Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer?


  • Please log in to reply
10 replies to this topic

#1 pistol44

pistol44

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 21 August 2007 - 11:44 PM

hello and thx for any help that i may receive. here are some stats:

cant log onto internet explorer. desktop has changed. cant open sessions or recycle bin from desktop. im not the sharpest tool in the shed when it comes to pc's, so here we go. here is a log from Hijack this
this was run in normal mode.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:23 PM, on 8/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\little\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

thx!!

BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 22 August 2007 - 11:13 AM

Hello pistol44, I'm just looking over your log and will get back to you soon.

#3 pistol44

pistol44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 22 August 2007 - 12:00 PM

thx very much!

#4 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 24 August 2007 - 04:06 AM

Hello pistol44, my name is Rorschach and I'll be helping you with your problems.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


#5 pistol44

pistol44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 24 August 2007 - 07:56 AM

Rorschach-
thx for helping !!

Deckard's System Scanner v20070819.64
Run by little on 2007-08-24 07:38:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2007-08-24 12:38:37 UTC - RP45 - Deckard's System Scanner Restore Point
44: 2007-08-24 06:22:04 UTC - RP44 - System Checkpoint
43: 2007-08-23 04:18:54 UTC - RP43 - Restore Operation
42: 2007-08-23 04:13:04 UTC - RP42 - Restore Operation
41: 2007-08-23 03:54:08 UTC - RP41 - Restore Operation


-- First Restore Point --
1: 2007-08-15 12:28:47 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as little.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-24 07:40:30
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.0.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\found.001\dir0000.chk\iexplore.exe
C:\Documents and Settings\little\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/b/d.../WebCleaner.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\SYSTEM32\msvidctl.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: termsrv - C:\WINDOWS\System32\
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\System32\
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\SYSTEM32\NMSSvc.Exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - "C:\Program Files\Eset\nod32krn.exe"
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - "C:\WINDOWS\wanmpsvc.exe"



-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - unable to read value
.cmd - cmdfile - shell\edit\command - unable to read value
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf - unable to read key
.inf - unable to read key
.ini - inifile - DefaultIcon - unable to read value
.ini - inifile - shell\open\command - notepad.exe %1
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\edit\command - unable to read value
.txt - txtfile - DefaultIcon - unable to read value
.txt - txtfile - shell\open\command - notepad.exe %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S0 AVG Anti-Rootkit - c:\windows\system32\drivers\avgarkt.sys (file missing)
S1 AvgArCln (Avg Anti-Rootkit Clean Driver) - c:\windows\system32\drivers\avgarcln.sys (file missing)
S3 giveio - c:\windows\system32\giveio.sys
S3 MEMSWEEP2 - c:\windows\system32\7db.tmp (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdpndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 AOLService (AOL Spyware Protection Service) - c:\program files\common files\aol\aol spyware protection\\aolserv.exe
S2 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
S3 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
S4 ASCService (Aluria Security Center Spyware Eliminator Service) -
S4 Diskeeper -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-24 03:15:59 392 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-08-19 12:24:40 480 --a------ C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2007-07-24 and 2007-08-24 -----------------------------

2007-08-23 23:32:20 0 d-------- C:\Program Files\RogueRemover FREE
2007-08-23 23:31:07 0 d-------- C:\WINDOWS\LastGood
2007-08-22 23:19:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-22 22:54:02 6643712 --a------ C:\Documents and Settings\little\ntuser.dat
2007-08-20 17:47:45 0 d-------- C:\Program Files\Yahoo! Games
2007-08-19 18:07:46 0 d------c- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-08-18 22:16:19 0 dr-h----- C:\Documents and Settings\john david\Recent
2007-08-18 22:16:19 0 d--h----- C:\Documents and Settings\john david\NetHood
2007-08-18 22:11:49 0 d-------- C:\Documents and Settings\john david\Application Data\WinPatrol
2007-08-18 19:52:46 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-08-18 17:15:22 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-18 14:17:08 0 d------c- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2007-08-18 14:14:56 0 d-------- C:\Program Files\bfgclient
2007-08-17 23:19:01 0 d-------- C:\Documents and Settings\little\Incomplete
2007-08-16 22:47:01 0 d-------- C:\Documents and Settings\john david\Application Data\MSN6
2007-08-15 22:38:47 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-15 22:38:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-15 22:38:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-15 16:12:17 0 d------c- C:\_backupD
2007-08-15 16:12:10 16384 --a------ C:\WINDOWS\System32\restart.exe <Not Verified; WareSoft Software; restart>
2007-08-15 16:12:10 4096 --a------ C:\WINDOWS\System32\reboot.exe
2007-08-15 16:12:09 0 d-------- C:\WINDOWS\System32\regdacl
2007-08-15 16:12:09 90112 --a------ C:\WINDOWS\System32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
2007-08-15 07:34:22 0 d---s---- C:\Documents and Settings\john david\Cookies
2007-08-14 16:36:57 0 d------c- C:\Documents and Settings\All Users\Application Data\McAfee
2007-08-14 16:20:12 262144 --a------ C:\Documents and Settings\john david\ntuser.dat
2007-08-13 23:22:17 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-13 21:15:25 0 d-------- C:\Program Files\Games
2007-08-13 21:14:07 0 d------c- C:\Downloads
2007-08-13 17:34:26 0 d-------- C:\Program Files\Lavasoft
2007-08-13 17:20:17 0 d-------- C:\Documents and Settings\john david\Application Data\SUPERAntiSpyware.com
2007-08-12 23:06:06 0 dr-h----- C:\Documents and Settings\little\Recent
2007-08-12 21:57:37 298104 --a------ C:\WINDOWS\System32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-08-12 00:30:42 0 d--h----- C:\Documents and Settings\little\NetHood
2007-08-09 20:09:29 0 d-------- C:\WINDOWS\Internet Logs
2007-08-05 22:57:01 0 d------c- C:\Documents and Settings\All Users\Application Data\RH_Backups
2007-08-04 09:58:12 0 --a------ C:\WINDOWS\System32\suupdate.dat
2007-08-04 09:58:06 0 --a------ C:\WINDOWS\System32\mssurun.dat
2007-08-04 09:57:39 269824 --a------ C:\WINDOWS\System32\supermenuhook.dll
2007-07-30 20:34:47 0 d-------- C:\Documents and Settings\little\Application Data\EA
2007-07-30 20:34:10 0 d------c- C:\Documents and Settings\All Users\Application Data\EA
2007-07-30 17:53:21 0 d-------- C:\Documents and Settings\little\Application Data\Eyeblaster
2007-07-30 17:53:18 0 d------c- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-07-30 17:48:59 0 d-------- C:\Documents and Settings\little\Application Data\GameHouse
2007-07-27 17:02:45 0 d-a----c- C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-27 16:56:31 45312 --a------ C:\WINDOWS\System32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
2007-07-27 16:56:31 55936 --a------ C:\WINDOWS\System32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
2007-07-27 16:56:30 0 d-------- C:\WINDOWS\Drivers
2007-07-27 16:50:31 91 --a------ C:\WINDOWS\vmreg32.dll
2007-07-27 16:49:37 0 d-------- C:\Documents and Settings\All Users\Templates


