Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gzmrotate.dll Error On Startup.


  • This topic is locked This topic is locked
26 replies to this topic

#1 mikballs

mikballs

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Aus
  • Local time:04:35 PM

Posted 07 August 2008 - 07:05 AM

everytime I log into windows I get this error:

Rundll Error Loading C:\windows\ System32\gzmrotate.dll

and from my research i also suspect that these files might be causing problems-
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll


And I'm not sure what to do, i have researched it and i know that it has something to do with internet explorer, but its making it run really slow..

How do i fix this?

Here is a log created by HJT:


Attached File  hijackthis.log   17.8KB   29 downloads

Edited by mikballs, 07 August 2008 - 06:42 PM.


BC AdBot (Login to Remove)

 


#2 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 11 August 2008 - 12:56 PM

Hello mikballs, and welcome to BleepingComputer.com! I will be handling your log to help you get cleaned up.

Please take note of the following:
  • I will start working on your malware issues, this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clean. Just because a symptom disappears does not mean your system is clean.
  • Please set aside enough time to complete all the steps in each post and follow the instructions in the order stated.
  • Please don't run any extra scans or fix programs not requested by me as it could change the results in the reports I request.
  • If there's anything that you don't understand, stop and ask your question(s) before proceeding with the fixes.
  • If you have circumstances that you are aware of that will delay your response, then please let me know. This is to ensure that your topic remains open and I don't close it to start a new post.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks,

htv8
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#3 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 11 August 2008 - 06:13 PM

Hello there mikballs.

Prior to fixing anything, I need some more information about the infected system. Please perform the instructions below and then post the logs back here. :thumbsup:
When posting your logs, please post them directly into the reply. Please do NOT attach logs unless specifically requested.



We need to create a Deckard's System Scanner (DSS) log.

Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.
(1) Download Deckard's System Scanner (dss.exe)
(2) Download Deckard's System Scanner (dss.exe)

DSS will do the following:

  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your Desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer Yes.
You must be logged onto an account with administrator privileges when using Deckard's System Scanner.

To run the program:
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on dss.exe to run DSS, and follow the prompts.
  • If your antivirus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open in Notepad (if not, they both can be found in the C:\Deckard\System Scanner folder):
  • main.txt <- will be maximized
  • extra.txt <- will be minimized;
please copy (Ctrl + A then Ctrl + C) and paste (Ctrl + V) the entire contents of main.txt and the extra.txt in your next reply (if necessary, use several posts to include everything).
NOTES:
** When running DSS, some firewalls may warn that it is trying to access the Internet (especially if your asked to download the most current version of HijackThis); please ensure that DSS is given permission to access the Internet. **
** If you get a warning from your antivirus while DSS is scanning, please allow DSS to continue as the scan is not harmful. **


Edited by htv8, 11 August 2008 - 06:17 PM.
typo

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#4 mikballs

mikballs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Aus
  • Local time:04:35 PM

Posted 12 August 2008 - 04:28 AM

PS i've managed to get rid of some spyware and stuff, but comp is still running extremely slow when it comes to internet.
Please help xD
and thankyou for help so far =]




Deckard's System Scanner v20071014.68
Run by Mikki on 2008-08-12 19:02:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-08-12 09:02:20 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-08-10 09:57:30 UTC - RP2 - Removed PC Suite for Nokia N-Gage
1: 2008-08-10 09:26:54 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mikki.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:40 PM, on 12/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Mikki\Desktop\CLEANCOMP\dss.exe
C:\DOCUME~1\Mikki\Desktop\CLEANC~1\Mikki.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Dictionary.com BHO - {14998b0b-2671-4adb-a005-dde2fb18eb35} - mscoree.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Dictionary.com - {bf2aa568-0085-423c-ba01-69b6705a9a96} - mscoree.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search In &All Reference - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\all_reference.htm
O8 - Extra context menu item: Search In &Dictionary - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\dictionary.htm
O8 - Extra context menu item: Search In &Encyclopedia - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\encyclopedia.htm
O8 - Extra context menu item: Search In &Thesaurus - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\thesaurus.htm
O8 - Extra context menu item: Search In &Web - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\web.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174648032640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://trx.centricom.com.au/ewcustomer/POLiPayOnline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 15378 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Mikki\Desktop\CLEANC~1\backups\) ------

