Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Buritos.exe Infection Hjt And Dss Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 Blissy65

Blissy65

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 25 July 2008 - 02:54 PM

Hi there, I have the buritos.exe/karina.dat/braviax.exe infection from the bogus UPS email. I was unable to use Kaspersky since I am unable to get Java on this computer due to administrator rights. Here is the HJT log, followed by the DSS logs. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:32 PM, on 7/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PCCNTMON.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HJ\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Precision Technology USA
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\xpsecuritycenter.exe" /hide
O4 - HKLM\..\Run: [lphcvnuj0e9d1] C:\WINDOWS\system32\lphcvnuj0e9d1.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.de/partserver/viewer...3d/cnsweb3d.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://download.tenebril.com/pub/bin/scann...wareScanner.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193341471750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FB2B4949-13E9-43DE-8185-A8A27C225107} (CInstalledApps Object) - https://na3.salesforce.com/dwnld/IPChecker/...eAutoUpdate.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PTUSA.loc
O17 - HKLM\Software\..\Telephony: DomainName = PTUSA.loc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PTUSA.loc
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: crypt - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6811 bytes

DSS Main.txt Deckard's System Scanner v20071014.68
Run by ldavis on 2008-07-25 15:45:53
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 1 Restore Point(s) --
1: 2008-07-25 17:15:16 UTC - RP298 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as ldavis.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:04 PM, on 7/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PCCNTMON.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ldavis\Local Settings\Temporary Internet Files\Content.IE5\USY1GCIZ\dss[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HJ\ldavis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Precision Technology USA
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\xpsecuritycenter.exe" /hide
O4 - HKLM\..\Run: [lphcvnuj0e9d1] C:\WINDOWS\system32\lphcvnuj0e9d1.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.de/partserver/viewer...3d/cnsweb3d.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://download.tenebril.com/pub/bin/scann...wareScanner.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193341471750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FB2B4949-13E9-43DE-8185-A8A27C225107} (CInstalledApps Object) - https://na3.salesforce.com/dwnld/IPChecker/...eAutoUpdate.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PTUSA.loc
O17 - HKLM\Software\..\Telephony: DomainName = PTUSA.loc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PTUSA.loc
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: crypt - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6905 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkhdaud.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 OfcPfwSvc (Trend Micro Client/Server Security Agent Personal Firewall) - c:\program files\trend micro\client server security agent\ofcpfwsvc.exe <Not Verified; Trend Micro Inc.; Trend Micro Client/Server/Messaging Security for SMB>
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 SolidWorks Licensing Service - "c:\program files\common files\solidworks shared\service\solidworkslicensing.exe" <Not Verified; SolidWorks; SolidWorks Licensing Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-25 14:46:53 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-25 14:05:52 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-07-25 13:31:10 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-25 13:31:02 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-25 13:19:42 0 d-------- C:\Program Files\Spyware Doctor
2008-07-25 09:09:23 0 d-------- C:\Program Files\Yahoo!
2008-07-25 08:44:57 9304 --a------ C:\WINDOWS\system32\braviax.VIR
2008-07-24 17:04:45 110080 --a------ C:\WINDOWS\system32\lphcvnuj0e9d1.exe
2008-07-24 13:13:46 0 d-------- C:\Program Files\XPSecurityCenter
2008-07-24 12:11:33 104 --a------ C:\WINDOWS\system32\delself.bat
2008-07-24 08:20:51 0 d--hs---- C:\WINDOWS\system32\wsnpoem