-- Find3M Report ---------------------------------------------------------------

2007-08-23 23:18:44 0 d-------- C:\Program Files\Soulseek
2007-08-22 23:11:42 0 d-a------ C:\Program Files\Common Files
2007-08-22 21:58:40 0 d-------- C:\Documents and Settings\little\Application Data\LimeWire
2007-08-19 18:08:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-16 22:57:59 0 d-------- C:\Program Files\America Online 8.0
2007-08-14 21:28:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-14 09:15:54 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-14 09:03:38 0 d-------- C:\Program Files\Common Files\aolshare
2007-08-14 08:07:16 0 d-------- C:\Documents and Settings\little\Application Data\My Games
2007-08-09 20:18:38 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-08-06 20:44:30 0 d-------- C:\Program Files\SpywareBlaster
2007-07-27 16:55:57 0 d-------- C:\Program Files\intel
2007-07-22 00:07:35 0 d-------- C:\Program Files\Common Files\PC Tools
2007-06-30 17:03:21 130 --a------ C:\Documents and Settings\little\Application Data\TilelanderPreferences.ini
2007-06-29 19:46:47 0 d-------- C:\Documents and Settings\little\Application Data\PlayFirst
2007-06-25 22:19:28 0 d-------- C:\Documents and Settings\little\Application Data\SUPERAntiSpyware.com
2007-06-25 22:13:53 0 d-------- C:\Program Files\Norton AntiVirus
2007-06-25 22:11:42 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-06-25 21:56:58 1266 --a------ C:\WINDOWS\System32\tmp.reg
2007-06-06 11:28:32 577536 --a------ C:\WINDOWS\System32\EbAdServingT25.dll <Not Verified; Eyeblaster Ltd.; Eyeblaster's Gaming Client SDK>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\little\Start Menu\Programs\Startup\
DESKTOP.INI [8/31/2001 11:50:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/31/2001 11:50:56 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegedit"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"DisableLocalMachineRun"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"svcWRSSSDK"=2 (0x2)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2007-08-24 07:42:42 ------------

Deckard's System Scanner v20070819.64
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 255 MiB / 58 MiB
Pagefile Memory (total/avail): 617.47 MiB / 432.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.89 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 28.6 GiB total, 4.22 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\little\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALLENE
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\little
LOGONSERVER=\\ALLENE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\little\LOCALS~1\Temp
TMP=C:\DOCUME~1\little\LOCALS~1\Temp
USERDOMAIN=ALLENE
USERNAME=little
USERPROFILE=C:\Documents and Settings\little
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
little (admin)
john david (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
BroadJump CorrectConnect Engine --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\CorrectConnect Engine\Uninst.isu" -c"C:\Program Files\BroadJump\CorrectConnect Engine\CCDUninstall.dll" -b"CCD" -h"CCD"
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Conexant HSF V92 56K RTAD Speakerphone PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HXFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{5380B111-5047-413D-A6E5-70D69391D08E}
ebgcRes --> MsiExec.exe /X{79159A4E-1DD4-4FEA-9FDD-E94B7C5DDA47}
ebgcRes --> MsiExec.exe /X{A1ED76E5-38E7-4D70-9D83-6D953A72311F}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
ebgcSDK --> MsiExec.exe /X{53B2D537-21CF-44D5-A03A-0DAF993B5728}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Help and Support Customization -->
Hide IP Platinum 3.42 --> "C:\Program Files\Hide IP Platinum\unins000.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\little\Desktop\HijackThis.exe /uninstall
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
IObit SmartDefrag Beta3 --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\little\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_d0d80c\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark Supplies Monitor --> C:\WINDOWS\System32\LXSMUNIN.EXE
Lexmark Z25-Z35 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXAXUN5C.EXE -dLexmark Z25-Z35
Lexmark Z600 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Loader --> "C:\Program Files\Loader\unins000.exe"
Medic --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Road Runner\Medic\Uninst.isu" -c"C:\Program Files\Road Runner\Medic\SCUninstall.dll" -b"SmartConnect" -h"SmartConnect"
Microsoft .NET Compact Framework 2.0 SP1 -->
Microsoft Office 2000 Resource Kit Tools and Utilities --> MsiExec.exe /I{EF5F8554-0001-11d2-92F2-00104BC947F0}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\little\Application Data\Move Networks\ie_bin\unins000.exe"
MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Privacy Mantra --> "C:\Program Files\Privacy Mantra 2.02\Uninstall.exe" "C:\Program Files\Privacy Mantra 2.02\install.log" -u
Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
SCRABBLE --> C:\PROGRA~1\YAHOO!~1\Scrabble\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\Scrabble\INSTALL.LOG
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
WebFldrs XP -->
WebIQ Client Software --> C:\WINDOWS\System32\WebIQInstall.exe /u
WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL2.isu" -cC:\PROGRA~1\BILLPS~1\WINPAT~1\_ISREG32.DLL
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Your Uninstaller! 2006 Version 5 --> "C:\Program Files\Your Uninstaller 2006\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type224 / Error
Event Submitted/Written: 08/21/2007 10:29:17 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type223 / Error
Event Submitted/Written: 08/21/2007 10:29:17 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type222 / Error
Event Submitted/Written: 08/21/2007 10:21:28 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type221 / Error
Event Submitted/Written: 08/21/2007 10:21:28 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type190 / Error
Event Submitted/Written: 08/19/2007 06:05:03 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7624 / Warning
Event Submitted/Written: 08/23/2007 11:20:06 PM
Event ID/Source: 7 / Remote Desktop Help Session Manager
Event Description:
The session resolver did not start properly (error code 0x80040154). Remote Assistance will be disabled. The Help and Support service session resolver is not set up properly. Rerun Windows XP Setup. If the problem persists, contact Microsoft Product Support.