backup-20080809-211547-312 O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll (file missing)
backup-20080809-211547-395 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080809-211547-487 O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 ET5Drv - c:\windows\system32\drivers\et5drv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R3 MarkFun_NT - c:\program files\gigabyte\et5\markfun.w32 <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 gdrv - c:\windows\gdrv.sys
S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 wanusb (D-Link DSL-200 USB ADSL Modem(WAN)) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata WAN ADSL USB Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S3 bpcService (BigPond Broadband Cable Login) - "c:\program files\telstra\cable login\bpcservice.exe"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-12 18:53:26 448 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-08-12 16:37:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-12 16:33:03 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-08-11 21:16:17 362 --a------ C:\WINDOWS\Tasks\XoftSpySE.job


-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-08-11 22:14:46 0 d-------- C:\Program Files\a-squared HiJackFree
2008-08-11 21:16:30 0 d-------- C:\Program Files\Advanced Spyware Remover
2008-08-11 21:15:54 0 d-------- C:\Program Files\XoftSpySE
2008-08-07 19:15:37 0 dr-h----- C:\Documents and Settings\Wendy\Recent
2008-08-07 19:10:25 0 dr-h----- C:\Documents and Settings\Henry\Recent
2008-08-07 19:04:30 0 dr-h----- C:\Documents and Settings\Mikki\Recent
2008-08-07 19:01:40 0 d-------- C:\Program Files\CCleaner
2008-08-05 16:44:03 0 d-------- C:\Documents and Settings\Henry\Application Data\Real
2008-08-02 22:59:50 0 d-------- C:\Multimedia Files
2008-08-02 22:30:02 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-02 14:35:30 0 d-------- C:\Program Files\Common Files\xing shared
2008-08-02 11:40:44 0 d-------- C:\Program Files\Warcraft III
2008-07-31 22:20:01 0 d-------- C:\Program Files\Windows Resource Kits
2008-07-24 15:36:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-07-22 17:32:30 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-08-10 19:57:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-10 19:25:47 0 d-------- C:\Program Files\Yahoo!
2008-08-10 19:25:42 0 d-------- C:\Program Files\Common Files
2008-08-09 23:22:22 0 d-------- C:\Documents and Settings\Mikki\Application Data\Hamachi
2008-08-09 01:11:27 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-08-02 22:18:02 0 d-------- C:\Program Files\Java
2008-08-02 14:36:44 0 d-------- C:\Documents and Settings\Mikki\Application Data\Real
2008-08-02 14:35:24 0 d-------- C:\Program Files\Common Files\Real
2008-07-24 15:37:07 0 d-------- C:\Program Files\Google
2008-07-02 23:30:05 0 d-------- C:\Program Files\FinePixViewer
2008-06-30 18:57:52 0 d-------- C:\Program Files\Real
2008-06-19 18:13:08 0 d-------- C:\Program Files\Flickr Uploadr
2008-06-19 18:13:00 0 d-------- C:\Documents and Settings\Mikki\Application Data\Flickr
2008-06-17 11:34:11 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-17 11:33:44 0 d-------- C:\Program Files\Windows Live Favorites
2008-06-17 11:25:12 0 d-------- C:\Program Files\Windows Live
2008-06-17 11:24:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-10 17:09:46 128 --a------ C:\WINDOWS\system32\dictionary_bho.reg


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14998b0b-2671-4adb-a005-dde2fb18eb35}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 08:15 PM]
"SoundMan"="SOUNDMAN.EXE" [23/02/2005 08:13 PM C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/09/2003 08:10 PM]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [21/01/2005 06:04 PM]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [21/01/2005 06:04 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/05/2004 03:18 PM]
"DXDllRegExe"="dxdllreg.exe" []
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [14/06/2004 10:54 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [05/12/2005 05:04 PM]
"ServiceLayer"="C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe" [16/10/2002 07:43 AM]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [22/10/2002 07:52 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" []
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" []
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [15/09/2003 09:00 PM]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [03/10/2006 09:16 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [16/02/2005 11:11 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [29/12/2006 04:52 PM]
"BigPondCable"="C:\Program Files\Telstra\Cable Login\bpcable.exe" [03/07/2006 12:21 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 10:32 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [09/06/2007 12:59 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/08/2008 02:35 PM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [26/02/2005 10:28 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 02:24 AM]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [03/10/2006 09:16 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 01:39 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 08:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [13/10/2007 2:11:08 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1/03/2008 10:10:55 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 4:19:24 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 12:01:04 AM]
NETGEAR Smart Wizard.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [21/07/2007 9:36:30 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1
"NoAdminPage"=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32]
wincqt32.dll

