Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Acting Strangely.


  • This topic is locked This topic is locked
2 replies to this topic

#1 pengchee

pengchee

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 29 July 2008 - 12:43 AM

I am having a problem with this appearance on my desktop. I tried to set my display and found I only have 3 tabs for setting, 1.Themes,2.Apperance and 3.setting. Where is the screensaver tab gone ? When I set it to Windows xp theme it still remain in classic mode although it say windows xp. I also have a freak appearance when I leave it on for sometimes it automatically goes to the windows welcome/start screen and I just press F5 and it will return back to the page I am using. What cause this problem, please do the needfull. My OS. XP Pro. SP2. Thanks.

Herewith is the HJT log.
Deckard's System Scanner v20071014.68
Run by Chee on 2008-07-29 12:23:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-07-29 19:23:41 UTC - RP125 - Deckard's System Scanner Restore Point
4: 2008-07-28 22:53:03 UTC - RP124 - System Checkpoint
3: 2008-07-27 21:25:39 UTC - RP123 - Uninstalled with Total Uninstall "AntivirXP08"
2: 2008-07-27 21:09:55 UTC - RP122 - Last good restore point
1: 2008-07-27 21:09:45 UTC - RP121 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chee.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:25 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Shadow Defender\DefenderDaemon.exe
C:\Documents and Settings\Chee\Desktop\Portables\DU Meter\DUMeter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\vsnapvss.exe
C:\Documents and Settings\Chee\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chee.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Shadow Defender Daemon] "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /auto
O4 - HKLM\..\Run: [DU Meter] C:\Documents and Settings\Chee\Desktop\Portables\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208710069765
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Documents and Settings\Chee\Desktop\ACRONIS\schedule2\schedul2.exe (file missing)
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ShadowProtect Service (ShadowProtectSvc) - StorageCraft Technology Corporation - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VIUXGN - Unknown owner - C:\DOCUME~1\Chee\LOCALS~1\Temp\VIUXGN.exe (file missing)
O23 - Service: StorageCraft Shadow Copy Provider (VSNAPVSS) - StorageCraft Technology Corporation - C:\WINDOWS\system32\vsnapvss.exe

--
End of file - 7026 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 diskpt - c:\windows\system32\drivers\diskpt.sys <Not Verified; shadowdefender.com; Shadow Defender>
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 stcvsm - c:\windows\system32\drivers\stcvsm.sys <Not Verified; StorageCraft Technology Corporation; StorageCraft Volume Snapshot>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 sbmount (StorageCraft Image Mount Driver) - c:\windows\system32\drivers\sbmount.sys <Not Verified; StorageCraft Technology Corporation; ShadowProtect ™>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 HSF_DP - c:\windows\system32\drivers\hsfdpsp2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfbs2s2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 winachsf - c:\windows\system32\drivers\hsfcxts2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\c:\documents and settings\chee\desktop\acronis\drivers\timntr.sys (file missing)
S2 tifsfilter (Acronis TrueImage FS Filter) - c:\documents and settings\chee\desktop\acronis\drivers\tifsfilt.sys (file missing)
S3 BthEnum (Bluetooth Enumerator Service) - c:\windows\system32\drivers\bthenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe -k bthsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ekrn (Eset Service) - "c:\program files\eset\eset nod32 antivirus\ekrn.exe" <Not Verified; ESET; ESET Smart Security>
R2 ShadowProtectSvc (ShadowProtect Service) - "c:\program files\storagecraft\shadowprotect\shadowprotectsvc.exe" <Not Verified; StorageCraft Technology Corporation; ShadowProtect ™>
R2 UxTuneUp (TuneUp Theme Extension) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 VSNAPVSS (StorageCraft Shadow Copy Provider) - c:\windows\system32\vsnapvss.exe <Not Verified; StorageCraft Technology Corporation; StorageCraft Volume Snapshot>

S2 AcrSch2Svc (Acronis Scheduler2 Service) - c:\documents and settings\chee\desktop\acronis\schedule2\schedul2.exe (file missing)
S3 VIUXGN - c:\docume~1\chee\locals~1\temp\viuxgn.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1039&DEV_6325&SUBSYS_00181025&REV_00\4&3525EC23&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1039&DEV_6325&SUBSYS_00181025&REV_00\4&3525EC23&0&0008
Service:


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 12:01:00 0 d-------- C:\Program Files\Trend Micro
2008-07-29 11:17:51 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-27 20:29:12 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-27 20:17:38 0 d-------- C:\Documents and Settings\Chee\Application Data\WinCare2008
2008-07-27 14:09:55 0 d-a------ C:\Program Files\rhccmfj0e3ej
2008-07-27 14:09:10 60928 --a------ C:\WINDOWS\system32\blphc9mfj0e3ej.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-27 13:17:01 0 d-------- C:\Program Files\Chinese Symbol Studio
2008-07-27 10:25:59 0 d-------- C:\Documents and Settings\Chee\CSB
2008-07-26 15:36:34 0 d-------- C:\Program Files\InkSaver
2008-07-26 14:08:07 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-24 15:56:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-12 22:36:22 0 dr-h----- C:\Documents and Settings\Chee\Recent
2008-07-09 18:13:35 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-04 23:25:05 0 d-------- C:\Documents and Settings\Chee\Application Data\Desktopicon
2008-07-03 23:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Martau
2008-07-03 23:42:11 1612 --a------ C:\debug_{2C1FA878-1A01-C702-131A-19C9FF53F0E6}_.reg
2008-07-03 22:22:20 0 d-------- C:\Program Files\DATA BECKER
2008-07-02 23:37:38 0 d-------- C:\Program Files\Lavasoft
2008-07-02 22:45:19 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-01 00:00:28 0 d-------- C:\Program Files\STDU Viewer
2008-07-01 00:00:28 0 d-------- C:\Program Files\Common Files\STDUtility


-- Find3M Report ---------------------------------------------------------------

2008-07-29 11:07:55 310 --a------ C:\Documents and Settings\Chee\Application Data\APUSet.xml
2008-07-29 11:07:54 6467 --a------ C:\Documents and Settings\Chee\Application Data\PrimoPDFSet.xml
2008-07-28 16:28:12 0 d-------- C:\Documents and Settings\Chee\Application Data\Thinstall
2008-07-28 16:09:33 0 d-------- C:\Documents and Settings\Chee\Application Data\Vso
2008-07-28 16:09:33 0 d-------- C:\Documents and Settings\Chee\Application Data\CopyToDvd
2008-07-28 13:53:43 0 d-------- C:\Documents and Settings\Chee\Application Data\Mozilla
2008-07-27 21:28:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-27 20:52:11 0 d-------- C:\Program Files\PrintFolder Pro
2008-07-27 17:16:48 0 d-------- C:\Program Files\FlashGet
2008-07-26 15:36:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-02 23:37:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 00:00:28 0 d-------- C:\Program Files\Common Files
2008-06-30 17:01:35 0 d-------- C:\Documents and Settings\Chee\Application Data\tinySpell
2008-05-29 13:57:35 0 d-------- C:\Program Files\Ahead
2008-05-29 13:56:30 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-24 22:01:26 48 --a------ C:\Documents and Settings\Chee\Application Data\Printer.ini
2008-05-20 18:06:17 507392 --a------ C:\WINDOWS\system32\AutoPartNt.exe <Not Verified; Acronis; Acronis Autopart>
2008-04-29 16:35:41 37888 --a------ C:\WINDOWS\system32\setupnt.dll <Not Verified; ; Setupnt Dynamic Link Library>
2008-04-29 16:35:40 126976 --a------ C:\WINDOWS\system32\snapapi.dll <Not Verified; Acronis; Acronis Snapshot API>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [09/27/2005 12:16 PM]
"SoundMan"="SOUNDMAN.EXE" [06/20/2005 06:42 AM C:\WINDOWS\SOUNDMAN.EXE]
"Shadow Defender Daemon"="C:\Program Files\Shadow Defender\DefenderDaemon.exe" [02/23/2008 08:16 PM]
"DU Meter"="C:\Documents and Settings\Chee\Desktop\Portables\DU Meter\DUMeter.exe" [11/27/2006 03:18 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [03/13/2008 04:48 PM]
"DefragTaskBar"="C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [04/18/2008 09:11 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/01/2008 09:15 PM]
"InkSaver"="C:\Program Files\InkSaver\InkSaver.exe" [04/18/2006 11:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [01/08/2008 01:31 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [6/7/2006 5:05:38 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-07-29 12:25:10 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 623.48 MiB / 347.4 MiB
Pagefile Memory (total/avail): 949.82 MiB / 675.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.06 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 48.83 GiB total, 42.87 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 67.63 GiB total, 53.8 GiB free.
G: is Fixed (NTFS) - 32.59 GiB total, 29.55 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD1600AAJB-00PVA0 - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 48.83 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 100.22 GiB - F: - G:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Sygate Personal Firewall Pro v4.6 (Sygate Technologies, Inc.)
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Chee\\Desktop\\Ace_Translator_v5.0_by_zarksentinel_neopluz\\Ace Translator v5.0\\acetrans.exe"="C:\\Documents and Settings\\Chee\\Desktop\\Ace_Translator_v5.0_by_zarksentinel_neopluz\\Ace Translator v5.0\\acetrans.exe:*:Enabled:Ace Translator"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chee\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHEE-42852726C1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chee
LOGONSERVER=\\CHEE-42852726C1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chee\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chee\LOCALS~1\Temp
USERDOMAIN=CHEE-42852726C1
USERNAME=Chee
USERPROFILE=C:\Documents and Settings\Chee
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Chee (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acronis Migrate Easy --> C:\Program Files\Acronis\MigrateEasy\MediaBuilder.exe -uninstall
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Ashampoo Magical Defrag 2 --> "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\unins000.exe"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BJC-1000SP --> C:\WINDOWS\system32\CNMCP2I.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon BJC-1000SP Installer\Inst\DeIsL1.isu" -pCanon BJC-1000SP-c"C:\BJPrinter\CNMWINDOWS\Canon BJC-1000SP Installer\Inst\bjinst.dll
Cookie Remover Platinum 2004 --> MsiExec.exe /I{C734229F-C68E-43FC-953A-52E0304F28BD}
DATA BECKER Your Handwriting II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DATA BECKER\Your Handwriting II\Uninst.isu"
Data Lifeguard Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DriverAgent Plugin for Netscape by TouchStone Software --> RunDll32.exe advpack.dll, LaunchINFSection driveragent_np.inf,TVICHW32Remove
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InkSaver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1D12A299-A473-480A-AEF4-05DB1733AEB0}
K-Lite Codec Pack 3.8.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Math Easy --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Math Easy\Uninst.isu"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\nero\uninstall\UNNERO.exe /UNINSTALL
Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
PrimoPDF --> "C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
RaimaRadio 2.0 --> "C:\Program Files\RaimaRadioPro\unins000.exe"
Shadow Defender --> "C:\Program Files\Shadow Defender\unins000.exe"
ShadowProtect Desktop --> C:\Program Files\InstallShield Installation Information\{8850DEC8-22FD-4F05-A3AA-49B91200C24F}\setup.exe -runfromtemp -l0x0009 -removeonly
Spotmau Wincare 2008 --> "C:\Program Files\Spotmau WinCare 2008\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
STDU Viewer version 1.4.16.0 --> "C:\Program Files\STDU Viewer\unins000.exe"
Sygate Personal Firewall Pro --> MsiExec.exe /I{10B446B3-4DF4-4489-A168-8A98F7CD807E}
tinySpell 1.7.010 --> "C:\Program Files\tinySpell\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TVUPlayer 2.3.6.1 --> C:\Program Files\TVUPlayer\uninst.exe
Unlocker 1.8.7 --> C:\Program Files\Unlocker\uninst.exe
VSO CopyToDVD 4 --> "C:\Program Files\VSO\unins000.exe"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1006 / Success
Event Submitted/Written: 07/29/2008 10:34:22 AM
Event ID/Source: 1002 / ShadowProtectSvc
Event Description:
ShadowProtect Service Started