Event Record #/Type7619 / Warning
Event Submitted/Written: 08/23/2007 01:00:12 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type7616 / Warning
Event Submitted/Written: 08/22/2007 11:20:59 PM
Event ID/Source: 7 / Remote Desktop Help Session Manager
Event Description:
The session resolver did not start properly (error code 0x80040154). Remote Assistance will be disabled. The Help and Support service session resolver is not set up properly. Rerun Windows XP Setup. If the problem persists, contact Microsoft Product Support.

Event Record #/Type7610 / Warning
Event Submitted/Written: 08/22/2007 11:12:39 PM
Event ID/Source: 7 / Remote Desktop Help Session Manager
Event Description:
The session resolver did not start properly (error code 0x80040154). Remote Assistance will be disabled. The Help and Support service session resolver is not set up properly. Rerun Windows XP Setup. If the problem persists, contact Microsoft Product Support.

Event Record #/Type7603 / Warning
Event Submitted/Written: 08/22/2007 10:55:58 PM
Event ID/Source: 7 / Remote Desktop Help Session Manager
Event Description:
The session resolver did not start properly (error code 0x80040154). Remote Assistance will be disabled. The Help and Support service session resolver is not set up properly. Rerun Windows XP Setup. If the problem persists, contact Microsoft Product Support.



-- End of Deckard's System Scanner: finished at 2007-08-24 07:42:42 ------------


this is the scan from the user profile that has most of the problems- i thought both user scans may be helpful since they are both used regularly.

Deckard's System Scanner v20070819.64
Run by john david on 2007-08-24 07:50:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as john david.exe) ------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-24 07:50:43
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.0.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\little\Desktop\dss.exe

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R3 - Default URLSearchHook is missing
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\mswsock.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\winrnr.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\mswsock.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/b/d.../WebCleaner.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\SYSTEM32\msvidctl.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\System32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy - C:\WINDOWS\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\System32\
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\System32\
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\SYSTEM32\NMSSvc.Exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - "C:\Program Files\Eset\nod32krn.exe"
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - "C:\WINDOWS\wanmpsvc.exe"



-- Files created between 2007-07-24 and 2007-08-24 -----------------------------

2007-08-23 23:32:20 0 d-------- C:\Program Files\RogueRemover FREE
2007-08-23 23:31:07 0 d-------- C:\WINDOWS\LastGood
2007-08-22 23:19:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-22 22:54:02 6643712 --a------ C:\Documents and Settings\little\ntuser.dat
2007-08-20 17:47:45 0 d-------- C:\Program Files\Yahoo! Games
2007-08-19 18:07:46 0 d------c- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-08-18 22:16:19 0 dr-h----- C:\Documents and Settings\john david\Recent
2007-08-18 22:16:19 0 d--h----- C:\Documents and Settings\john david\NetHood
2007-08-18 22:11:49 0 d-------- C:\Documents and Settings\john david\Application Data\WinPatrol
2007-08-18 19:58:23 67072 --a------ C:\WINDOWS\System32\usbui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-18 19:58:21 53120 --a------ C:\WINDOWS\System32\drivers\usbhub.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-18 19:58:19 19328 --a------ C:\WINDOWS\System32\drivers\usbuhci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-18 19:58:19 138752 --a------ C:\WINDOWS\System32\drivers\usbport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-18 19:52:46 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-08-18 17:15:22 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-18 14:17:08 0 d------c- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2007-08-18 14:14:56 0 d-------- C:\Program Files\bfgclient
2007-08-17 23:19:01 0 d-------- C:\Documents and Settings\little\Incomplete
2007-08-16 22:47:01 0 d-------- C:\Documents and Settings\john david\Application Data\MSN6
2007-08-15 22:38:47 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-15 22:38:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-15 22:38:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-15 16:12:17 0 d------c- C:\_backupD
2007-08-15 16:12:10 16384 --a------ C:\WINDOWS\System32\restart.exe <Not Verified; WareSoft Software; restart>
2007-08-15 16:12:10 4096 --a------ C:\WINDOWS\System32\reboot.exe
2007-08-15 16:12:09 0 d-------- C:\WINDOWS\System32\regdacl
2007-08-15 16:12:09 90112 --a------ C:\WINDOWS\System32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
2007-08-15 07:34:22 0 d---s---- C:\Documents and Settings\john david\Cookies
2007-08-14 16:36:57 0 d------c- C:\Documents and Settings\All Users\Application Data\McAfee
2007-08-14 16:20:12 262144 --a------ C:\Documents and Settings\john david\ntuser.dat
2007-08-13 23:22:17 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-13 21:15:25 0 d-------- C:\Program Files\Games
2007-08-13 21:14:07 0 d------c- C:\Downloads
2007-08-13 17:34:26 0 d-------- C:\Program Files\Lavasoft
2007-08-13 17:20:17 0 d-------- C:\Documents and Settings\john david\Application Data\SUPERAntiSpyware.com
2007-08-12 23:06:06 0 dr-h----- C:\Documents and Settings\little\Recent
2007-08-12 21:57:37 298104 --a------ C:\WINDOWS\System32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-08-12 00:30:42 0 d--h----- C:\Documents and Settings\little\NetHood
2007-08-09 20:09:29 0 d-------- C:\WINDOWS\Internet Logs
2007-08-05 22:57:01 0 d------c- C:\Documents and Settings\All Users\Application Data\RH_Backups
2007-08-04 09:58:12 0 --a------ C:\WINDOWS\System32\suupdate.dat
2007-08-04 09:58:06 0 --a------ C:\WINDOWS\System32\mssurun.dat
2007-08-04 09:57:39 269824 --a------ C:\WINDOWS\System32\supermenuhook.dll
2007-07-30 20:34:47 0 d-------- C:\Documents and Settings\little\Application Data\EA
2007-07-30 20:34:10 0 d------c- C:\Documents and Settings\All Users\Application Data\EA
2007-07-30 17:53:21 0 d-------- C:\Documents and Settings\little\Application Data\Eyeblaster
2007-07-30 17:53:18 0 d------c- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-07-30 17:48:59 0 d-------- C:\Documents and Settings\little\Application Data\GameHouse
2007-07-27 17:02:45 0 d-a----c- C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-27 16:56:31 45312 --a------ C:\WINDOWS\System32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
2007-07-27 16:56:31 55936 --a------ C:\WINDOWS\System32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
2007-07-27 16:56:30 0 d-------- C:\WINDOWS\Drivers
2007-07-27 16:56:05 62976 --a------ C:\WINDOWS\System32\drivers\pci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-27 16:50:31 91 --a------ C:\WINDOWS\vmreg32.dll
2007-07-27 16:49:37 0 d-------- C:\Documents and Settings\All Users\Templates


