Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All Antivirus, Spyware And Registry Apps Not Working


  • Please log in to reply
2 replies to this topic

#1 amanda hoover

amanda hoover

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 12 March 2008 - 11:08 PM

Hello, this is my first post on this forum, and I hate that I had to do this way. I let my boyfriend use my computer when I first bought it (which was less than a month ago!) and he said he installed something called ESET/NOD 32 Firewall. Well, it started acting funny and so I uninstalled it and put Comodo on instead. By acting funny, I mean that it was connecting out to random IP's in England (I checked using IPNet) and it wasn't updating but it kept saying that it was. Well, to make the long story short, after that none of my antivirus, antispyware or registry cleaners (including Security Task Manager) would open or work. They kept saying things like "the program is not working" or "has stopped working". I already attempted to do some "fixing" on my own, by reading and folowing others HJT log posts etc. ... so included in the next couple of posts are my "deckers log", "ccleaner" and "HJT log". Also, here is the info on the NOD 32 program that just WONT GO AWAY.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
"EditionName"="TemDono FiX 1.1 (Free Updates - Expire in 2050)"

C:\Windows\system32>notepad C:\Windows\nod32fixtemdono.reg


Copy from deckers ...

Deckard's System Scanner v20071014.68
Run by Wes & Amanda on 2008-03-11 02:22:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2008-03-11 01:53:21 UTC - RP99 - Restore Operation
11: 2008-03-11 01:51:53 UTC - RP98 - Windows Update
10: 2008-03-11 00:39:51 UTC - RP96 - Restore Operation
9: 2008-03-10 23:20:21 UTC - RP95 - Restore Operation
8: 2008-03-10 19:35:54 UTC - RP94 - Made by Registry Mechanic


-- First Restore Point --
1: 2008-03-06 23:16:17 UTC - RP84 - Installed Windows Media Player Firefox Plugin


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Wes & Amanda.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:42 AM, on 3/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Users\Wes & Amanda\Desktop\dss.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Wes & Amanda.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TivoTransfer] "C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.EXE" /service /registry /auto:TivoTransfer
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10303 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080227-190132-558 O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ElRawDisk - \??\c:\windows\system32\drivers\elrawdsk.sys

S3 RegGuard - \??\c:\windows\system32\drivers\regguard.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>

S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
S3 Vongo Service - "c:\program files\vongo\vongoservice.exe" <Not Verified; Starz Entertainment Group LLC; Vongo>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-10 12:23:31 432 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{C6ED93B1-991F-4EF5-8EC1-09C5B3AE5EC0}.job