-- Find3M Report ---------------------------------------------------------------

2008-07-25 14:45:19 0 d-------- C:\Program Files\Trend Micro
2008-07-25 13:31:10 0 d-------- C:\Program Files\Common Files
2008-07-25 13:19:41 0 d-------- \\192.168.100.4\users\ldavis\Application Data\PC Tools
2008-07-25 10:30:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-25 10:20:17 0 d-------- C:\Program Files\Google
2008-07-25 09:09:21 0 d-------- \\192.168.100.4\users\ldavis\Application Data\Yahoo!
2008-07-25 08:43:02 0 d-------- \\192.168.100.4\users\ldavis\Application Data\InstallShield
2008-07-22 11:24:18 0 d-------- \\192.168.100.4\users\ldavis\Application Data\Adobe
2008-06-17 10:10:38 0 d-------- \\192.168.100.4\users\ldavis\Application Data\cadenas
2008-06-10 20:18:03 0 d-------- C:\Program Files\Windows Defender
2008-06-10 19:52:13 0 d-------- C:\Program Files\Messenger
2008-06-10 19:51:29 0 d-------- C:\Program Files\Movie Maker
2008-06-10 19:46:51 0 d-------- C:\Program Files\Windows NT
2008-06-10 19:23:24 0 d-------- C:\Program Files\Common Files\AOL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/05/2006 09:11 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/05/2006 09:13 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [10/05/2006 09:10 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 07:53 PM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [04/14/2008 05:42 AM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [03/29/2007 08:10 AM]
"NA1Messenger"="C:\UPS\WSTD\UPSNA1Msgr.exe" [12/13/2007 04:53 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"braviax"="C:\WINDOWS\system32\braviax.exe" []
"XP SecurityCenter"="C:\Program Files\XPSecurityCenter\xpsecuritycenter.exe" []
"lphcvnuj0e9d1"="C:\WINDOWS\system32\lphcvnuj0e9d1.exe" [07/24/2008 05:04 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [07/16/2008 09:16 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [03/12/2007 02:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"braviax"=C:\WINDOWS\system32\braviax.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [5/3/2005 10:07:32 PM]
UPS WorldShip Messaging Utility.lnk - C:\UPS\WSTD\WSTDMessaging.exe [12/13/2007 4:55:54 PM]
UPS WorldShip PLD Reminder Utility.lnk - C:\UPS\WSTD\wstdPldReminder.exe [12/12/2007 10:05:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableRegistryTools"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-1547161642-725345543-1136\Scripts\Logon\0\0]
"Script"=\\ptusa.loc\sysvol\PTUSA.loc\scripts\Logon.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-1547161642-725345543-1154\Scripts\Logon\0\0]
"Script"=\\ptusa.loc\sysvol\PTUSA.loc\scripts\Logon.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-1547161642-725345543-1216\Scripts\Logon\0\0]
"Script"=\\ptusa.loc\sysvol\PTUSA.loc\scripts\Logon.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - NTRTSCAN
*Newly Created Service* - OFCPFWSVC
*Newly Created Service* - TMLISTEN



-- End of Deckard's System Scanner: finished at 2008-07-25 15:47:31 ------------

DSS Extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU 2140 @ 1.60GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 503.17 MiB / 125.8 MiB
Pagefile Memory (total/avail): 1229.86 MiB / 690.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.13 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 66.31 GiB free.
D: is CDROM (No Media)
Y: is Network (NTFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - WDC WD800JD-00MSA1 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=\\192.168.100.4\users\ldavis\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ldavis
LOGONSERVER=\\EXCHANGE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ldavis\LOCALS~1\Temp
TMP=C:\DOCUME~1\ldavis\LOCALS~1\Temp
USERDNSDOMAIN=PTUSA.LOC
USERDOMAIN=PTUSA
USERNAME=ldavis
USERPROFILE=C:\Documents and Settings\ldavis
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