*Newly Created Service* - MARKFUN_NT



-- End of Deckard's System Scanner: finished at 2008-08-12 19:07:32 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 1023.48 MiB / 465.91 MiB
Pagefile Memory (total/avail): 1692.64 MiB / 1245.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.88 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 107.02 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160812A - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1132 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Warcraft 3\\war3.exe"="C:\\Program Files\\Warcraft 3\\war3.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\\Program Files\\Gigabyte\\ET5\\update.exe"="C:\\Program Files\\Gigabyte\\ET5\\update.exe:*:Enabled:ftptest"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mikki\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LARRY-F79FD144F
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mikki
ITEMID=dj-22741-15
LANG=3081
LOGONSERVER=\\LARRY-F79FD144F
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
OSVER=winXPH
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONID=1157637587759htx6060.cce.hp.com171570:10d8893844f:-31af
SESSIONNAME=Console
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mikki\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Mikki\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Mikki\LOCALS~1\Temp\rad975F0.tmp
USERDOMAIN=LARRY-F79FD144F
USERNAME=Mikki
USERPROFILE=C:\Documents and Settings\Mikki
VERSION=3.0.5.001
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Larry Carter (admin)
Mikki (admin)
Henry (admin)
Wendy (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared HiJackFree 3.1 --> "C:\Program Files\a-squared HiJackFree\unins000.exe"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Spyware Remover Free Edition --> "C:\Program Files\Advanced Spyware Remover\unins000.exe"
All Sound Recorder XP 2.15 --> "C:\Program Files\All Sound Recorder XP\unins000.exe"
Any Video Converter 2.1.0 --> "C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BA Installer --> MsiExec.exe /I{EDA0FFC5-7964-4E2F-9014-693F04695933}
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BigPond Broadband Cable Login --> MsiExec.exe /I{BCE5A33D-A808-492A-9B5C-DCAFCFF24D27}
BigPond Broadband Cable Self Install Kit --> MsiExec.exe /I{F6A39BCA-8C6C-4BAA-BE1D-1C3E784ADB95}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon EOS 5D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot S45 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{938DB54D-B302-4594-A782-32219F1734AB}
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities Digital Photo Professional 3.3 --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities File Viewer Utility 1.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
Canon Utilities MyCamera --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities Original Data Security Tools --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
Canon Utilities RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities WFT-E1/E2/E3 Utility --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
D-Link DSL-200 ADSL Modem --> C:\Program Files\D-Link\DSL-200\uninstall.exe
Dictionary.com Toolbar --> MsiExec.exe /I{075FBB1B-B803-4C31-B54C-ADDC6AE2845B}
DivX Media Codec 4.2.1 --> C:\WINDOWS\system32\uninstdivx.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD X Player Professional 2.0 --> "C:\Program Files\DVD X Player Professional\unins000.exe"
EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
Elecard DVD Player --> "C:\Program Files\Elecard\Elecard DVD Player 1.0\Uninstall.exe" "C:\Program Files\Elecard\Elecard DVD Player 1.0\install.log"
FinePix Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource --> C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.3 --> C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Flickr Uploadr 3.0.5 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Hamachi 1.0.1.3 --> C:\Program Files\Hamachi\uninstall.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Mikki\Desktop\CLEANCOMP\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Unload DLL Patch --> MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
HyperSnap 6 --> C:\Program Files\HyperSnap 6\HprUnInst.exe
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
iriver plus 3 (remove only) --> "C:\Program Files\iriver\iriver plus 3\uninstall.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft GIF Animator --> C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MOVAVI Suite Edition 2.0 --> C:\Program Files\MOVAVI Suite Edition 2.0\uninst.exe
MP3 Player --> MsiExec.exe /I{EA470D3B-058E-4772-B020-3C8C1F652A2E}
Nero PhotoShow Express --> "C:\Program Files\Nero\data\Xtras\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NETGEAR WG511v2 wireless PC card --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B93D24B3-928D-4805-B379-4AA47CB3794E}
ninemsn Internet Software --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nokia PC Connectivity SDK 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D2BAD7A0-610B-4691-A054-D8A9F15FF708}
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RaidApplication --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8454 / Success
Event Submitted/Written: 08/12/2008 06:54:39 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8447 / Error
Event Submitted/Written: 08/12/2008 04:05:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8441 / Error
Event Submitted/Written: 08/12/2008 03:43:17 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.