-- Files created between 2008-02-11 and 2008-03-11 -----------------------------

2008-03-10 23:55:55 0 d-------- C:\Program Files\MySetups
2008-03-10 23:12:38 0 d-------- C:\Program Files\Enigma Software Group
2008-03-10 18:34:02 0 d-------- C:\Program Files\Spyware Doctor
2008-03-10 18:34:02 0 d-------- C:\Program Files\Spyware Doctor(21)
2008-03-09 17:34:46 0 d-------- C:\Users\All Users\comodo
2008-03-09 17:34:43 0 d-------- C:\Program Files\COMODO
2008-03-09 17:24:38 12800 --a------ C:\Windows\system32\drivers\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-03-08 16:43:16 39424 --a------ C:\Windows\zipinst.exe <Not Verified; NirSoft; ZipInstaller>
2008-03-08 16:43:15 0 d-------- C:\Program Files\IPNetInfo
2008-03-04 17:08:51 0 d-------- C:\Users\All Users\PC Tools
2008-03-04 17:07:08 0 d-------- C:\Program Files\Common Files\PC Tools
2008-03-03 01:41:21 0 d-------- C:\Program Files\Windows Media Components
2008-03-02 21:08:02 0 d-------- C:\Users\All Users\AOL
2008-03-02 05:05:53 0 d-------- C:\Program Files\GSpot Codec Test
2008-03-02 05:03:52 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-03-02 05:03:51 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-03-02 03:53:07 0 d-------- C:\Windows\RegisteredPackages
2008-03-02 03:53:07 0 d--h----- C:\Windows\msdownld.tmp
2008-03-02 02:50:54 0 d-------- C:\Program Files\WinAVI Video Converter
2008-03-01 23:27:49 0 d-------- C:\Program Files\Xvid
2008-02-28 22:27:33 0 d-------- C:\Program Files\Alwil Software
2008-02-28 20:41:23 0 d-a------ C:\Users\All Users\TEMP
2008-02-28 16:41:17 0 d-------- C:\Program Files\Uniblue
2008-02-28 16:05:24 0 d-------- C:\Users\All Users\SecTaskMan
2008-02-28 16:05:05 0 d-------- C:\Program Files\Security Task Manager
2008-02-28 15:26:00 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-27 20:03:56 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-02-27 19:53:32 0 d-------- C:\Program Files\Trend Micro
2008-02-27 03:36:08 0 d-------- C:\Program Files\Winamp
2008-02-26 15:03:54 0 d--hs---- C:\Users\Mcx1\Templates
2008-02-26 15:03:54 0 d--hs---- C:\Users\Mcx1\Start Menu
2008-02-26 15:03:54 0 d--hs---- C:\Users\Mcx1\SendTo
2008-02-26 15:03:54 0 d--hs---- C:\Users\Mcx1\Recent
2008-02-26 15:03:54 0 d--hs---- C:\Users\Mcx1\PrintHood
2008-02-26 15:03:54 0 d--hs---- C:\Users\Mcx1\Local Settings
2008-02-26 15:03:53 0 dr------- C:\Users\Mcx1\Videos
2008-02-26 15:03:53 0 d-------- C:\Users\Mcx1\Saved Games
2008-02-26 15:03:53 0 dr------- C:\Users\Mcx1\Pictures
2008-02-26 15:03:53 0 d--hs---- C:\Users\Mcx1\NetHood
2008-02-26 15:03:53 0 d--hs---- C:\Users\Mcx1\My Documents
2008-02-26 15:03:53 0 dr------- C:\Users\Mcx1\Music
2008-02-26 15:03:53 0 dr------- C:\Users\Mcx1\Links
2008-02-26 15:03:53 0 dr------- C:\Users\Mcx1\Favorites
2008-02-26 15:03:53 0 dr------- C:\Users\Mcx1\Downloads
2008-02-26 15:03:53 0 dr------- C:\Users\Mcx1\Documents
2008-02-26 15:03:53 0 dr------- C:\Users\Mcx1\Desktop
2008-02-26 15:03:53 0 d--hs---- C:\Users\Mcx1\Cookies
2008-02-26 15:03:53 0 d--hs---- C:\Users\Mcx1\Application Data
2008-02-26 15:03:53 0 d--h----- C:\Users\Mcx1\AppData
2008-02-26 15:03:52 524288 --a------ C:\Users\Mcx1\ntuser.dat
2008-02-25 00:09:18 0 d-------- C:\Windows\WinAVI Video Converter 9.0
2008-02-24 16:47:38 7882 --a------ C:\Windows\system32\GTKCMOS.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
2008-02-24 16:47:38 5120 --a------ C:\Windows\system32\GTKCMO64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
2008-02-24 16:47:38 7626 --a------ C:\Windows\system32\GPCIEnum.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
2008-02-24 16:47:38 5632 --a------ C:\Windows\system32\GPCIEn64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
2008-02-24 16:47:38 1900681 --a------ C:\Windows\system32\gdql_ls.dll <Not Verified; Gteko Ltd.; QDiagLib Module>
2008-02-24 16:47:38 7168 --a------ C:\Windows\system32\DLPT64.sys <Not Verified; Gteko Ltd.; QDiag>
2008-02-24 16:47:38 6656 --a------ C:\Windows\system32\DLPT2.sys <Not Verified; GTek Technologies Ltd.; QDiag>
2008-02-24 16:47:38 4608 --a------ C:\Windows\system32\DDMI64.sys <Not Verified; Gteko Ltd.; DDMI>
2008-02-24 16:47:38 6977 --a------ C:\Windows\system32\DDMI2.sys <Not Verified; Gteko Ltd.; DDMI>
2008-02-24 05:03:10 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-02-24 03:31:04 25773 --a------ C:\Windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-02-24 03:23:30 0 d-------- C:\Program Files\RegRunSuite
2008-02-24 03:08:06 0 d-------- C:\Program Files\Lavasoft
2008-02-24 03:02:32 0 d-------- C:\Users\All Users\Lavasoft
2008-02-24 02:24:08 0 d-------- C:\Users\All Users\vsosdk
2008-02-24 01:58:00 74703 --a------ C:\Windows\system32\mfc45.dll
2008-02-24 01:56:02 0 d-------- C:\Users\All Users\iolo
2008-02-24 00:51:14 352 --ah----- C:\Windows\nod32fixtemdono.reg
2008-02-24 00:43:01 0 d-------- C:\Users\All Users\ESET