init (admin)
sward (admin)
mmixon (new local, admin, net ready)
ldavis (admin)
User (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13FC0634-B6EE-4518-9589-AB50B5C079AD}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B785F89C-FD1A-466F-9AF3-32A060A1099A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3DD1358-7E23-44CB-BC72-791C390269F0}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacast Client --> C:\Documents and Settings\ldavis\Local Settings\Application Data\Abacast\uninst.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Attansic Giga Ethernet Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9
Attansic L2 Fast Ethernet Driver --> rundll32.exe C:\WINDOWS\system32\Attansic\L2\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L2 x86 1969 2048 L2
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CCC --> MsiExec.exe /I{95749C5B-BC37-41E3-8D39-EEF4C21A2825}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dell Software Uninstall --> C:\Program Files\Dell_HostCD\Install\x86\Uninstall.exe
eDrawings 2008 --> MsiExec.exe /I{4F2A42E9-C0A7-4C56-92A8-6EC6CB7D815C}
FormsComponent --> MsiExec.exe /I{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}
FOSS --> MsiExec.exe /I{EA9629DA-5715-48BA-B054-28169702B176}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HJ\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server Desktop Engine (UPSWSDBSERVER) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSIChecker --> MsiExec.exe /I{C9D43B38-34AD-4EC2-B696-46F42D49D174}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NA1Messenger --> MsiExec.exe /I{D44E7219-947E-4F1B-830E-66EF11ACC543}
Nero 7 Essentials --> MsiExec.exe /I{779C40FF-9211-427B-A5C4-2026B85A1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NRF --> MsiExec.exe /I{68AF09E3-1167-4771-903C-CCCDCF7E171C}
PolicyManager --> MsiExec.exe /I{56B59C2A-EFB8-44AC-88F5-3280171E4522}
Reconciler --> MsiExec.exe /I{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}
ReportServer --> MsiExec.exe /I{33035862-543C-4405-9CC6-08593CF2C25F}
RRU --> MsiExec.exe /I{ED782024-4713-4DD6-85FA-B2B038DE4007}
Spyware Doctor 6.0 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SupportUtility --> MsiExec.exe /I{C30E30A6-0AB5-470A-AB67-D322938F5429}
System --> MsiExec.exe /I{DB2C58E0-6284-4B48-97F2-22A980B6360B}
Trend Micro Client/Server Security Agent --> "C:\Program Files\Trend Micro\Client Server Security Agent\ntrmv.exe"
UPS WorldShip --> C:\UPS\WSTD\Uninstall\Uninstall.exe
UPSDB --> MsiExec.exe /I{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}
UPSICC --> MsiExec.exe /I{390160B4-D276-4A04-8002-8D3101A0D367}
UPSlinkHTTP --> MsiExec.exe /I{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebHelp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C5BD501-AD5D-4A75-9321-076509B438FC}\Setup.exe" -l0x9 -removeonly
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WorldShip --> MsiExec.exe /I{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type2516 / Error
Event Submitted/Written: 07/25/2008 03:08:50 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of http://javadl.sun.com/webapps/download/Get...6.0_07-iftw.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type2512 / Error
Event Submitted/Written: 07/25/2008 02:08:59 PM
Event ID/Source: 1000 / .NET Runtime 2.0 Error Reporting
Event Description:
Faulting application worldshiptd.exe, version 10.0.47.0, stamp 4822627a, faulting module worldshiptd.exe, version 10.0.47.0, stamp 4822627a, debug? 0, fault address 0x0060b3ad.

Event Record #/Type2505 / Error
Event Submitted/Written: 07/25/2008 01:11:02 PM / 07/25/2008 01:11:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application xpsecuritycenter.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [xpsecuritycenter.exe!ws!]

Event Record #/Type2503 / Warning
Event Submitted/Written: 07/25/2008 01:10:54 PM
Event ID/Source: 1202 / SceCli
Event Description:
Security policies were propagated with warning.
0x4b8 : An extended error has occurred.

For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "Troubleshooting Event 1202's".

Event Record #/Type2484 / Error
Event Submitted/Written: 07/25/2008 08:49:57 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application xpsecuritycenter.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [xpsecuritycenter.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15682 / Error
Event Submitted/Written: 07/25/2008 02:28:31 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
Fips
intelppm