Event Record #/Type8439 / Warning
Event Submitted/Written: 08/12/2008 03:42:15 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync' failed during request for component '{25AE009D-012F-4A42-A341-259F0FB629A0}'

Event Record #/Type8438 / Warning
Event Submitted/Written: 08/12/2008 03:42:15 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync', component '{13611E77-B9F9-43C7-85A6-1CB12FD67A1D}' failed. The resource 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows CE Services\Defname' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35474 / Error
Event Submitted/Written: 08/09/2008 09:24:27 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6B0A4380-D2E6-4408-9315-24C6B35E1E75}.
The backup browser is stopping.

Event Record #/Type35473 / Warning
Event Submitted/Written: 08/09/2008 09:22:06 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\ADMINISTRATOR on the network \Device\NetBT_Tcpip_{6B0A4380-D2E6-4408-9315-24C6B35E1E75}.
The data is the error code.

Event Record #/Type35412 / Warning
Event Submitted/Written: 08/09/2008 02:42:25 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35363 / Error
Event Submitted/Written: 08/08/2008 10:01:49 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6B0A4380-D2E6-4408-9315-24C6B35E1E75}.
The backup browser is stopping.

Event Record #/Type35362 / Warning
Event Submitted/Written: 08/08/2008 09:59:31 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\ADMINISTRATOR on the network \Device\NetBT_Tcpip_{6B0A4380-D2E6-4408-9315-24C6B35E1E75}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-08-12 19:07:32 ------------

#5 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 12 August 2008 - 04:10 PM

Hello, mikballs.

#1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1
"NoAdminPage"=1
Are you aware of these policies restrictions for the current user? In other words: Have you possibly set these yourself or has an administrator set these for you?
The above policies restrictions respectively indicate that registry editing has been disabled (for current user) and that the current user is stopped from being able to access the remote administration page in control panel.

#2
I am probably right to say that you have had any Norton/Symantec product(s) previously installed on your computer, and that you have attempted to uninstall it/them? If that's indeed the case, please follow these steps in order to completely get rid of Norton/Symantec as your uninstall list shows that not all Norton products are completely removed from your computer:
  • Click Start on the taskbar, then click on the Control Panel icon.
  • Double-click the Add or Remove Programs icon.
    • A list of programs installed will be "populated"; this may take a bit of time.
  • Uninstall LiveUpdate 3.0 (Symantec Corporation) by clicking the entry and selecting the Remove (or Change/Remove) button.
  • Download and run the Norton Removal Tool after uninstallation in order to completely remove all Norton products from your computer.
    Download Norton Removal Tool


Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


Posted ImageYour computer was or is still infected with a backdoor trojan. Posted Image Such a piece of malware allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to immediately disconnect this PC from the Internet and from your network if it is on a network. Disconnect the infected computer from the Internet until the computer can be cleaned. Then, access this information from a non-compromised computer to follow the steps needed.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. To protect your information that may have been compromised, I recommend reading this reference: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?. Please do NOT use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.


Though the backdoor has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and reinstall of the OS. For more information, please read this reference: When should I re-format? How should I reinstall?.

We can still clean this machine but I cannot guarantee that it will be 100% secure even after disinfection. I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so. Should you have any questions, please feel free to ask.

You have a peer-to-peer program installed.

Your log shows that you are using a so called peer-to-peer or file sharing program (in your case LimeWire 4.16.6). Programs like this one allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File Sharing, otherwise known as Peer To Peer. (P2P) and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.
Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as OpenOffice.

