Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Request To Review Dss And Hijackthis Log

  • This topic is locked This topic is locked
2 replies to this topic

#1 bumpbitchley


  • Members
  • 2 posts
  • Local time:10:57 AM

Posted 29 July 2008 - 01:13 PM

Deckard's System Scanner v20071014.68
Run by Ibm on 2008-07-29 12:52:22
Computer is in Normal Mode.

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
55: 2008-07-29 17:52:39 UTC - RP440 - Deckard's System Scanner Restore Point
54: 2008-07-29 08:00:26 UTC - RP439 - Software Distribution Service 3.0
53: 2008-07-29 01:15:56 UTC - RP438 - Installed Roxio Media Manager
52: 2008-07-29 01:01:26 UTC - RP437 - Installed BlackBerry Desktop Software 4.3.
51: 2008-07-28 12:59:29 UTC - RP436 - System Checkpoint

-- First Restore Point --
1: 2008-06-12 07:45:59 UTC - RP386 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).

-- HijackThis (run as Ibm.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:43 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ibm\Local Settings\Temporary Internet Files\Content.IE5\UNDI899H\dss[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?c1ed691a20734536b6e365cdd1d2024
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?c1ed691a20734536b6e365cdd1d2024
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RIP Listener (Iprip) - Apple Inc. - (no file)
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

End of file - 8339 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 hwinterface - c:\windows\system32\drivers\hwinterface.sys <Not Verified; Buzz; hwinterface Driver Version 1.0>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 DLPortIO (DriverLINX Port I/O Driver) - c:\windows\system32\drivers\dlportio.sys
R2 MDC8021X (WPA Security Protocol (IEEE 802.1x) v2.2.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R2 V7 - c:\windows\system32\drivers\v7.sys <Not Verified; IBM Corporation; IBM V7 Driver for Windows NT/2000>
R3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\windows\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>

S3 BWNDIS5 (BWNDIS5 NDIS Protocol Driver) - c:\windows\system32\bwndis5.sys (file missing)
S3 CEUSBAUD (Lexicon USB MIDI Driver1) - c:\windows\system32\drivers\ceusbaud.sys <Not Verified; CEntrance, Inc.; USB MIDI device>
S3 CSVirtA (Cisco Systems SSL VPN Adapter) - c:\windows\system32\drivers\csvirta.sys (file missing)
S3 EGATHDRV (IBM eGatherer Diagnostics) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 PRISM_ICB (NETGEAR WG511 Wireless LAN Driver) - c:\windows\system32\drivers\wg511icb.sys <Not Verified; Conexant Systems, Inc.; PRISM 802.11 Wireless LAN>
S3 SIS162u (NETGEAR) - c:\windows\system32\drivers\ma111v2.sys <Not Verified; SiS Corporation; SiS162 usb Wireless LAN Adapter>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 QCONSVC - system32\qconsvc.exe

S2 Iprip (RIP Listener) -
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-29 11:19:57 458 --a------ C:\WINDOWS\Tasks\BMMTask.job
2008-07-29 06:54:33 444 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-07-29 06:54:29 434 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-07-29 03:00:00 358 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-07-25 11:16:09 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-24 03:00:00 368 --a------ C:\WINDOWS\Tasks\RegCure.job

-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 12:44:04 0 d-------- C:\Program Files\Trend Micro
2008-07-29 03:00:40 0 d-------- C:\Program Files\MSXML 6.0
2008-07-28 20:38:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-07-28 20:38:43 0 d-------- C:\Documents and Settings\Ibm\Application Data\Roxio
2008-07-28 20:36:22 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-28 20:35:57 0 d-------- C:\Documents and Settings\Ibm\Application Data\Research In Motion
2008-07-28 20:22:20 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-28 20:21:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-28 20:17:05 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-28 20:17:02 0 d-------- C:\Program Files\Roxio
2008-07-28 20:17:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-07-28 20:16:54 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-07-28 20:01:39 0 d-------- C:\Program Files\Research In Motion
2008-07-28 19:52:48 0 d--hs---- C:\WINDOWS\ftpcache
2008-07-21 16:33:20 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-10 18:36:14 0 d-------- C:\Documents and Settings\errbodyelse\Application Data\AVGTOOLBAR
2008-07-09 22:37:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

