time protection used by programs like Windows Defender can interfere with malware cleaning procedures.
Please follow the steps below to temporarily disable Windows Defender

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender

Once your system has been deemed free from malware, you can re-enable Windows Defender's Real Time Protection.

I see you have BitComet installed on your system.
While the program itself is legal, most of the files downloaded with it, are not.
These programs can also be one of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling BitComet as outlined below.

Remove folders & files:

Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
<insert file name(s)>
Please take note of any other programs that you don't recognise in that list, and include them in your next response
Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these folders, (if present):
<insert folder paths>
Delete these files, (if present):
<insert file paths here>

Run HijackThis.

Click the Do a system scan only button.
Check the boxes for the all the entries listed below:

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: {7f40db7f-d41e-308b-0734-3124e1755207} - {7025571e-4213-4370-b803-e14df7bd04f7} - (no file)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\xxyyvvu.dll (file missing)
O2 - BHO: (no name) - {F5B663EC-3295-4ACD-A5A0-E8EFF349F372} - C:\WINDOWS\system32\awvvs.dll (file missing)
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [a88e9cc2] rundll32.exe "C:\WINDOWS\system32\xjiiytqn.dll",b
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O20 - Winlogon Notify: xxyyvvu - xxyyvvu.dll (file missing)

Now close all windows other than HijackThis and click Fix Checked.
Close HijackThis.

b]Create a CombFix Script:[/b]

Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\mrofinu11.exe
C:\WINDOWS\system32\xjiiytqn.dll
C:\WINDOWS\Tasks\B473A74593285CC9.job
C:\WINDOWS\system32\leloaitj.dll
C:\WINDOWS\system32\yprfjonx.dll
C:\WINDOWS\system32\gebya.exe
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\awvvs.exe
C:\WINDOWS\system32\umextrar.dll

Folder::
C:\qrnt
C:\Program Files\BitComet

Driver::
jatmlano

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvvu]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save the above as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
C:\Combofix.txt
A new HijackThis log.

The CD/DVD software we will deal with shortly.

Cheers,

sage5

Edited by sage5, 14 January 2008 - 06:58 AM.

#9
xxthechaomanxx

Posted 14 January 2008 - 02:23 PM

Member

Topic Starter
Member
28 posts

windows defender says cant open this file tmp6f.tmp windows needs to know who created it or something like that

#10
sage5

Posted 15 January 2008 - 02:42 AM

RIP 10/2009

Retired Staff
2,646 posts

Hi xxthechaomanxx,

Slightly different instructions, in that we will remove Windows Defender & reinstall later.

Remove folders & files:

Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
BitComet
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Viewpoint Media Player
Windows Defender Signatures
Windows Defender
Please take note of any other programs that you don't recognise in that list, and include them in your next response

Run HijackThis.

Click the Do a system scan only button.
Check the boxes for the all the entries listed below:

Now close all windows other than HijackThis and click Fix Checked.
Close HijackThis.

Create a CombFix Script:

Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\mrofinu11.exe
C:\WINDOWS\system32\xjiiytqn.dll
C:\WINDOWS\Tasks\B473A74593285CC9.job
C:\WINDOWS\system32\leloaitj.dll
C:\WINDOWS\system32\yprfjonx.dll
C:\WINDOWS\system32\gebya.exe
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\awvvs.exe
C:\WINDOWS\system32\umextrar.dll

Folder::
C:\qrnt
C:\Program Files\BitComet
C:\Program Files\Viewpoint

Driver::
jatmlano

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvvu]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save the above as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
C:\Combofix.txt
A new HijackThis log.

Cheers,

sage5

Edited by sage5, 15 January 2008 - 02:45 AM.