2008-02-24 00:35:00 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-02-24 00:35:00 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-02-24 00:35:00 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-02-24 00:34:59 0 d-------- C:\Program Files\VSO
2008-02-23 15:59:33 0 d-------- C:\Program Files\BillP Studios
2008-02-23 15:31:18 0 dr-h----- C:\$VAULT$.AVG
2008-02-23 00:34:32 0 d-------- C:\Program Files\MagicISO
2008-02-22 22:57:37 0 d-------- C:\Windows\Caps
2008-02-22 21:59:33 0 d-------- C:\Program Files\uTorrent
2008-02-22 00:09:42 0 d-------- C:\Users\All Users\WinZip
2008-02-21 22:38:46 0 d-------- C:\Users\All Users\Nero
2008-02-21 22:38:46 0 d-------- C:\Program Files\Nero
2008-02-21 22:38:46 0 d-------- C:\Program Files\Common Files\Nero
2008-02-21 21:43:20 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-20 22:01:01 0 d-------- C:\Users\All Users\Macromedia
2008-02-20 21:59:55 0 d-------- C:\Program Files\Macromedia
2008-02-20 21:59:55 0 d-------- C:\Program Files\Common Files\Macromedia
2008-02-20 20:04:19 0 d-------- C:\Program Files\MediaMonkey
2008-02-20 19:53:59 0 d-------- C:\Program Files\Burn and Delete
2008-02-20 18:33:08 0 d-------- C:\Users\All Users\InstallShield
2008-02-20 18:32:18 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-02-20 18:31:58 0 d-------- C:\Users\All Users\Sonic
2008-02-20 18:30:47 0 d-------- C:\Users\All Users\Roxio
2008-02-20 18:29:24 0 d-------- C:\Program Files\Roxio
2008-02-20 18:29:24 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-02-20 16:40:13 0 d-------- C:\Users\All Users\SlySoft
2008-02-20 16:39:53 0 d-------- C:\Program Files\SlySoft
2008-02-20 02:34:54 0 d-------- C:\Program Files\Music Rescue
2008-02-17 03:41:59 0 d-------- C:\Program Files\LightScribeTemplateLabeler
2008-02-17 03:28:04 0 d-------- C:\Users\All Users\Grisoft
2008-02-17 03:28:04 0 d-------- C:\Users\All Users\avg7
2008-02-17 03:26:53 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-02-16 04:05:27 0 d-------- C:\Program Files\MSXML 4.0
2008-02-16 02:02:25 0 d-------- C:\Program Files\iPod
2008-02-16 02:02:13 0 d-------- C:\Program Files\iTunes
2008-02-16 02:01:46 0 d-------- C:\Program Files\Bonjour
2008-02-16 02:01:06 0 d-------- C:\Program Files\QuickTime
2008-02-16 02:01:03 0 d-------- C:\Users\All Users\Apple Computer
2008-02-16 02:00:32 0 d-------- C:\Program Files\Apple Software Update
2008-02-16 01:59:49 0 d-------- C:\Program Files\Common Files\Apple
2008-02-16 01:59:48 0 d-------- C:\Users\All Users\Apple
2008-02-16 01:33:18 0 d-------- C:\Program Files\CoreFTP
2008-02-15 23:35:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-15 22:19:56 0 d-------- C:\Program Files\LimeWire
2008-02-15 13:01:31 0 d--hs---- C:\System Volume Information
2008-02-15 04:14:03 0 d-------- C:\Users\All Users\TiVo
2008-02-15 04:14:03 0 d-------- C:\Program Files\TiVo
2008-02-15 04:14:03 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-02-15 04:11:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-15 04:09:10 0 d-------- C:\Users\All Users\LightScribe
2008-02-15 01:39:12 0 d-------- C:\Windows\Sun
2008-02-15 01:11:59 0 --a------ C:\Windows\nsreg.dat
2008-02-14 23:51:26 0 d-------- C:\Users\All Users\Gtek
2008-02-14 21:29:15 0 dr------- C:\Users\Wes & Amanda\Searches
2008-02-14 21:29:03 0 dr------- C:\Users\Wes & Amanda\Contacts
2008-02-14 21:28:53 81 --a------ C:\Windows\system32\LOG
2008-02-14 21:28:50 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-02-14 21:24:04 0 d-------- C:\Program Files\Yahoo!
2008-02-14 21:22:40 0 d-------- C:\Users\All Users\Electronic Arts
2008-02-14 21:17:55 0 d-------- C:\Program Files\Electronic Arts
2008-02-14 21:15:32 0 d-------- C:\Program Files\Common Files\LightScribe
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\Templates
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\Start Menu
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\SendTo
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\Recent
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\PrintHood
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\NetHood
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\My Documents
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\Local Settings
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\Cookies
2008-02-14 21:13:52 0 d--hs---- C:\Users\Wes & Amanda\Application Data
2008-02-14 21:13:51 0 d-------- C:\Users\Wes & Amanda\Videos
2008-02-14 21:13:51 0 dr------- C:\Users\Wes & Amanda\Saved Games
2008-02-14 21:13:51 0 dr------- C:\Users\Wes & Amanda\Pictures
2008-02-14 21:13:51 2883584 --a------ C:\Users\Wes & Amanda\ntuser.dat
2008-02-14 21:13:51 0 dr------- C:\Users\Wes & Amanda\Music
2008-02-14 21:13:51 0 dr------- C:\Users\Wes & Amanda\Links
2008-02-14 21:13:51 0 dr------- C:\Users\Wes & Amanda\Favorites
2008-02-14 21:13:51 0 d-------- C:\Users\Wes & Amanda\Downloads
2008-02-14 21:13:51 0 dr------- C:\Users\Wes & Amanda\Documents
2008-02-14 21:13:51 0 dr------- C:\Users\Wes & Amanda\Desktop
2008-02-14 21:13:51 0 d--h----- C:\Users\Wes & Amanda\AppData