-- Find3M Report ---------------------------------------------------------------

2008-07-29 10:21:37 0 d-------- C:\Documents and Settings\Ibm\Application Data\OpenOffice.org2
2008-07-28 20:20:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-28 20:17:05 0 d-------- C:\Program Files\Common Files
2008-07-28 20:17:02 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-28 20:02:20 0 d-------- C:\Program Files\Common Files\Research in Motion
2008-07-22 06:42:02 0 d-------- C:\Program Files\XoftSpySE
2008-07-09 22:38:04 0 d-------- C:\Program Files\Lavasoft
2008-06-26 06:21:36 0 d-------- C:\Program Files\WinAce
2008-06-26 06:19:14 0 d-------- C:\Program Files\Setup
2008-06-25 22:07:04 0 d-------- C:\Documents and Settings\Ibm\Application Data\AVGTOOLBAR
2008-06-25 21:45:03 0 d-------- C:\Program Files\AVG
2008-06-02 07:30:47 0 d-------- C:\Documents and Settings\Ibm\Application Data\U3

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/04/2008 09:32 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/04/2008 09:32 AM 2055960]


"S3TRAY2"="S3Tray2.exe" [11/12/2001 04:31 AM C:\WINDOWS\system32\S3Tray2.exe]
"TrackPointSrv"="tp4serv.exe" [09/14/2001 05:03 AM C:\WINDOWS\system32\tp4serv.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [07/09/2001 06:19 PM]
"WG511WLU"="C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [11/09/2004 03:55 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"UC_SMB"="" []
"TP4EX"="tp4ex.exe" [07/05/2001 03:02 AM C:\WINDOWS\system32\TP4EX.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/05/2007 07:13 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/04/2008 09:32 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 08:56 AM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/29/2007 12:26 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]



@="Volume shadow copy"

AutoRun\command- D:\start.exe

*Newly Created Service* - ROXIO_UPNP_SERVER_9
*Newly Created Service* - ROXLIVESHARE9
*Newly Created Service* - ROXMEDIADB9
*Newly Created Service* - ROXWATCH9

-- End of Deckard's System Scanner: finished at 2008-07-29 12:58:11 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® III CPU - M 1133MHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 382.92 MiB / 112.71 MiB
Pagefile Memory (total/avail): 921.61 MiB / 558.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.89 MiB

C: is Fixed (NTFS) - 27.07 GiB total, 9.38 GiB free.

\\.\PHYSICALDRIVE0 - HTS424030M9AT00 - 27.95 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 27.07 GiB - C:
\PARTITION1 - Unknown - 900.7 MiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\messenger\\msmsgs.exe"="C:\\Program Files\\messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\FreeStyler\\EasyView.exe"="C:\\Program Files\\FreeStyler\\EasyView.exe:*:Enabled:3D visualizer"
"C:\\Program Files\\FreeStyler\\Art-Net to DMX.exe"="C:\\Program Files\\FreeStyler\\Art-Net to DMX.exe:*:Enabled:Art-Net to DMX"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ibm\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
HOMEPATH=\Documents and Settings\Ibm
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 4, GenuineIntel
ProgramFiles=C:\Program Files
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
USERPROFILE=C:\Documents and Settings\Ibm