#11
xxthechaomanxx

Posted 15 January 2008 - 03:27 PM

Member

Topic Starter
Member
28 posts

here ya go

ComboFix 08-01-13.1 - Administrator 2008-01-15 16:03:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\mrofinu11.exe
C:\WINDOWS\system32\awvvs.exe
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\gebya.exe
C:\WINDOWS\system32\leloaitj.dll
C:\WINDOWS\system32\umextrar.dll
C:\WINDOWS\system32\xjiiytqn.dll
C:\WINDOWS\system32\yprfjonx.dll
C:\WINDOWS\Tasks\B473A74593285CC9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\BitComet
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\BitComet.xml
C:\Program Files\BitComet\cache\post_info.xml
C:\Program Files\BitComet\cache\rss_index.xml
C:\Program Files\BitComet\dbghelp.dll
C:\Program Files\BitComet\Downloads.xml
C:\Program Files\BitComet\Favourite.xml
C:\Program Files\BitComet\License.rtf
C:\Program Files\BitComet\rules\blocklist.dat
C:\Program Files\BitComet\rules\dhtnodes.dat
C:\Program Files\BitComet\share\my_shares.xml
C:\Program Files\BitComet\tools\BitCometAgent_1.1.7.23.dll
C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
C:\Program Files\BitComet\tools\CometBrowser.exe
C:\Program Files\BitComet\tools\UPNP.exe
C:\Program Files\BitComet\tools\VideoSnapshot.exe
C:\Program Files\BitComet\tools\VistaTcpPatch.exe
C:\Program Files\BitComet\torrents\1018the_way_i_are.zip.xml
C:\Program Files\BitComet\torrents\28833kgwrave_originals__cooking_by_the_book_lil_jon_remix.zip.xml
C:\Program Files\BitComet\torrents\39672quasar.zip.xml
C:\Program Files\BitComet\torrents\5731joncake.zip.xml
C:\Program Files\BitComet\torrents\608quasar.zip.xml
C:\Program Files\BitComet\torrents\6681quasar.zip.xml
C:\Program Files\BitComet\torrents\A.zip.xml
C:\Program Files\BitComet\torrents\AA.rar.xml
C:\Program Files\BitComet\torrents\alan_01_04_iel.zip.xml
C:\Program Files\BitComet\torrents\alan_01_05_iel.zip.xml
C:\Program Files\BitComet\torrents\all_libraries.zip.xml
C:\Program Files\BitComet\torrents\AM-3P (CHAOS Special).zip.xml
C:\Program Files\BitComet\torrents\bag.zip.xml
C:\Program Files\BitComet\torrents\Beavis & Butt-Head.torrent
C:\Program Files\BitComet\torrents\Beavis & Butt-Head.xml
C:\Program Files\BitComet\torrents\blank_iel.zip.xml
C:\Program Files\BitComet\torrents\CHAOS.rar.xml
C:\Program Files\BitComet\torrents\clear.gif.xml
C:\Program Files\BitComet\torrents\Coding_Workshop_Ringtone_Converter_v4.5.1.rar.xml
C:\Program Files\BitComet\torrents\DivXBundle.exe.xml
C:\Program Files\BitComet\torrents\dsbc310_winxp2k98se_driver_110.zip.xml
C:\Program Files\BitComet\torrents\Euro Trip - Unrated.torrent
C:\Program Files\BitComet\torrents\Euro Trip - Unrated.xml
C:\Program Files\BitComet\torrents\eurotrip.torrent
C:\Program Files\BitComet\torrents\eurotrip.xml
C:\Program Files\BitComet\torrents\Fascination MAXX.rar.xml
C:\Program Files\BitComet\torrents\Fixwareout.exe.xml
C:\Program Files\BitComet\torrents\FretsOnFire-1.2.512-win32.exe.xml
C:\Program Files\BitComet\torrents\Google Earth Pro (Crack).rar.torrent
C:\Program Files\BitComet\torrents\Google Earth Pro (Crack).rar.xml
C:\Program Files\BitComet\torrents\Guitar Hero.torrent
C:\Program Files\BitComet\torrents\Guitar Hero.xml
C:\Program Files\BitComet\torrents\Guitar Pro 5.torrent
C:\Program Files\BitComet\torrents\Guitar Pro 5.xml
C:\Program Files\BitComet\torrents\GWAR.torrent
C:\Program Files\BitComet\torrents\GWAR.xml
C:\Program Files\BitComet\torrents\h2_5.31.rar.xml
C:\Program Files\BitComet\torrents\Halo Trial Aimbot.exe.xml
C:\Program Files\BitComet\torrents\HaloTrialSetup.exe.xml
C:\Program Files\BitComet\torrents\HC2Setup.exe.xml
C:\Program Files\BitComet\torrents\hijackthis.zip.xml
C:\Program Files\BitComet\torrents\HJTInstall.exe.xml
C:\Program Files\BitComet\torrents\lightsabers.zip.xml
C:\Program Files\BitComet\torrents\Magic How-To Videos.torrent
C:\Program Files\BitComet\torrents\Magic How-To Videos.xml
C:\Program Files\BitComet\torrents\magic.torrent
C:\Program Files\BitComet\torrents\magic.xml
C:\Program Files\BitComet\torrents\MAX. (period).zip.xml
C:\Program Files\BitComet\torrents\MMFree1_2.zip.xml
C:\Program Files\BitComet\torrents\Morgan Strebler's Liquid Metal.torrent
