Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Going Nuts


  • This topic is locked This topic is locked
2 replies to this topic

#1 insanedingo

insanedingo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 06 August 2008 - 06:03 PM

ok so my friend was messing around on my rig, he downloaded a torrent, opened up a exe i never would have allowed, and infected my computer. i can not do a system restore because checks have revealed the virus to be inside the restore partition. i have also tried every mainstream fix, ie i ran avg pro, cleaned up my computer by hand, all that jazz. still nothing. the symtoms im getting are very strange and random cpu crashes, loss of admin rights on my pc, an unusable control panel, loss of use of some of my exes, random .dll runtime erros on start up, super slow performenence, and a totally blue background. start up is also slow and painful. running 64 bit windows vista home premium.

i already ran dss, so here are my logs from it, the first log is the primary log, the second is whatever the other one is called. thanks in advance for any help, and sorry if im not going about this the right way.

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-07 17:34:04
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\wercon.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Doug\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: {920cfa86-65e5-7cea-9b64-f20c4ea36e42} - {24e63ae4-c02f-46b9-aec7-5e5668afc029} - C:\Windows\System32\jbvhwr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {B51F6AC2-EA1D-43D0-8679-9B34CBDB7622} - C:\Windows\System32\ddcBTMgD.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hGVooLCU.dll,#1
O4 - HKLM\..\Run: [lphcpjoj0e7wq] C:\Windows\system32\lphcpjoj0e7wq.exe
O4 - HKLM\..\Run: [73f36f82] rundll32.exe "C:\Windows\system32\uwdpvjyp.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winuoj32.rom,QUTRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 9583 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>

S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-07 16:05:11 0 dr------- C:\Users\Administrator\Searches
2008-08-07 16:04:52 0 dr------- C:\Users\Administrator\Contacts
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\Templates
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\Start Menu
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\SendTo
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\Recent
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\PrintHood
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\NetHood
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\My Documents
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\Local Settings
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\Cookies
2008-08-07 16:04:35 0 d--hs---- C:\Users\Administrator\Application Data
2008-08-07 16:04:33 0 dr------- C:\Users\Administrator\Videos
2008-08-07 16:04:33 0 dr------- C:\Users\Administrator\Saved Games
2008-08-07 16:04:33 0 dr------- C:\Users\Administrator\Pictures
2008-08-07 16:04:33 786432 --ahs---- C:\Users\Administrator\NTUSER.DAT
2008-08-07 16:04:33 0 dr------- C:\Users\Administrator\Music
2008-08-07 16:04:33 0 dr------- C:\Users\Administrator\Links
2008-08-07 16:04:33 0 dr------- C:\Users\Administrator\Favorites
2008-08-07 16:04:33 0 dr------- C:\Users\Administrator\Downloads
2008-08-07 16:04:33 0 dr------- C:\Users\Administrator\Documents
2008-08-07 16:04:33 0 dr------- C:\Users\Administrator\Desktop
2008-08-07 16:04:33 0 d--h----- C:\Users\Administrator\AppData
2008-08-07 13:45:05 95744 --a------ C:\Windows\system32\jbvhwr.dll
2008-08-07 13:45:03 95744 --a------ C:\Windows\system32\luvbrdef.dll
2008-08-07 13:44:37 0 d-------- C:\Windows\system32\drivers\Avg
2008-08-07 13:42:23 80896 --a------ C:\Windows\system32\uwdpvjyp.dll
2008-08-07 11:43:29 0 d--h----- C:\$AVG8.VAULT$
2008-08-07 11:40:04 0 d-------- C:\Program Files\AVG
2008-08-07 11:40:03 0 d-------- C:\Users\All Users\avg8
2008-08-07 11:35:04 1528 --ahs---- C:\Windows\system32\DgMTBcdd.ini2
2008-08-07 11:34:59 246272 --a------ C:\Windows\system32\ddcBTMgD.dll
2008-08-07 11:32:50 0 d-------- C:\Users\All Users\services
2008-08-07 11:30:41 145 --a------ C:\Windows\system32\winver.bat
2008-08-07 11:30:34 0 d-------- C:\Windows\system32\349168
2008-08-07 11:30:30 0 d-------- C:\Users\All Users\Secure Solutions
2008-08-07 11:30:03 60928 --a------ C:\Windows\system32\blphcpjoj0e7wq.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-05 23:37:52 0 d-------- C:\Program Files\Conduit
2008-08-05 23:37:46 0 d-------- C:\Program Files\BitLord
2008-08-05 23:26:52 0 d-------- C:\Users\All Users\FLEXnet
2008-08-05 20:13:31 0 d-------- C:\Users\All Users\ALM
2008-08-05 20:03:40 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-03 16:22:19 0 d-------- C:\Program Files\iPod
2008-08-03 16:22:17 0 d-------- C:\Program Files\iTunes
2008-08-03 16:21:41 0 d-------- C:\Program Files\Bonjour
2008-08-03 16:21:10 0 d-------- C:\Program Files\QuickTime
2008-08-03 16:20:06 0 d-------- C:\Program Files\Apple Software Update
2008-08-03 16:19:19 0 d-------- C:\Program Files\Common Files\Apple
2008-08-03 16:19:18 0 d-------- C:\Users\All Users\Apple
2008-07-26 03:26:56 0 dr------- C:\Users\Doug\Searches
2008-07-22 20:10:30 0 dr------- C:\Users\Doug\Contacts
2008-07-15 18:14:09 0 d-------- C:\Program Files\Power Tab Software