-- User Profiles ---------------------------------------------------------------

Ibm (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{2BE0C605-9BEC-434D-9FAE-931194E72414}
--> MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
--> MsiExec.exe /I{726A362E-EBFD-4C3F-8664-6593C2B08386}
--> MsiExec.exe /I{943CB81D-11B9-401E-8305-752528D00AA1}
--> MsiExec.exe /I{E75F019D-98A0-4B39-B1A8-3A01400D2A18}
--> MsiExec.exe /X{F664EDB9-59DF-452A-A3D7-085ED1B8D374}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access ThinkPad --> MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{D793A12F-E362-48BB-B332-1DA5E936B52D}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{D793A12F-E362-48BB-B332-1DA5E936B52D}
BlackBerry USB Drivers --> MsiExec.exe /X{B256C753-09EB-40AA-B6CA-AC72F4D1B543}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVC301 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AA4D39A-C9FE-4EC9-8DA5-57015C4260C1}\Setup.exe"
DVDExpress --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu"
Elation Compu 2004 --> "c:\SL2004\unins000.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FreeStyler --> "C:\Program Files\FreeStyler\unins001.exe"
Golden Tee Golf Course Addon #1 --> C:\Games\GOLDEN~1\UNWISE.EXE C:\Games\GOLDEN~1\INSTALL.LOG
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
IBM Access Connections --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\ConnectUtilities\Uncnwiz.isu" -c"C:\Program Files\ThinkPad\ConnectUtilities\qcinst32.dll"
IBM ThinkPad Access Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C4592C6-29CC-11D5-95C7-0004ACFE3ABF}\Setup.exe"
IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
IBM TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
IBM TrackPoint Support --> C:\WINDOWS\System32\tp4unins.exe
IBM Update Connector --> MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexicon Omega Studio(remove only) --> C:\Program Files\Lexicon\Omega\OmegaStudioUninstaller.exe
LimeWire 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Loud Technologies EAW Smaart v6.0 --> "C:\Program Files\Smaart 6\Uninstall\unins000.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic 3D EasyView --> "c:\SLMEV\unins000.exe"
Martin LightJockey version 2.7 build 5 --> "C:\Program Files\Martin Professional\Martin LightJockey\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox ( --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua " (en-US)"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Search Toolbar --> MsiExec.exe /X{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NETGEAR MA111v2 802.11b Wireless USB Adapter --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{81224655-3922-439F-BBFE-51D9D46C6F5D}
NETGEAR WG511 54 Mbps Wireless PC Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B1E5CF8-9170-42A2-A88A-A169FBDD128E}\Setup.exe" -l0x9
OpenOffice.org 2.2 --> MsiExec.exe /I{1F08A8BE-7ACC-4B57-B3AB-C1ED4B19972B}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure --> C:\Program Files\RegCure\uninst.exe
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Media Manager --> MsiExec.exe /X{303379C9-8610-4CCF-AF37-C4BF8998C591}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Smaart 6.0.0 --> "C:\Program Files\Smaart 6\unins000.exe"
Steinberg Cubase LE --> "C:\Program Files\Steinberg\Cubase LE\Uninstall.exe" "C:\Program Files\Steinberg\Cubase LE\Install.log"
SuperSavage and Utilities --> C:\PROGRA~1\S3\SupSavge\s3setvga.exe -s -fC:\PROGRA~1\S3\SupSavge\SupSavge.uns
ThinkPad Configuration --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Uninst.isu" -c"C:\Program Files\ThinkPad\Utilities\tpinst32.dll"
ThinkPad Software Installer --> C:\WINDOWS\_tpiu000.exe /U
Videora iPod Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type2851 / Error
Event Submitted/Written: 07/29/2008 00:57:32 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2850 / Error
Event Submitted/Written: 07/29/2008 00:57:32 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2849 / Error
Event Submitted/Written: 07/29/2008 00:57:32 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2848 / Error
Event Submitted/Written: 07/29/2008 00:57:32 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2847 / Error
Event Submitted/Written: 07/29/2008 00:57:32 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type16348 / Warning
Event Submitted/Written: 07/29/2008 10:16:12 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type16347 / Warning
Event Submitted/Written: 07/29/2008 06:58:20 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type16306 / Error
Event Submitted/Written: 07/28/2008 08:34:02 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The RIP Listener service failed to start due to the following error:

Event Record #/Type16284 / Error
Event Submitted/Written: 07/27/2008 08:50:36 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type16283 / Error
Event Submitted/Written: 07/27/2008 08:50:36 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

-- End of Deckard's System Scanner: finished at 2008-07-29 12:58:11 ------------

Attached Files

BC AdBot (Login to Remove)



#2 harrythook


  • Security Colleague
  • 4,152 posts
  • Gender:Male
  • Location:Philadelphia
  • Local time:10:57 AM

Posted 10 August 2008 - 08:08 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Please include a description of your problem, and any steps you have taken so far.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Veni Vidi Vici

Become a BleepingComputer fan: Facebook

#3 harrythook


  • Security Colleague
  • 4,152 posts
  • Gender:Male
  • Location:Philadelphia
  • Local time:10:57 AM

Posted 17 August 2008 - 07:28 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
All others please read The Preparation Guide before starting your topic.

Veni Vidi Vici

Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users