-- Find3M Report ---------------------------------------------------------------

2007-08-23 23:18:44 0 d-------- C:\Program Files\Soulseek
2007-08-22 23:11:42 0 d-a------ C:\Program Files\Common Files
2007-08-19 18:08:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-16 22:57:59 0 d-------- C:\Program Files\America Online 8.0
2007-08-14 21:28:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-14 09:15:54 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-14 09:03:38 0 d-------- C:\Program Files\Common Files\aolshare
2007-08-09 20:18:38 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-08-06 20:44:30 0 d-------- C:\Program Files\SpywareBlaster
2007-07-27 16:55:57 0 d-------- C:\Program Files\intel
2007-07-22 00:07:35 0 d-------- C:\Program Files\Common Files\PC Tools
2007-06-25 22:13:53 0 d-------- C:\Program Files\Norton AntiVirus
2007-06-25 22:11:42 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-06-25 21:56:58 1266 --a------ C:\WINDOWS\System32\tmp.reg
2007-06-06 11:28:32 577536 --a------ C:\WINDOWS\System32\EbAdServingT25.dll <Not Verified; Eyeblaster Ltd.; Eyeblaster's Gaming Client SDK>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"DisableLocalMachineRun"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"svcWRSSSDK"=2 (0x2)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2007-08-24 07:51:11 ------------

#6 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 26 August 2007 - 07:15 AM

Hello pistol44

Are you able to open up Internet Explorer now? If you are then load it up and run another HijackThis scan, not a DSS scan though.



Run DSS again, using these instructions:

Click START> Run - then copy the following bold blue text and paste it into the Run box & click OK

"%userprofile%\desktop\dss.exe" /daft

Read the disclaimer and click OK.

Click on Scan.

Place a checkmark next to the entries displayed when the scan is finished then Click on Fix.

Repeat the scan; you should get a message "All Associations OK!"

Next, click Save Log, and post this log in your next reply.



Next :

You should back up all your data as you have some serious problems that include possible hard drive which may not be recoverable. Then I need to get a detailed description from you of your PC problems, tell me what were you doing before this happened, and what have you done to fix it?


Have you got error messages and have you done a disk check?


How old is your machine and do you have the Windows CD or recovery disks? Was it upgraded from an earlier version such as Win2000 and do you have access to another computer?


Could you also tell me if you know anything about this entry

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW


Please make sure to answer all the questions in your next reply.

#7 pistol44

pistol44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 26 August 2007 - 11:59 AM

here is the hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:47 AM, on 8/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3565 bytes



DAFT Log saved on 2007-08-26 11:24:49
-----------------------------------------------------------------------
All associations okay!


Next :

You should back up all your data as you have some serious problems that include possible hard drive which may not be recoverable. Then I need to get a detailed description from you of your PC problems, tell me what were you doing before this happened, and what have you done to fix it? how do i back it up?

Have you got error messages and have you done a disk check? yes i did a dskchk


How old is your machine and do you have the Windows CD or recovery disks? Was it upgraded from an earlier version such as Win2000 and do you have access to another computer? 2001 dell xp no upgrades i may be able to find the recovery disk
i am communicating with you from the pc that i am having problems with, another user profile.

Could you also tell me if you know anything about this entry

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW - no, i dont know anything about that entry

thx very much for your time!!!

also, here is a dss scan from the problem user profile-




Deckard's System Scanner v20070819.64
Run by john david on 2007-08-26 11:54:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 3.98 GiB (less than 15%) free.


-- HijackThis (run as john david.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:28 AM, on 8/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\john david\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\john david.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3609 bytes