-- Find3M Report ---------------------------------------------------------------

2008-08-07 16:30:00 41983 --a------ C:\Users\Doug\AppData\Roaming\nvModes.001
2008-08-07 16:26:21 41983 --a------ C:\Users\Doug\AppData\Roaming\nvModes.dat
2008-08-07 14:31:31 0 d-------- C:\Users\Doug\AppData\Roaming\ErrorSmart
2008-08-07 13:31:08 0 d-------- C:\Program Files\AIM6
2008-08-07 13:30:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-07 13:30:49 0 d-------- C:\Program Files\HPQ
2008-08-07 13:30:49 0 d-------- C:\Program Files\Hewlett-Packard
2008-08-07 13:30:48 0 d-------- C:\Program Files\HP
2008-08-07 13:30:48 0 d-------- C:\Program Files\Common Files
2008-08-07 13:30:48 0 d-------- C:\Program Files\Common Files\Java
2008-08-07 13:30:46 0 dr------- C:\Program Files\Online Services
2008-08-07 13:30:46 0 d-------- C:\Program Files\AWS
2008-08-07 13:30:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-07 13:30:41 0 d-------- C:\Program Files\CyberLink
2008-08-07 13:30:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-08-07 13:30:40 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-08-07 13:30:39 0 d-------- C:\Program Files\Microsoft.NET
2008-08-07 13:30:36 0 d-------- C:\Program Files\Microsoft Works
2008-08-07 13:30:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-07 13:30:32 0 d-------- C:\Program Files\LimeWire
2008-08-07 13:30:32 0 d-------- C:\Program Files\Common Files\AOL
2008-08-07 13:30:02 0 d-------- C:\Program Files\Windows Sidebar
2008-08-07 13:30:02 0 d-------- C:\Program Files\Windows Photo Gallery
2008-08-07 13:30:02 0 d-------- C:\Program Files\Windows NT
2008-08-07 13:30:02 0 d-------- C:\Program Files\Windows Mail
2008-08-07 13:30:02 0 d-------- C:\Program Files\Windows Journal
2008-08-07 13:30:02 0 d-------- C:\Program Files\Windows Defender
2008-08-07 13:30:02 0 d-------- C:\Program Files\Windows Calendar
2008-08-07 13:30:02 0 d-------- C:\Program Files\Reference Assemblies
2008-08-07 13:30:02 0 d-------- C:\Program Files\MSBuild
2008-08-07 13:30:02 0 d-------- C:\Program Files\Movie Maker
2008-08-07 13:30:02 0 d-------- C:\Program Files\Microsoft Games
2008-08-07 13:30:02 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-08-07 13:29:55 0 d-------- C:\Program Files\NetWaiting
2008-08-07 13:29:55 0 d-------- C:\Program Files\Atheros
2008-08-07 13:29:54 0 d-------- C:\Program Files\CONEXANT
2008-08-07 13:29:52 0 d-------- C:\Program Files\Electronic Arts
2008-08-07 10:56:29 0 d-------- C:\Users\Doug\AppData\Roaming\Adobe
2008-08-06 11:51:52 34 --a------ C:\Program Files\tiger.txt
2008-08-06 11:33:24 69 --a------ C:\Program Files\nero 8 ultimate serial number.txt
2008-08-05 23:17:42 7999 --a------ C:\Program Files\ai intelligence.txt
2008-08-05 17:48:17 0 d-------- C:\Users\Doug\AppData\Roaming\Download Manager
2008-08-02 01:29:45 15640 --a------ C:\Program Files\H#4.txt
2008-07-24 22:43:24 43 --a------ C:\Program Files\desktop specs.txt
2008-07-24 21:30:56 0 d-------- C:\Program Files\DivX
2008-07-24 21:30:49 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-07-23 19:24:20 6 --a------ C:\Program Files\bmi.txt
2008-07-18 03:55:59 0 d-------- C:\Users\Doug\AppData\Roaming\LimeWire
2008-07-18 01:06:21 0 d-------- C:\Users\Doug\AppData\Roaming\Apple Computer
2008-06-28 01:34:09 0 d-------- C:\Users\Doug\AppData\Roaming\acccore
2008-06-26 03:01:30 0 d-------- C:\Program Files\MSXML 4.0
2008-06-26 01:53:13 0 d-------- C:\Users\Doug\AppData\Roaming\DivX
2008-06-25 14:59:53 0 d-------- C:\Users\Doug\AppData\Roaming\WinRAR
2008-06-25 14:50:47 0 --a------ C:\Windows\nsreg.dat
2008-06-25 14:50:47 0 d-------- C:\Users\Doug\AppData\Roaming\Mozilla
2008-06-25 14:28:32 0 d-------- C:\Program Files\Yahoo!
2008-06-25 14:27:28 0 d-------- C:\Program Files\Sling Media
2008-06-25 14:19:51 0 d-------- C:\Users\Doug\AppData\Roaming\Yahoo!
2008-06-24 23:05:16 0 d-------- C:\Users\Doug\AppData\Roaming\Hewlett-Packard
2008-06-24 23:04:36 0 d-------- C:\Users\Doug\AppData\Roaming\Symantec
2008-06-24 23:03:45 0 d-------- C:\Users\Doug\AppData\Roaming\Identities
2008-06-24 23:03:31 81 --a------ C:\Windows\system32\LOG
2008-06-24 23:03:12 0 d-------- C:\Users\Doug\AppData\Roaming\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24e63ae4-c02f-46b9-aec7-5e5668afc029}]
08/07/2008 01:45 PM 95744 --a------ C:\Windows\system32\jbvhwr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B51F6AC2-EA1D-43D0-8679-9B34CBDB7622}]
08/07/2008 11:35 AM 246272 --a------ C:\Windows\system32\ddcBTMgD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
08/31/2007 11:32 AM 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [09/19/2007 01:05 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/19/2007 01:05 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [09/19/2007 01:05 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 04:31 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [09/19/2007 02:31 PM]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [09/04/2007 01:54 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/20/2008 07:23 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [09/13/2007 08:47 AM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/08/2007 03:53 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/22/2008 08:42 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM]
"MSServer"="C:\Windows\system32\hGVooLCU.dll" []
"lphcpjoj0e7wq"="C:\Windows\system32\lphcpjoj0e7wq.exe" [11/02/2006 02:45 AM]
"73f36f82"="C:\Windows\system32\uwdpvjyp.dll" [08/07/2008 01:42 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08/07/2008 01:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [07/13/2007 07:36 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/20/2008 07:25 PM]
"MSSMSGS"="winuoj32.rom,QUTRun" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9}"= C:\Windows\system32\hGVooLCU.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\ddcBTMgD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
rsmsvcs ntmssvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b247ba-607a-11dd-b33a-001e6852a62d}]
AutoRun\command- setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-07 17:36:53 ------------