Event Record #/Type1002 / Error
Event Submitted/Written: 07/28/2008 04:29:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application akd5.exe, version 5.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [akd5.exe!ws!]

Event Record #/Type1000 / Success
Event Submitted/Written: 07/28/2008 10:57:55 AM
Event ID/Source: 1002 / ShadowProtectSvc
Event Description:
ShadowProtect Service Started

Event Record #/Type995 / Error
Event Submitted/Written: 07/27/2008 08:29:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type994 / Error
Event Submitted/Written: 07/27/2008 08:29:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application VIUXGN.exe, version 1.71.0.0, faulting module comctl32.dll, version 6.0.2900.2982, fault address 0x000048c6.
Processing media-specific event for [VIUXGN.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4116 / Error
Event Submitted/Written: 07/29/2008 10:34:23 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
timounter

Event Record #/Type4115 / Error
Event Submitted/Written: 07/29/2008 10:34:21 AM
Event ID/Source: 7003 / Service Control Manager
Event Description:
The Acronis Scheduler2 Service service depends on the following nonexistent service: S

Event Record #/Type4114 / Error
Event Submitted/Written: 07/29/2008 10:34:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Acronis TrueImage FS Filter service failed to start due to the following error:
%%123

Event Record #/Type4104 / Warning
Event Submitted/Written: 07/28/2008 04:18:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4103 / Warning
Event Submitted/Written: 07/28/2008 11:01:58 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0010DC2FF1D3. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-07-29 12:25:10 ------------

BC AdBot (Login to Remove)

 


#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:40 AM

Posted 08 August 2008 - 09:54 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#3 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:40 AM

Posted 13 August 2008 - 08:07 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users