C:\Program Files\BitComet\torrents\Morgan Strebler's Liquid Metal.xml
C:\Program Files\BitComet\torrents\muppets-Manamana.mp3.xml
C:\Program Files\BitComet\torrents\namtai_eyetoy_drivers.zip.xml
C:\Program Files\BitComet\torrents\NGO.zip.xml
C:\Program Files\BitComet\torrents\Pack 2.torrent
C:\Program Files\BitComet\torrents\Pack 2.xml
C:\Program Files\BitComet\torrents\Pack 3.torrent
C:\Program Files\BitComet\torrents\Pack 3.xml
C:\Program Files\BitComet\torrents\Pack 4.torrent
C:\Program Files\BitComet\torrents\Pack 4.xml
C:\Program Files\BitComet\torrents\PARANOiA (HADES).zip.xml
C:\Program Files\BitComet\torrents\PARANOiA ETERNAL.zip.xml
C:\Program Files\BitComet\torrents\PARANOIA survivor MAX.zip.xml
C:\Program Files\BitComet\torrents\PARANOIA survivor.zip.xml
C:\Program Files\BitComet\torrents\Part-1.html').xml
C:\Program Files\BitComet\torrents\Particle Illusion 3.0.rar.torrent
C:\Program Files\BitComet\torrents\Particle Illusion 3.0.rar.xml
C:\Program Files\BitComet\torrents\Particle Illusion 3.0.zip
C:\Program Files\BitComet\torrents\Particle Illusion.torrent
C:\Program Files\BitComet\torrents\Particle Illusion.xml
C:\Program Files\BitComet\torrents\Penguin Magic - 20 Effects with The Raven.torrent
C:\Program Files\BitComet\torrents\Penguin Magic - 20 Effects with The Raven.xml
C:\Program Files\BitComet\torrents\penguin magic tricks and sleights.torrent
C:\Program Files\BitComet\torrents\penguin magic tricks and sleights.xml
C:\Program Files\BitComet\torrents\pepakura_designer_en_v216_setup.exe.xml
C:\Program Files\BitComet\torrents\pi3_demo_installer.zip.xml
C:\Program Files\BitComet\torrents\pianofx4.exe.xml
C:\Program Files\BitComet\torrents\ppfomatic_version_3.0.zip.xml
C:\Program Files\BitComet\torrents\pre60to.zip.xml
C:\Program Files\BitComet\torrents\pre60to.zip[0].xml
C:\Program Files\BitComet\torrents\project.zip.xml
C:\Program Files\BitComet\torrents\reaper2016-install.exe.xml
C:\Program Files\BitComet\torrents\Reggie and The Full Effect.torrent
C:\Program Files\BitComet\torrents\Reggie and The Full Effect.xml
C:\Program Files\BitComet\torrents\rehansplit.zip.xml
C:\Program Files\BitComet\torrents\Relighting.mov.xml
C:\Program Files\BitComet\torrents\Roadrunner_united_-_In_the_fire_frets_only_by_NikOpOL_freely_distributable.zip.xml
C:\Program Files\BitComet\torrents\SAKURA.zip.xml
C:\Program Files\BitComet\torrents\smafull.exe.xml
C:\Program Files\BitComet\torrents\Songs.torrent
C:\Program Files\BitComet\torrents\Songs.xml
C:\Program Files\BitComet\torrents\soundforge90c-trial_enu.exe.xml
C:\Program Files\BitComet\torrents\spynomore.exe.xml
C:\Program Files\BitComet\torrents\Static X - Wisconsin Death Trip.torrent
C:\Program Files\BitComet\torrents\Static X - Wisconsin Death Trip.xml
C:\Program Files\BitComet\torrents\Stepmania+DDR_mixes_1-8.torrent
C:\Program Files\BitComet\torrents\Stepmania+DDR_mixes_1-8.xml
C:\Program Files\BitComet\torrents\stupid.mp3.xml
C:\Program Files\BitComet\torrents\TRIP MACHINE PhoeniX.zip.xml
C:\Program Files\BitComet\torrents\TRIP MACHINE survivor.zip.xml
C:\Program Files\BitComet\torrents\Unreal.zip.xml
C:\Program Files\BitComet\torrents\volcano.zip.xml
C:\Program Files\BitComet\torrents\WinAVI_Video_Capture.zip.xml
C:\Program Files\BitComet\torrents\Windows-KB890830-V1.30.exe.xml
C:\Program Files\BitComet\torrents\Windows-KB890830-V1.33.exe.xml
C:\Program Files\BitComet\torrents\WindowsDefender.msi.xml
C:\Program Files\BitComet\torrents\Xepher.rar.xml
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\qrnt
C:\WINDOWS\Tasks\B473A74593285CC9.job
.
---- Previous Run -------
.
C:\Program Files\QdrDrive
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awvvs.exe
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\bbfluiny.ini
C:\WINDOWS\system32\bnqgamdg.ini
C:\WINDOWS\system32\gebya.exe
C:\WINDOWS\system32\leloaitj.dll
C:\WINDOWS\system32\nqtyiijx.ini
C:\WINDOWS\system32\oqftjrng.ini
C:\WINDOWS\system32\tuhplwws.ini
C:\WINDOWS\system32\umextrar.dll
C:\WINDOWS\system32\uvuaddwr.ini
C:\WINDOWS\system32\wrvijfee.ini
C:\WINDOWS\system32\yprfjonx.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_JATMLANO
-------\jatmlano