here is the other log


-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 3006.18 MiB / 1817.17 MiB
Pagefile Memory (total/avail): 6248.88 MiB / 4965.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.07 MiB

C: is Fixed (NTFS) - 100.1 GiB total, 68.57 GiB free.
D: is Fixed (NTFS) - 11.69 GiB total, 1.99 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HM121HI ATA Device - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 100.1 GiB - C:
\PARTITION1 - Installable File System - 11.69 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: AVG Firewall v8.0 (AVG Technologies CZ, s.r.o.)
AV: AVG Internet Security v8.0 (AVG Technologies)
AS: AVG Internet Security v8.0 (AVG Technologies) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Windows\\system32\\winver.exe"="C:\\Windows\\system32\\winver.exe:*:Enabled:winver"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Doug\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DOUG-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Doug
LOCALAPPDATA=C:\Users\Doug\AppData\Local
LOGONSERVER=\\DOUG-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Doug\AppData\Local\Temp
TMP=C:\Users\Doug\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=Doug-PC
USERNAME=Doug
USERPART=E:
USERPROFILE=C:\Users\Doug
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Doug (admin)
Administrator (new local, admin, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player --> MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) --> C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support --> MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Quick Launch Buttons 6.30 E1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickTouch 1.00 C4 --> MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Smart Web Printing --> msiexec /i{082F8ABA-84D5-4837-9DFC-F365D91A07D4}
HP Update --> MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HP User Guides 0087 --> MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant --> MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Power2Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims™ Life Stories --> MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
Update for Office 2007 (KB934528) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WeatherBug Gadget --> MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1250 / Error
Event Submitted/Written: 08/07/2008 05:31:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program DSS.EXE version 3.2.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 6a8
Start Time: 01c8f8edd81e7d5a
Termination Time: 0