-- Files created between 2007-07-26 and 2007-08-26 -----------------------------

2007-08-26 11:22:30 3566 --a----c- C:\hijackthis 8-25
2007-08-25 12:02:26 0 d-------- C:\Program Files\Trend Micro
2007-08-24 19:03:38 0 d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2007-08-24 17:55:43 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-08-24 17:55:16 59904 --a------ C:\WINDOWS\System32\drivers\mvstdi5x.sys <Not Verified; McAfee Inc.; VirusScan>
2007-08-24 17:55:15 117024 --a------ C:\WINDOWS\System32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>
2007-08-24 17:55:04 0 d------c- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-08-24 17:54:33 0 d-------- C:\Program Files\Network Associates
2007-08-24 17:54:33 0 d-------- C:\Program Files\Common Files\Network Associates
2007-08-22 23:19:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-22 22:54:02 6815744 --a------ C:\Documents and Settings\little\ntuser.dat
2007-08-20 17:47:45 0 d-------- C:\Program Files\Yahoo! Games
2007-08-19 18:07:46 0 d------c- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-08-18 22:16:19 0 dr-h----- C:\Documents and Settings\john david\Recent
2007-08-18 22:16:19 0 d--h----- C:\Documents and Settings\john david\NetHood
2007-08-18 22:11:49 0 d-------- C:\Documents and Settings\john david\Application Data\WinPatrol
2007-08-18 19:58:23 67072 --a------ C:\WINDOWS\System32\usbui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-18 19:58:21 53120 --a------ C:\WINDOWS\System32\drivers\usbhub.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-18 19:58:19 19328 --a------ C:\WINDOWS\System32\drivers\usbuhci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-18 19:58:19 138752 --a------ C:\WINDOWS\System32\drivers\usbport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-18 19:52:46 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-08-18 17:15:22 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-18 14:17:08 0 d------c- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2007-08-18 14:14:56 0 d-------- C:\Program Files\bfgclient
2007-08-17 23:19:01 0 d-------- C:\Documents and Settings\little\Incomplete
2007-08-16 22:47:01 0 d-------- C:\Documents and Settings\john david\Application Data\MSN6
2007-08-15 22:38:47 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-15 22:38:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-15 22:38:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-15 16:12:17 0 d------c- C:\_backupD
2007-08-15 16:12:10 16384 --a------ C:\WINDOWS\System32\restart.exe <Not Verified; WareSoft Software; restart>
2007-08-15 16:12:10 4096 --a------ C:\WINDOWS\System32\reboot.exe
2007-08-15 16:12:09 0 d-------- C:\WINDOWS\System32\regdacl
2007-08-15 16:12:09 90112 --a------ C:\WINDOWS\System32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
2007-08-15 07:34:22 0 d---s---- C:\Documents and Settings\john david\Cookies
2007-08-14 16:36:57 0 d------c- C:\Documents and Settings\All Users\Application Data\McAfee
2007-08-14 16:20:12 262144 --a------ C:\Documents and Settings\john david\ntuser.dat
2007-08-13 23:22:17 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-13 21:15:25 0 d-------- C:\Program Files\Games
2007-08-13 21:14:07 0 d------c- C:\Downloads
2007-08-13 17:34:26 0 d-------- C:\Program Files\Lavasoft
2007-08-13 17:20:17 0 d-------- C:\Documents and Settings\john david\Application Data\SUPERAntiSpyware.com
2007-08-12 23:06:06 0 dr-h----- C:\Documents and Settings\little\Recent
2007-08-12 21:57:37 298104 --a------ C:\WINDOWS\System32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-08-12 00:30:42 0 d--h----- C:\Documents and Settings\little\NetHood
2007-08-09 20:09:29 0 d-------- C:\WINDOWS\Internet Logs
2007-08-05 22:57:01 0 d------c- C:\Documents and Settings\All Users\Application Data\RH_Backups
2007-08-04 09:58:12 0 --a------ C:\WINDOWS\System32\suupdate.dat
2007-08-04 09:58:06 0 --a------ C:\WINDOWS\System32\mssurun.dat
2007-08-04 09:57:39 269824 --a------ C:\WINDOWS\System32\supermenuhook.dll
2007-07-30 20:34:47 0 d-------- C:\Documents and Settings\little\Application Data\EA
2007-07-30 20:34:10 0 d------c- C:\Documents and Settings\All Users\Application Data\EA
2007-07-30 17:53:21 0 d-------- C:\Documents and Settings\little\Application Data\Eyeblaster
2007-07-30 17:53:18 0 d------c- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-07-30 17:48:59 0 d-------- C:\Documents and Settings\little\Application Data\GameHouse
2007-07-27 17:02:45 0 d-a----c- C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-27 16:56:31 45312 --a------ C:\WINDOWS\System32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
2007-07-27 16:56:31 55936 --a------ C:\WINDOWS\System32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
2007-07-27 16:56:30 0 d-------- C:\WINDOWS\Drivers
2007-07-27 16:56:05 62976 --a------ C:\WINDOWS\System32\drivers\pci.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-27 16:50:31 91 --a------ C:\WINDOWS\vmreg32.dll
2007-07-27 16:49:37 0 d-------- C:\Documents and Settings\All Users\Templates


-- Find3M Report ---------------------------------------------------------------

2007-08-25 11:39:51 0 d-------- C:\Program Files\Soulseek
2007-08-24 17:55:43 0 d-a------ C:\Program Files\Common Files
2007-08-19 18:08:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-16 22:57:59 0 d-------- C:\Program Files\America Online 8.0
2007-08-14 21:28:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-14 09:15:54 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-14 09:03:38 0 d-------- C:\Program Files\Common Files\aolshare
2007-08-09 20:18:38 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-08-06 20:44:30 0 d-------- C:\Program Files\SpywareBlaster
2007-07-27 16:55:57 0 d-------- C:\Program Files\intel
2007-07-22 00:07:35 0 d-------- C:\Program Files\Common Files\PC Tools
2007-06-25 21:56:58 1266 --a------ C:\WINDOWS\System32\tmp.reg
2007-06-06 11:28:32 577536 --a------ C:\WINDOWS\System32\EbAdServingT25.dll <Not Verified; Eyeblaster Ltd.; Eyeblaster's Gaming Client SDK>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [12/07/2005 03:55 AM]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [06/06/2007 07:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"DisableLocalMachineRun"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"svcWRSSSDK"=2 (0x2)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2007-08-26 11:54:59 ------------




Please make sure to answer all the questions in your next reply.

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,616 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 PM

Posted 27 August 2007 - 10:47 AM

Hi pistol44,

Hope you don't mind if I step in here, your log is very unusual. We're not sure if there is any malware present and there are indications that your hard drive or other hardware may be failing and that the whole Operating System may be corrupt.

Running different repair tools in your situation is risky so i need for you to find your recovery disks and have them ready. Probably it's going to be best for you to reinstall Windows anyway.

As mentioned the first thing you need to do is backup any data you don't want to lose. You do that by copying your important files--photos, important documents, email and address book, etc.., to another drive. Another hard drive or flash drive is the most convenient, or if you have a CD/DVD burner, copy them to CD.