((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-12 20:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 11:44 . 2008-01-12 11:44 <DIR> d-------- C:\Deckard
2008-01-11 20:58 . 2008-01-12 07:48 <DIR> d-------- C:\VundoFix Backups
2008-01-11 18:34 . 2008-01-11 18:34 3,684 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-01-11 18:33 . 2008-01-11 18:34 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\GTek
2008-01-11 18:32 . 2008-01-11 18:34 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2008-01-11 18:32 . 2008-01-11 18:35 <DIR> d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-01-01 16:51 . 2008-01-15 15:46 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-01 16:51 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-01 16:50 . 2008-01-01 16:50 <DIR> d-------- C:\Program Files\Greatis
2008-01-01 16:29 . 2008-01-01 16:29 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-28 00:09 . 2007-12-28 00:13 163,130,198 --a------ C:\Flash_Video_2.mp4
2007-12-27 17:26 . 2007-12-27 17:26 19,079,207 --a------ C:\Flash_Video_1.mp4
2007-12-27 17:21 . 2007-12-27 17:21 <DIR> d-------- C:\Program Files\SharewareGuide.net
2007-12-27 15:00 . 2007-12-27 15:00 <DIR> d-------- C:\Program Files\DVDVideoSoft
2007-12-27 15:00 . 2007-12-27 15:00 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-12-26 20:08 . 2007-12-26 20:08 244 --ah----- C:\sqmnoopt03.sqm
2007-12-26 20:08 . 2007-12-26 20:08 232 --ah----- C:\sqmdata03.sqm
2007-12-21 21:32 . 2007-12-21 21:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 21:17 . 2007-12-21 21:17 1,152 --a------ C:\WINDOWS\system32\windrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-15 20:06 --------- d-----w C:\Program Files\Java
2008-01-15 08:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-11 01:02 --------- d-----w C:\Program Files\StepMania
2008-01-09 11:50 --------- d-----w C:\Program Files\Visioneer OneTouch
2008-01-09 11:50 --------- d-----w C:\Program Files\QuickTime
2008-01-09 11:50 --------- d-----w C:\Program Files\iTunes
2008-01-09 11:49 --------- d-----w C:\Program Files\REGSHAVE
2008-01-09 11:49 --------- d-----w C:\Program Files\MSN Messenger
2008-01-09 11:49 --------- d-----w C:\Program Files\Microsoft Location Finder
2008-01-01 19:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Roxio
2007-12-17 00:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-15 03:11 --------- d-----w C:\Program Files\particleIllusion 3.0 demo
2007-12-15 02:57 --------- d-----w C:\Program Files\REAPER
2007-12-09 18:22 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-09 18:22 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-09 18:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\REAPER
2007-12-09 04:23 --------- d-----w C:\Program Files\HammerHead
2007-12-09 04:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 03:21 --------- d-----w C:\Program Files\Frets on Fire
2007-12-09 01:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Publish Providers
2007-12-09 01:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sony
2007-12-09 01:37 --------- d-----w C:\Program Files\Sony
2007-12-09 01:36 --------- d-----w C:\Program Files\Vstplugins
2007-12-09 01:35 --------- d-----w C:\Program Files\Sony Setup
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 04:25 166,535 ----a-w C:\WINDOWS\Video Cleaner Uninstaller.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-07-09 23:48 131,032 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2001-09-10 14:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-10 13:10 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-08-17 23:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-08-03 23:29 13,824 ----a-w C:\WINDOWS\inf\i386\usbscan.sys
2001-06-29 13:10 163,840 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2007-02-26 05:58 966,533 --sha-w C:\WINDOWS\system32\dcbeg.bak1
.