Event Record #/Type1248 / Error
Event Submitted/Written: 08/07/2008 05:16:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program dss.exe version 3.2.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 80c
Start Time: 01c8f8eba2eee5ea
Termination Time: 0

Event Record #/Type1246 / Error
Event Submitted/Written: 08/07/2008 05:13:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program dss.exe version 3.2.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1620
Start Time: 01c8f8eb640b903a
Termination Time: 0

Event Record #/Type1243 / Error
Event Submitted/Written: 08/07/2008 04:40:01 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.9.0.3105, time stamp 0x486bac70, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x70574618,
process id 0x14b4, application start time 0xfirefox.exe0.

Event Record #/Type1242 / Error
Event Submitted/Written: 08/07/2008 04:32:03 PM
Event ID/Source: 3013 / Windows Search Service
Event Description:
The entry <C:\USERS\DOUG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YOTRZNTA.DEFAULT\CACHE.TRASH\TRASH\CACHE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16200 / Warning
Event Submitted/Written: 08/07/2008 05:35:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Doug-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Doug-PC27 can't undo changes that you allow.

For more information please see the following:
%Doug-PC275

Scan ID: {34A5A47C-8109-4720-8A72-75AA24232B9D}

User: Doug-PC\Administrator

Name: %Doug-PC271

ID: %Doug-PC272

Severity ID: %Doug-PC273

Category ID: %Doug-PC274

Path Found: %Doug-PC276

Alert Type: %Doug-PC278

Detection Type: 1.1.1600.02

Event Record #/Type16199 / Warning
Event Submitted/Written: 08/07/2008 05:35:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Doug-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Doug-PC27 can't undo changes that you allow.

For more information please see the following:
%Doug-PC275

Scan ID: {E1D8F537-EF21-4881-BD03-E9B941360C8D}

User: Doug-PC\Doug

Name: %Doug-PC271

ID: %Doug-PC272

Severity ID: %Doug-PC273

Category ID: %Doug-PC274

Path Found: %Doug-PC276

Alert Type: %Doug-PC278

Detection Type: 1.1.1600.02

Event Record #/Type16198 / Warning
Event Submitted/Written: 08/07/2008 05:35:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Doug-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Doug-PC27 can't undo changes that you allow.

For more information please see the following:
%Doug-PC275

Scan ID: {76B6FDDC-D42E-4E08-83CA-83B2D73E3443}

User: Doug-PC\Doug

Name: %Doug-PC271

ID: %Doug-PC272

Severity ID: %Doug-PC273

Category ID: %Doug-PC274

Path Found: %Doug-PC276

Alert Type: %Doug-PC278

Detection Type: 1.1.1600.02

Event Record #/Type16197 / Warning
Event Submitted/Written: 08/07/2008 05:35:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Doug-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Doug-PC27 can't undo changes that you allow.

For more information please see the following:
%Doug-PC275

Scan ID: {655D08F7-D1B2-489D-9ABB-6D04558C9E04}

User: Doug-PC\Doug

Name: %Doug-PC271

ID: %Doug-PC272

Severity ID: %Doug-PC273

Category ID: %Doug-PC274

Path Found: %Doug-PC276

Alert Type: %Doug-PC278

Detection Type: 1.1.1600.02

Event Record #/Type16196 / Warning
Event Submitted/Written: 08/07/2008 05:35:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Doug-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Doug-PC27 can't undo changes that you allow.

For more information please see the following:
%Doug-PC275

Scan ID: {034567EF-AE34-4003-8720-7A16393731EA}

User: Doug-PC\Administrator

Name: %Doug-PC271

ID: %Doug-PC272

Severity ID: %Doug-PC273

Category ID: %Doug-PC274

Path Found: %Doug-PC276

Alert Type: %Doug-PC278

Detection Type: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-08-07 17:36:53 ------------

BC AdBot (Login to Remove)

 


m

#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:05 AM

Posted 19 August 2008 - 12:59 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:05 AM

Posted 24 August 2008 - 05:18 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users