This especially needs to be done since your hard drive may be going out on you. If that happens you'll lose Windows XP and all your data anyway so you need to be ready for that. If we attempt any major repairs or do serious malware removal, you need to be ready for this possibility as well. So before doing any of that I need to know that you are ready for it before we can get into that.

Have you found the recovery disks?

If you do decide to reformat, let me know ahead of time. We do mostly malware removal in this forum, so you would get better help with how to reformat and reinstall Windows in BC's XP or hardware forum, including getting replacement recovery media if necessary.

I want to determine if there is actually a malware problem or not, which isn't clear in your logs. I would like an answer to each of these questions:

Describe the problem:

1. You have mentioned a user profile. So are you only having the problems with the one profile--the little account?

2. I understand you can't use Internet Explorer (IE) from that account.

desktop has changed. cant open sessions or recycle bin from desktop.

How has the desktop changed, what does it look like? By not being able to open sessions, do you mean you can't start programs from desktop shortcuts? What else is wrong with just the little account?

3. Are you having any problems with the john david account? If so please describe them.

When did this happen and what were you doing around the same time:

4. How long have you had this problem?

5. Did it start shortly after installing some program and if so what program?

6. Have you installed any new hardware or made changes around the same time?

7. You have more than one registry cleaner installed, did the problem start after running any of those? Also let me know if you had run an anti-spyware or other security scanner around the same time and if it removed anything.

What did you do to fix it:

9. When you ran chckdisk, was that an effort to fix the problems?

10. Were the reg cleaners and optimizers used to try to fix it?

11. What makes you think you have malware? Did one of your security programs find something? You seem to have installed and uninstalled several security programs. Could you list which ones you have run?

12. List anything else you may have done to try to fix the problem.

It appears you have installed McAfee since your previous posts. This is not a good idea whlle you have Nod32 installed.

13. Are the subscriptions for either McAfee or Nod32 current and are they kept updated?

AV's are necessary, but are useless if not updated and working properly. All use up resources, which you are short of, commercial AV's especially and McAfee being one of the worst. Since you added McAfee, DSS added this warning that you are running out of hard drive space:

System Drive C: has 3.98 GiB (less than 15%) free.

That goes along with these other warnings about being low on resources, specifically RAM--typical use of XP you need at least 512 MB of RAM, preferably more:

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


All those warnings tell me your entire system is stressed. Plus one entry in your HJT log and the fact you have run a disk check suggests you have bad sectors on your hard drive so it has even less capacity than it did originally. So from the account that works properly, you need to uninstall either McAffee or Nod32. And please do not install or run anything else without consulting me first--nothing is showing up in your logs that any general scanner will know how to fix and they will only make the problem worse.

After writing all this out, it seems to be even more likely that you have pending hard drive failure. So your best course of action would be to find a replacement hard drive (along with more RAM) and/or start looking for a new computer or used one with more recent hardware.

If your Operating System (XP) gets completely corrupted so that it is unbootable before you have a chance to backup and reformat, you may need access to another computer to recover your data if possible. So we need to know again if you have access to another computer, not how you are communicating with us, altho the latter is useful to know.

14. Do you have access to or own another computer?

15. If so, is it a desktop or laptop/notebook, etc. and what is the mke and model number?

16. Is your computer a desktop and what is the model number?

Now, there is some more information I can get from a new version of DSS that I would like for you to run if you are still looking for your Recovery Disks. At your option please do the following as it may help us to help you and others.:

Delete DSS.exe that is on your desktop. Open your C drive and delete the Deckard folder. Then follow these instructions:

While logged in to the john david account, download Deckard's System Scanner (DSS) to your Desktop.
-Click START, then Run and copy the following bold text and paste it into the Run box and click OK:

"C:\Documents and Settings\little\Desktop"

-Right click the dss.exe file on john david's desktop and choose copy.
-In the window that appears after using Run, right click an open space and choose Paste.
-Now close out all windows, log out of the john david account and log into the affected little account.
-You should see dss.exe on little's desktop. Close all applications and windows.
-Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
-When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
-Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

I only need to see the log from the little account. Please don't post a log from the other accounts unless I request it.

Lastly, click START, then Run and copy the following bold text and paste it into the Run box and click OK:

C:\found.001\dir0000.chk

In the window that opens, look for iexplore.exe.
Right click on it and choose Properties. Post back here the file size please.

That is IE's main executable apparently recovered from lost clusters when you ran the disk check. How this came to be in running processes from that location is a mystery, so let me know if you have already been in this folder and tried running it from there.

The thing about people

is they change

when they walk away.--Mipso


#9 pistol44

pistol44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 27 August 2007 - 11:34 AM

thx for the reply Papakid!

im at work now so i will follow your instructions later when i get home. thx!!

#10 pistol44

pistol44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 27 August 2007 - 11:04 PM

i cant find the recovery cd. we have moved a few times and.....

if i can find it/one how long does it take to perform the recovery with the cd?


Describe the problem:

1. You have mentioned a user profile. So are you only having the problems with the one profile--the little account? its the john david account thats a problem

2. I understand you can't use Internet Explorer (IE) from that account. correct
QUOTE
desktop has changed. cant open sessions or recycle bin from desktop.

How has the desktop changed, what does it look like? By not being able to open sessions, do you mean you can't start programs from desktop shortcuts? What else is wrong with just the little account? yes to all in this sentence. the john david account the background has changed, icons dont work, when searching for files and folders it times out quickly and goes back to the desktop.

3. Are you having any problems with the john david account? If so please describe them.
its the john david account that is messed up. these exact symptons happened once before but system restore correct all. this time it wouldnt work.


When did this happen and what were you doing around the same time: i beleive it was two weeks ago. im not sure if/what was downloaded. i just noticed the changes once i got on the pc. a few games were downloaded around this time from yahoo. (yahoo games)

4. How long have you had this problem? two weeks

5. Did it start shortly after installing some program and if so what program? not sure but may yahoo games


6. Have you installed any new hardware or made changes around the same time? not to my knowledge oh, i think a free version of zone alarm was downloaded to try and was going to delete nod32. thats when it all started

7. You have more than one registry cleaner installed, did the problem start after running any of those? no Also let me know if you had run an anti-spyware or other security scanner around the same time and if it removed anything. sas was run, panda scan, adaware was run but nothing with a high priority was removed. most were cookie types
What did you do to fix it: i just ran the scans and let the program clean/remove

9. When you ran chckdisk, was that an effort to fix the problems? yes

10. Were the reg cleaners and optimizers used to try to fix it? yes, i wasnt told to but out of
desparation i was trying everything before i started begging for help. didnt want to embarrass myself because im not to pc savy.