-- Find3M Report ---------------------------------------------------------------

2008-03-11 01:07:03 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Roxio
2008-03-10 22:22:52 28504 --a------ C:\Users\Wes & Amanda\AppData\Roaming\nvModes.001
2008-03-10 21:56:18 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Winamp
2008-03-10 21:56:17 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\AVG7
2008-03-10 20:45:01 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\uTorrent
2008-03-10 18:34:02 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\PC Tools
2008-03-09 22:59:22 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\LimeWire
2008-03-09 17:34:47 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Comodo
2008-03-04 17:07:08 0 d-------- C:\Program Files\Common Files
2008-02-28 18:14:15 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Help
2008-02-28 16:59:23 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Uniblue
2008-02-28 14:35:31 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Vso
2008-02-27 20:03:56 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Yahoo!
2008-02-26 20:47:38 28000 --a------ C:\Users\Wes & Amanda\AppData\Roaming\nvModes.dat
2008-02-24 19:42:14 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\GTek
2008-02-24 03:29:03 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Regrun
2008-02-24 01:56:02 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\iolo
2008-02-24 01:14:03 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\ESET
2008-02-24 00:35:43 34 --a------ C:\Users\Wes & Amanda\AppData\Roaming\pcouffin.log
2008-02-24 00:35:02 7887 --a------ C:\Users\Wes & Amanda\AppData\Roaming\pcouffin.cat
2008-02-23 23:53:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-23 23:51:05 0 d-------- C:\Program Files\Symantec
2008-02-23 15:59:46 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\WinPatrol
2008-02-22 00:36:38 648 --a------ C:\Users\Wes & Amanda\AppData\Roaming\com.kennettnet.MusicRescueProfiles.plist
2008-02-22 00:36:38 3253 --a------ C:\Users\Wes & Amanda\AppData\Roaming\com.kennettnet.MusicRescue.plist
2008-02-21 23:29:37 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\NeroDigital™
2008-02-21 23:03:53 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\NeroDCTemplates
2008-02-21 22:41:49 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Nero
2008-02-21 21:47:03 0 d-------- C:\Program Files\MSBuild
2008-02-20 22:09:33 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Macromedia
2008-02-20 18:31:02 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-20 00:39:11 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\CyberLink
2008-02-17 01:49:14 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\CoreFTP
2008-02-16 23:40:23 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Adobe
2008-02-16 23:33:12 0 d-------- C:\Program Files\Java
2008-02-16 14:40:16 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\WinRAR
2008-02-16 04:23:41 0 d-------- C:\Program Files\Windows Mail
2008-02-16 04:23:39 0 d-------- C:\Program Files\Windows Sidebar
2008-02-16 02:02:42 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Apple Computer
2008-02-15 01:11:55 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Mozilla
2008-02-14 21:52:47 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\HP
2008-02-14 21:49:22 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\WildTangent
2008-02-14 21:30:40 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Hewlett-Packard
2008-02-14 21:29:06 0 d-------- C:\Users\Wes & Amanda\AppData\Roaming\Identities
2008-02-14 21:24:28 0 dr------- C:\Program Files\Online Services
2008-02-14 21:23:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-14 21:15:46 0 d-------- C:\Program Files\HPQ
2008-01-14 14:15:03 0 d-------- C:\Program Files\HP Games
2008-01-14 14:11:37 0 d-------- C:\Program Files\CyberLink
2008-01-14 14:07:58 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-14 14:05:02 0 d-------- C:\Program Files\HP
2008-01-14 14:03:41 0 d-------- C:\Program Files\Sling Media
2008-01-14 14:00:59 0 d-------- C:\Program Files\WinTV
2008-01-14 14:00:36 0 d-------- C:\Program Files\Atheros
2008-01-14 14:00:04 0 d-------- C:\Program Files\CONEXANT
2008-01-14 13:58:27 0 d-------- C:\Program Files\NetWaiting
2008-01-14 13:57:02 0 d-------- C:\Program Files\Synaptics