Event Record #/Type15681 / Error
Event Submitted/Written: 07/25/2008 02:27:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type15677 / Warning
Event Submitted/Written: 07/25/2008 02:22:31 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP Photosmart Pro B8300 series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hpw83003.GPD, UNIDRV.HLP, hpw8300a.ini, hpzst463.dll, hpw83003.xml, hpzsc463.dtd, hpzui463.dll, hpz3r463.dll, hpzpr463.dll, hpcdmc32.dll, hpbcfgre.dll, hpwh8300.cfg, hpzsm463.gpd, hpz3m463.gpd, hpzev463.dll, hpzhl463.cab, STDNAMES.GPD, hpz3l464.dll, hpz3a463.dll, hpzss463.dll, hpfie463.dll, hpfig463.dll, hpfrs463.dll, HPNRA.EXE, HPBNRAC2.DLL, HPBMINI.DLL, HPCEAC05.HPI, HPBMIAPI.DLL, HPBOID.EXE, HPBOIDPS.DLL, HPBPRO.EXE, HPBPROPS.DLL, HPPAPTS0.DLL, HPPASNM0.DLL, HPPAPML0.DLL, HPZIPM12.EXE, HPZIPT12.DLL, HPZINW12.EXE, HPZIPR12.DLL, HPZISN12.DLL, HPJCMN2U.DLL, HPJIPX1U.DLL, HPZIDR12.DLL, UNIRES.DLL.

Event Record #/Type15676 / Warning
Event Submitted/Written: 07/25/2008 02:15:00 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP Photosmart Pro B8300 series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hpw83003.GPD, UNIDRV.HLP, hpw8300a.ini, hpzst463.dll, hpw83003.xml, hpzsc463.dtd, hpzui463.dll, hpz3r463.dll, hpzpr463.dll, hpcdmc32.dll, hpbcfgre.dll, hpwh8300.cfg, hpzsm463.gpd, hpz3m463.gpd, hpzev463.dll, hpzhl463.cab, STDNAMES.GPD, hpz3l464.dll, hpz3a463.dll, hpzss463.dll, hpfie463.dll, hpfig463.dll, hpfrs463.dll, HPNRA.EXE, HPBNRAC2.DLL, HPBMINI.DLL, HPCEAC05.HPI, HPBMIAPI.DLL, HPBOID.EXE, HPBOIDPS.DLL, HPBPRO.EXE, HPBPROPS.DLL, HPPAPTS0.DLL, HPPASNM0.DLL, HPPAPML0.DLL, HPZIPM12.EXE, HPZIPT12.DLL, HPZINW12.EXE, HPZIPR12.DLL, HPZISN12.DLL, HPJCMN2U.DLL, HPJIPX1U.DLL, HPZIDR12.DLL, UNIRES.DLL.

Event Record #/Type15675 / Warning
Event Submitted/Written: 07/25/2008 02:14:59 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP Photosmart Pro B8300 series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hpw83003.GPD, UNIDRV.HLP, hpw8300a.ini, hpzst463.dll, hpw83003.xml, hpzsc463.dtd, hpzui463.dll, hpz3r463.dll, hpzpr463.dll, hpcdmc32.dll, hpbcfgre.dll, hpwh8300.cfg, hpzsm463.gpd, hpz3m463.gpd, hpzev463.dll, hpzhl463.cab, STDNAMES.GPD, hpz3l464.dll, hpz3a463.dll, hpzss463.dll, hpfie463.dll, hpfig463.dll, hpfrs463.dll, HPNRA.EXE, HPBNRAC2.DLL, HPBMINI.DLL, HPCEAC05.HPI, HPBMIAPI.DLL, HPBOID.EXE, HPBOIDPS.DLL, HPBPRO.EXE, HPBPROPS.DLL, HPPAPTS0.DLL, HPPASNM0.DLL, HPPAPML0.DLL, HPZIPM12.EXE, HPZIPT12.DLL, HPZINW12.EXE, HPZIPR12.DLL, HPZISN12.DLL, HPJCMN2U.DLL, HPJIPX1U.DLL, HPZIDR12.DLL, UNIRES.DLL.



-- End of Deckard's System Scanner: finished at 2008-07-25 15:47:31 ------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 25 July 2008 - 08:06 PM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.


Please post the following logs in your next reply..

1. SDFix
2. A fresh DSS log (after SDFix step)



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 06 August 2008 - 08:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users