<pre>
----a-w			15,360 2008-01-01 21:29:55  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-04 02:56 50176]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [ ]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [ ]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [ ]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [ ]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 17:57 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 17:53 2805248 C:\WINDOWS\ALCWZRD.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"CaAvTray"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" [ ]
"CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [ ]
"EarthLink Installer"=" /C" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]
"a88e9cc2"="C:\WINDOWS\system32\xjiiytqn.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\pmremind.exe [2004-10-26 19:21:50]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 20:53:14]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-09 17:47:55]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-05-11 08:17:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time]
@="Service"

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R2 CX23880;Conexant 23880 Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2004-04-07 02:44]
R2 CX88ENC;Conexant 2388x MPEG Encoder;C:\WINDOWS\system32\drivers\cx88enc.sys [2004-04-07 02:44]
R2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2004-04-07 02:44]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 02:49]
R3 CXAVXBAR;Conexant Cx2388x Crossbar Dual Input ;C:\WINDOWS\system32\drivers\cxavxbar.sys [2004-04-07 02:43]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2004-03-14 14:21]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-15 15:46]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 11:37:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy.job"
- C:\PROGRA~1\SPYBOT~1\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 16:14:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 16:18:49 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-01-15 21:18:40
.
2008-01-11 20:20:57 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:07 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [a88e9cc2] rundll32.exe "C:\WINDOWS\system32\xjiiytqn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://local.live.com.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143409083265
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 8859 bytes

#12
sage5

Posted 15 January 2008 - 06:19 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi xxthechaomanxx,

There are a whole lot of startup entries in the HijackThis log that point to files missing.
I am not quite sure why they should be missing, but we can get rid of the startup entries, which should get rid of a lot of the warnings you are getting.

Run HijackThis.

Click the Do a system scan only button.
Check the boxes for the all the entries listed below:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [a88e9cc2] rundll32.exe "C:\WINDOWS\system32\xjiiytqn.dll",b
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

Now close all windows other than HijackThis and click Fix Checked.
Close HijackThis.

The following programs need to be uninstalled & reinstalled to work properly:

Remove folders & files:

Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
Visioneer scanner software
Java
HP printer software & drivers
HP keyboard drivers
Easy CD Creator 6
iTunes
eTrust Internet Security Suite
eTrust EZ Antivirus
Windows Defender
SpyNoMore
Please take note of any other programs that you don't recognise in that list, and include them in your next response
Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these files, (if present):
C:\sqmnoopt03.sqm
C:\sqmdata03.sqm
C:\WINDOWS\system32\dcbeg.bak1

Re install all the security programs that you can, like eTrust Internet Security Suite, eTrust EZ Antivirus, Windows Defender etc.

System File Checker:

Go to Start > Run and type sfc /scannow (Note the space between the c & the /)
/scannow starts the System File Checker immediately.
You will probably need your Windows XP CD to be handy as it may be required.
If you have Service Pack 2 installed, you will need the SP2 version of the CD. This can be done with a borrowed CD, if you don't have one.
Allow the scan to run and when complete reboot the system

Shut down & Reboot normally:
Run HijackThis again:

Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
Start your Web Browser and navigate back to this thread.
Click the Add Reply button
Copy and Paste the text into the Reply window.

Please include a note to tell me how your PC is running now.

Cheers,

sage5

#13
xxthechaomanxx

Posted 17 January 2008 - 01:51 PM

Member

Topic Starter
Member
28 posts

sorry it might take a while im still lookin for the disk

#14
sage5

Posted 19 February 2008 - 08:06 AM

RIP 10/2009

Retired Staff
2,646 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.