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
08/31/2007 03:32 PM 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 04:29 AM]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [09/04/2007 05:54 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [09/13/2007 12:47 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/08/2007 07:53 PM]
"@"="" []
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [01/27/2008 01:38 AM]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [03/09/2008 05:34 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/17/2008 03:31 AM]
"RegistryMechanic"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TivoTransfer"="C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.exe" [09/25/2007 11:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\Windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-11 02:26:06 ------------

BC AdBot (Login to Remove)

 


#2 amanda hoover

amanda hoover
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 12 March 2008 - 11:11 PM

Wasn't sure what would fit so here is more from deckers (extra log) ...

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1982.31 MiB / 1108.86 MiB
Pagefile Memory (total/avail): 4185.28 MiB / 3092.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.78 MiB

C: is Fixed (NTFS) - 220.95 GiB total, 101.8 GiB free.
D: is Fixed (NTFS) - 11.93 GiB total, 1.86 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500BEVS-60UST0 ATA Device - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 220.95 GiB - C:
\PARTITION1 - Installable File System - 11.93 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: AVG 7.5.516 v7.5.516 (Grisoft)
AS: Spyware Doctor v5.5.0.204 (PC Tools) Disabled
AS: AVG Anti-Spyware v7, 5, 1, 36 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
""=""
"C:\\Program Files\\Vongo\\VongoService.exe"="C:\\Program Files\\Vongo\\VongoService.exe:*:enabled:VongoService"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Wes & Amanda\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THELOOKINGGLASS
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Wes & Amanda
LOCALAPPDATA=C:\Users\Wes & Amanda\AppData\Local
LOGONSERVER=\\THELOOKINGGLASS
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\WES&AM~1\AppData\Local\Temp
TMP=C:\Users\WES&AM~1\AppData\Local\Temp
USERDOMAIN=THELOOKINGGLASS
USERNAME=Wes & Amanda
USERPART=E:
USERPROFILE=C:\Users\Wes & Amanda
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Wes & Amanda (admin)
Mcx1 (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type4886 / Error
Event Submitted/Written: 03/11/2008 02:18:15 AM
Event ID/Source: 3024 / Windows Search Service
Event Description:
The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Windows Application, SystemIndex Catalog

Event Record #/Type4885 / Warning
Event Submitted/Written: 03/11/2008 02:18:15 AM
Event ID/Source: 3036 / Windows Search Service
Event Description:
The content source <mapi://{s-1-5-21-3382365644-1707238206-1353470732-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (0x80041206)

Event Record #/Type4878 / Error
Event Submitted/Written: 03/11/2008 00:04:34 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application is-KU37V.tmp, version 51.47.0.0, time stamp 0x2a425e19, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000096, fault offset 0x00e134ea,
process id 0x988, application start time 0xis-KU37V.tmp0.