11. What makes you think you have malware? Did one of your security programs find something? You seem to have installed and uninstalled several security programs. Could you list which ones you have run?

12. List anything else you may have done to try to fix the problem. tried smitfraud, vondu fix
It appears you have installed McAfee since your previous posts. This is not a good idea whlle you have Nod32 installed. i was given a cd of mcafee and was told this would probably correct the problem. i have deleted nod32
13. Are the subscriptions for either McAfee or Nod32 current and are they kept updated?
mcafee (yes) nod32 (no)


AV's are necessary, but are useless if not updated and working properly. All use up resources, which you are short of, commercial AV's especially and McAfee being one of the worst. Since you added McAfee, DSS added this warning that you are running out of hard drive space:

System Drive C: has 3.98 GiB (less than 15%) free.

That goes along with these other warnings about being low on resources, specifically RAM--typical use of XP you need at least 512 MB of RAM, preferably more:

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).

All those warnings tell me your entire system is stressed. Plus one entry in your HJT log and the fact you have run a disk check suggests you have bad sectors on your hard drive so it has even less capacity than it did originally. So from the account that works properly, you need to uninstall either McAffee or Nod32. And please do not install or run anything else without consulting me first--nothing is showing up in your logs that any general scanner will know how to fix and they will only make the problem worse. ok i will be deleting mcafee and run a free av. your recomendation?


After writing all this out, it seems to be even more likely that you have pending hard drive failure. So your best course of action would be to find a replacement hard drive (along with more RAM) and/or start looking for a new computer or used one with more recent hardware.

If your Operating System (XP) gets completely corrupted so that it is unbootable before you have a chance to backup and reformat, you may need access to another computer to recover your data if possible. So we need to know again if you have access to another computer, not how you are communicating with us, altho the latter is useful to know. i dont have another i dont have access at the moment but may shortly 50/50

14. Do you have access to or own another computer? no

15. If so, is it a desktop or laptop/notebook, etc. and what is the mke and model number?

16. Is your computer a desktop and what is the model number? yes, a dell 4560

thx again, i tried to answer short and sweet to keep from confusing the answers!

thx!!!!!

#11 pistol44

pistol44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 27 August 2007 - 11:33 PM

this is the log from the little account as john david is the one i cant access IE on.
john david is the one that has the many problems.



Deckard's System Scanner v20070826.66
Run by little on 2007-08-27 23:18:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2007-08-28 04:18:52 UTC - RP51 - Deckard's System Scanner Restore Point
50: 2007-08-27 03:02:22 UTC - RP50 - Removed Baku
49: 2007-08-27 02:54:22 UTC - RP49 - Installed Baku
48: 2007-08-27 00:11:07 UTC - RP48 - System Checkpoint
47: 2007-08-25 23:09:59 UTC - RP47 - System Checkpoint


-- First Restore Point --
1: 2007-08-15 12:28:47 UTC - RP1 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 92% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 3.95 GiB (less than 15%) free.


-- HijackThis (run as little.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:28 AM, on 8/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\john david\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\john david.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3609 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070825-120311-317 O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
backup-20070825-120311-537 O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
backup-20070825-120311-720 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20070825-120311-807 O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
backup-20070825-132519-128 R3 - Default URLSearchHook is missing
backup-20070825-132519-348 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070825-132519-640 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20070825-132519-858 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20070827-222441-218 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
backup-20070827-222441-587 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - unable to read value
.cmd - cmdfile - shell\edit\command - unable to read value
.inf - inffile - shell\open\command - unable to read value
.ini - inifile - shell\open\command - notepad.exe %1
.reg - regfile - shell\edit\command - unable to read value
.txt - txtfile - shell\open\command - notepad.exe %1
.vbs - vbsfile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; McAfee Inc.; VirusScan>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; McAfee, Inc; VirusScan>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>

S0 AVG Anti-Rootkit - c:\windows\system32\drivers\avgarkt.sys (file missing)
S1 AvgArCln (Avg Anti-Rootkit Clean Driver) - c:\windows\system32\drivers\avgarcln.sys (file missing)
S3 giveio - c:\windows\system32\giveio.sys
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdpndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\network associates\common framework\frameworkservice.exe" /servicestart <Not Verified; McAfee, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R3 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>

S2 AOLService (AOL Spyware Protection Service) - c:\program files\common files\aol\aol spyware protection\\aolserv.exe
S2 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
S3 RegVacService (RegVac Registry Service) - c:\program files\regvac registry cleaner\regvserv.exe <Not Verified; Super Win Software, Inc.; RegVac>
S4 ASCService (Aluria Security Center Spyware Eliminator Service) -
S4 Diskeeper -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-27 03:16:13 392 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-08-26 03:00:05 480 --a------ C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2007-07-27 and 2007-08-27 -----------------------------

