Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\windows\system32\itidat.dll Is Not A Valid Windows Image


  • This topic is locked This topic is locked
2 replies to this topic

#1 tranzorz

tranzorz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 24 June 2008 - 02:18 PM

I've been having a problem from my pc. I'm running Win XP Sp2. A few weeks ago the computer was doing this crazy boot loop. I managed to get through that part, but then I started receiving messages saying the computer was missing various .dll files. Also I received errors like C:\Windows\System32\itidat.dll is not a valid windows image. I then tried to reinstall win XP SP2 yesterday, but even in the install I got some error similar to the above valid image error. I googled similar errors and was led to believe that it might be malware related. But I'm far from an expert. I did a Kaspersky scan which resulted in a blank report. I'm posting my DSS report log for someone to analyze to assist me. BTW I already tried system restore with no success.

Deckard's System Scanner v20071014.68
Run by Precious Moore on 2008-06-24 14:56:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-24 18:57:28 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-06-24 17:22:54 UTC - RP3 - Installed Java™ 6 Update 6
2: 2008-06-24 15:02:57 UTC - RP2 - Spyware Doctor: Cleaning Threats
1: 2008-06-24 03:11:38 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Precious Moore.exe) --------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-24 14:59:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Precious Moore\Local Settings\Temp\jkos-Precious Moore\binaries\ScanningProcess.exe
C:\Documents and Settings\Precious Moore\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{841916D0-1F6E-4E0B-BF4A-C31FE07D4232}: NameServer = 68.105.28.11,68.105.29.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe


--
End of file - 5580 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 AIRPLUS (D-Link AirPlus Wireless Adapter) - c:\windows\system32\drivers\airplus.sys <Not Verified; D-Link; D-Link AirPlus 22 Mbps Wireless Network Adapter>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 13:26:13 0 d-------- C:\WINDOWS\Sun
2008-06-24 13:26:13 0 d-------- C:\Documents and Settings\Precious Moore\Application Data\Sun
2008-06-24 13:23:22 0 d-------- C:\Program Files\Java
2008-06-24 13:23:01 0 d-------- C:\Program Files\Common Files\Java
2008-06-24 12:23:39 0 d-------- C:\WINDOWS\LastGood
2008-06-23 23:06:56 0 d-------- C:\WINDOWS\Prefetch
2008-06-23 22:15:19 0 d-------- C:\WINDOWS\setup.pss
2008-06-13 00:53:33 0 d-------- C:\Inetpub
2008-06-03 00:01:08 0 d-------- C:\Program Files\IObit
2008-05-27 22:58:03 0 d-------- C:\New Folder


-- Find3M Report ---------------------------------------------------------------

2008-06-24 13:23:01 0 d-------- C:\Program Files\Common Files
2008-06-23 23:26:29 0 d-------- C:\Program Files\Spyware Doctor
2008-06-23 22:55:31 0 d-------- C:\Program Files\Movie Maker
2008-06-23 22:54:07 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-23 22:52:42 0 d-------- C:\Program Files\Windows NT
2008-06-23 08:00:13 0 d-------- C:\Documents and Settings\Precious Moore\Application Data\AVG7


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:54 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 04:28 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\Precious Moore\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]
OneNote Table Of Contents.onetoc2 [1/10/2008 2:27:14 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [11/13/2007 10:02:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d79574f-9269-11dc-9ff5-0080c8171fac}]
AutoRun\command- G:\setupSNK.exe

*Newly Created Service* - BITS
*Newly Created Service* - MSISERVER



-- End of Deckard's System Scanner: finished at 2008-06-24 15:00:56 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.50GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 502.98 MiB / 221.94 MiB
Pagefile Memory (total/avail): 1229.7 MiB / 815.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 30.27 GiB total, 15.74 GiB free.
D: is Fixed (FAT32) - 7.01 GiB total, 2.42 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - SAMSUNG SV0411N - 37.3 GiB - 2 partitions
\PARTITION0 - Unknown - 7.02 GiB - D:
\PARTITION1 (bootable) - Installable File System - 30.27 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Precious Moore\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LEVELS-9EA34A9C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Precious Moore
LOGONSERVER=\\LEVELS-9EA34A9C
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\Java\jre1.6.0_06\bin;C:\PROGRA~1\Java\jre1.6.0_06\bin;C:\PROGRA~1\Java\jre1.6.0_06\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PRECIO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PRECIO~1\LOCALS~1\Temp
USERDOMAIN=LEVELS-9EA34A9C
USERNAME=Precious Moore
USERPROFILE=C:\Documents and Settings\Precious Moore
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Daron Moore (admin)
Precious Moore (admin)
Kionte Linyear
DJ Moore (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced WindowsCare Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
D-Link AirPlus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe" -l0x9
e-Sword --> MsiExec.exe /I{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Documents and Settings\Precious Moore\Desktop\HijackThis.exe" /uninstall
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}


-- Application Event Log -------------------------------------------------------

Event Record #/Type355 / Warning
Event Submitted/Written: 06/23/2008 10:57:21 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type354 / Warning
Event Submitted/Written: 06/23/2008 10:57:21 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.

Event Record #/Type353 / Warning
Event Submitted/Written: 06/23/2008 10:57:20 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type352 / Warning
Event Submitted/Written: 06/23/2008 10:57:20 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.

Event Record #/Type351 / Warning
Event Submitted/Written: 06/23/2008 10:57:14 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7965 / Error
Event Submitted/Written: 06/24/2008 10:50:32 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type7964 / Error
Event Submitted/Written: 06/24/2008 10:50:29 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type7963 / Error
Event Submitted/Written: 06/24/2008 10:50:26 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type7962 / Error
Event Submitted/Written: 06/24/2008 10:50:21 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type7961 / Error
Event Submitted/Written: 06/24/2008 10:50:19 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-06-24 15:00:56 ------------

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:27 AM

Posted 17 July 2008 - 03:04 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:27 AM

Posted 23 July 2008 - 04:05 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users