Event Record #/Type4877 / Error
Event Submitted/Written: 03/10/2008 11:49:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application RegMech.exe, version 7.0.0.1010, time stamp 0x469c7102, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000096, fault offset 0x0036312f,
process id 0x17f4, application start time 0xRegMech.exe0.

Event Record #/Type4876 / Error
Event Submitted/Written: 03/10/2008 11:48:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application is-140AM.tmp, version 51.47.0.0, time stamp 0x2a425e19, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000096, fault offset 0x017734ea,
process id 0x16f4, application start time 0xis-140AM.tmp0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16857 / Error
Event Submitted/Written: 03/10/2008 10:06:52 PM
Event ID/Source: 14344 / WMPNetworkSvc
Event Description:
0xc00d2711

Event Record #/Type16856 / Error
Event Submitted/Written: 03/10/2008 10:06:52 PM
Event ID/Source: 14344 / WMPNetworkSvc
Event Description:
0xc00d2711

Event Record #/Type16827 / Error
Event Submitted/Written: 03/10/2008 10:06:02 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
PC Tools Security Service%%1053

Event Record #/Type16826 / Error
Event Submitted/Written: 03/10/2008 10:06:02 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
30000PC Tools Security Service

Event Record #/Type16825 / Error
Event Submitted/Written: 03/10/2008 10:06:02 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
PC Tools Auxiliary Service%%1053



-- End of Deckard's System Scanner: finished at 2008-03-11 02:26:06 ------------


And here is my results from CCleaner (install/uninstall txt?)

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
avast! Antivirus
AVG 7.5
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner (remove only)
COMODO Firewall Pro
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Core FTP LE 2.1
CyberLink YouCam
DVD Suite
EA Link
ESU for Microsoft Vista
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Windows Media Encoder (KB929182)
HP Active Support Library
HP Customer Experience Enhancements
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPSU306Stub
IPNetInfo
iTunes
Java™ 6 Update 2
Java™ 6 Update 3
LabelPrint
LightScribe System Software 1.10.13.1
LightScribeTemplateLabeler
LimeWire 4.16.6
LiveUpdate (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
Magic ISO Maker v5.4 (build 0256)
MediaMonkey 3.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (2.0.0.12)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Music Rescue 3.1.6
muvee autoProducer 6.1
My HP Games
Nero 8
neroxml
NetWaiting
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
NVIDIA Drivers
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.4
QuickTime
Registry Mechanic 7.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio EasyArchive
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Roxio RecordNow Premier
Roxio RecordNow Tools
Security Task Manager 1.7e
Slingbox Flash Tour
SlingPlayer
Spyware Doctor 5.5
Synaptics Pointing Device Driver
The Sims™ Life Stories
TiVo Desktop 2.5.1
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Update for Outlook 2007 Junk Email Filter (kb944965)
VCRedistSetup
VideoToolkit01
Viewpoint Media Player
Vongo
VSO ConvertXtoDVD 2.2.3.258h Licensed by AxMan
Winamp
WinAVI Video Converter
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinPatrol 2007
WinRAR archiver
WinZip
Xvid 1.1.3 final uninstall
Yahoo! Toolbar
YouCam

#3 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 30 March 2008 - 01:32 PM

NOD32 is a legitimate and very good program, but the version that was installed on your PC was an illegal pirated version, which explains the problems you had with it.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Right Click Erunt.exe and click Run as administrator to backup your registry to the folder of your choice.

Go to start>control panel>programs and features
Right click on each instance of
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
and click Uninstall & then follow the prompts to remove it.

Rpeat for these programs (They are outdtaed & vulnerable versions of Java):

Java™ 6 Update 2
Java™ 6 Update 3


Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 .
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.
You are running a P2P filesharing programme.
  • Many of these programmes come with unwanted components bundled with them.
  • If you wish to find out whether the one you're using does click here.

Please note: Even if you are using a "safe" P2P programme, it is only the programme that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


My recommendation is you uninstall it.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    HKEY_LOCAL_MACHINE\SOFTWARE\ESET
    C:\Windows\nod32fixtemdono.reg
  • Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Post back with the OTMoveit log, a new HijackThis log & a description of any remaining problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users