2007-08-26 22:28:14 0 d-------- C:\WINDOWS\System32\RegVac
2007-08-26 22:07:28 0 d-------- C:\Program Files\RegVac Registry Cleaner
2007-08-26 21:57:46 0 d-------- C:\Program Files\Avira
2007-08-26 21:55:11 0 d-------- C:\Documents and Settings\little\Application Data\Pmcc
2007-08-25 12:02:26 0 d-------- C:\Program Files\Trend Micro
2007-08-24 19:03:38 0 d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2007-08-24 17:55:43 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-08-24 17:55:16 59904 --a------ C:\WINDOWS\System32\drivers\mvstdi5x.sys <Not Verified; McAfee Inc.; VirusScan>
2007-08-24 17:55:15 117024 --a------ C:\WINDOWS\System32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>
2007-08-24 17:55:04 0 d------c- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-08-24 17:54:33 0 d-------- C:\Program Files\Network Associates
2007-08-24 17:54:33 0 d-------- C:\Program Files\Common Files\Network Associates
2007-08-22 23:19:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-22 22:54:02 6815744 --a------ C:\Documents and Settings\little\ntuser.dat
2007-08-20 17:47:45 0 d-------- C:\Program Files\Yahoo! Games
2007-08-19 18:07:46 0 d------c- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-08-18 22:16:19 0 dr-h----- C:\Documents and Settings\john david\Recent
2007-08-18 22:16:19 0 d--h----- C:\Documents and Settings\john david\NetHood
2007-08-18 22:11:49 0 d-------- C:\Documents and Settings\john david\Application Data\WinPatrol
2007-08-18 19:52:46 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-08-18 17:15:22 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-18 14:17:08 0 d------c- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2007-08-18 14:14:56 0 d-------- C:\Program Files\bfgclient
2007-08-17 23:19:01 0 d-------- C:\Documents and Settings\little\Incomplete
2007-08-16 22:47:01 0 d-------- C:\Documents and Settings\john david\Application Data\MSN6
2007-08-15 22:38:47 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-15 22:38:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-15 22:38:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-15 16:12:17 0 d------c- C:\_backupD
2007-08-15 16:12:10 16384 --a------ C:\WINDOWS\System32\restart.exe <Not Verified; WareSoft Software; restart>
2007-08-15 16:12:10 4096 --a------ C:\WINDOWS\System32\reboot.exe
2007-08-15 16:12:09 0 d-------- C:\WINDOWS\System32\regdacl
2007-08-15 16:12:09 90112 --a------ C:\WINDOWS\System32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
2007-08-15 07:34:22 0 d---s---- C:\Documents and Settings\john david\Cookies
2007-08-14 16:36:57 0 d------c- C:\Documents and Settings\All Users\Application Data\McAfee
2007-08-14 16:20:12 262144 --a------ C:\Documents and Settings\john david\ntuser.dat
2007-08-13 23:22:17 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-13 21:15:25 0 d-------- C:\Program Files\Games
2007-08-13 21:14:07 0 d------c- C:\Downloads
2007-08-13 17:34:26 0 d-------- C:\Program Files\Lavasoft
2007-08-13 17:20:17 0 d-------- C:\Documents and Settings\john david\Application Data\SUPERAntiSpyware.com
2007-08-12 23:06:06 0 dr-h----- C:\Documents and Settings\little\Recent
2007-08-12 21:57:37 298104 --a------ C:\WINDOWS\System32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-08-12 00:30:42 0 d--h----- C:\Documents and Settings\little\NetHood
2007-08-05 22:57:01 0 d------c- C:\Documents and Settings\All Users\Application Data\RH_Backups
2007-08-04 09:58:12 0 --a------ C:\WINDOWS\System32\suupdate.dat
2007-08-04 09:58:06 0 --a------ C:\WINDOWS\System32\mssurun.dat
2007-08-04 09:57:39 269824 --a------ C:\WINDOWS\System32\supermenuhook.dll
2007-07-30 20:34:47 0 d-------- C:\Documents and Settings\little\Application Data\EA
2007-07-30 20:34:10 0 d------c- C:\Documents and Settings\All Users\Application Data\EA
2007-07-30 17:53:21 0 d-------- C:\Documents and Settings\little\Application Data\Eyeblaster
2007-07-30 17:53:18 0 d------c- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-07-30 17:48:59 0 d-------- C:\Documents and Settings\little\Application Data\GameHouse
2007-07-27 17:02:45 0 d-a----c- C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-27 16:56:31 45312 --a------ C:\WINDOWS\System32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
2007-07-27 16:56:31 55936 --a------ C:\WINDOWS\System32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
2007-07-27 16:56:30 0 d-------- C:\WINDOWS\Drivers
2007-07-27 16:50:31 91 --a------ C:\WINDOWS\vmreg32.dll
2007-07-27 16:49:37 0 d-------- C:\Documents and Settings\All Users\Templates


-- Find3M Report ---------------------------------------------------------------

2007-08-25 11:39:51 0 d-------- C:\Program Files\Soulseek
2007-08-24 17:55:43 0 d-a------ C:\Program Files\Common Files
2007-08-22 21:58:40 0 d-------- C:\Documents and Settings\little\Application Data\LimeWire
2007-08-19 18:08:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-16 22:57:59 0 d-------- C:\Program Files\America Online 8.0
2007-08-14 21:28:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-14 09:15:54 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-14 09:03:38 0 d-------- C:\Program Files\Common Files\aolshare
2007-08-14 08:07:16 0 d-------- C:\Documents and Settings\little\Application Data\My Games
2007-08-09 20:18:38 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-08-06 20:44:30 0 d-------- C:\Program Files\SpywareBlaster
2007-07-27 16:55:57 0 d-------- C:\Program Files\intel
2007-07-22 00:07:35 0 d-------- C:\Program Files\Common Files\PC Tools
2007-06-30 17:03:21 130 --a------ C:\Documents and Settings\little\Application Data\TilelanderPreferences.ini
2007-06-29 19:46:47 0 d-------- C:\Documents and Settings\little\Application Data\PlayFirst
2007-06-25 21:56:58 1266 --a------ C:\WINDOWS\System32\tmp.reg
2007-06-06 11:28:32 577536 --a------ C:\WINDOWS\System32\EbAdServingT25.dll <Not Verified; Eyeblaster Ltd.; Eyeblaster's Gaming Client SDK>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [12/07/2005 03:55 AM]

C:\Documents and Settings\little\Start Menu\Programs\Startup\
DESKTOP.INI [8/31/2001 11:50:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/31/2001 11:50:56 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegedit"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"DisableLocalMachineRun"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"svcWRSSSDK"=2 (0x2)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - ENTDRV51
*Newly Created Service* - REGVACSERVICE



-- End of Deckard's System Scanner: finished at 2007-08-27 23:21:52 ------------

the size of internet explorer exe is 92.0 KB (94,208 bytes).= i havent been to this folder to run it. i have a shortcut on the desktop that i use.

thx!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users