Step #1: Uninstallations
Older version Java components have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove all older version Java components from your system and keep the latest version:
  • Click Start on the taskbar, then click on the Control Panel icon.
  • Double-click the Add or Remove Programs icon.
    • A list of programs installed will be "populated"; this may take a bit of time.
  • Uninstall the following programs by clicking on the following entries and selecting Remove (or Change/Remove):
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ SE Runtime Environment 6 Update 1
You have Advanced Spyware Remover installed on your computer.

Advanced Spyware Remover was listed on The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites because of concerns with false positives. Testing with the latest version of Advanced Spyware Remover indicates that the problems with earlier versions have been satisfactorily resolved. Thus, Advanced Spyware Remover can no longer be considered to be "rogue/suspect" anti-spyware. However, since the program was on the list I recommend to uninstall it and use programs from the trustworthy list which can be viewed on the same page. If you agree, uninstall Advanced Spyware Remover Free Edition from Add or Remove Programs as well.

You have XoftSpySE installed on your computer.

XoftSpy has also been delisted from The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites, but since the program was on it I recommend to uninstall it and use programs from the trustworthy list which can be viewed on the same page. If you agree, uninstall XoftSpySE from Add or Remove Programs as well.

You have Limewire installed on your computer.

As I said already: Aside from the obvious legal issues, file sharing is one of the primary ways through which people become infected with malware. Anytime you are running any type of P2P application, you are more prone to infection. Therefore I suggest to remove Limewire. If you agree, uninstall LimeWire 4.16.6 from Add or Remove Programs as well.
If you do not want to uninstall the program, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

Step #2: Restoring fixed HijackThis entry
We need to restore a HijackThis backup with HijackThis:
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Run HijackThis.
  • Click on the View the list of backups button. (If you don't see this button, click the Config... button and then the Backups button on top to go to the Backups section.)
  • Place a checkmark next to the backup entry in that window that looks like the following:
    8/9/2008, 9:15:47 PM: O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
  • Click Restore, then click Yes.
  • IMPORTANT: Reboot your computer.

More information can be found here.

Step #3: Haxfix
Download and run HaxFix:
  • Download HaxFix.
    Download HaxFix (haxfix.exe).
  • Save it to your Desktop.
  • Double-click on haxfix.exe to install HaxFix (standard installation path is C:\Program Files\haxfix).
  • Checkmark "Create a desktop icon". Click Next.
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.
  • Click Finish.
    • A red DOS window (DOS box) will open.
  • Select option 1. Make logfile by typing 1 and then pressing Enter.Haxfix will start scanning the computer. When it is finished a log file will open.
  • Copy the entire contents of that logfile and paste them into this thread.
Step #4: OTMoveIt2
We need to run OTMoveIt2 with a specified script:
  • Please download the OTMoveIt2 by OldTimer.
    Download OTMoveIt2 (OTMoveIt2.exe)
  • Save it to your Desktop.
  • Double-click OTMoveIt2.exe to run it. (NOTE: ** If using Windows Vista, right-click the file and choose "Run as administrator". **)
  • Copy the lines in the CODE box below to the clipboard by highlighting ALL of them and pressing Ctrl + C (or, after highlighting, right-click and choose Copy):
    C:\WINDOWS\system32\wincqt32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14998b0b-2671-4adb-a005-dde2fb18eb35}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{bf2aa568-0085-423c-ba01-69b6705a9a96}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DXDllRegExe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\eTrustPPAP
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinPatrol
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\URLLSTCK.exe
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32
    Pcouffin <delete service>
    WARNING: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Return to OTMoveIt2, right-click in the Paste List Of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL contents and pressing Ctrl + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply.
  • Close OTMoveIt2.
NOTE: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open..., in the "File name:" box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Step #5
Only if you uninstalled XoftSpySE as recommended, please delete the files and folder below (if present) using My Computer or Windows Explorer (to get there, press Windows KEY + E):
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job
C:\Program Files\XoftSpySE <-- this folder

Only if you uninstalled Advanced Spyware Remover Free Edition as recommended, please delete the folder below (if present) using My Computer or Windows Explorer:
C:\Program Files\Advanced Spyware Remover <-- this folder

Only if you uninstalled Limewire 4.16.6 as recommended, please delete the folder below (if present) using My Computer or Windows Explorer:
C:\Program Files\LimeWire <-- this folder


Step #6: Deckard's System Scanner (DSS)
Please run Deckard's System Scanner again, this time using the /config switch:
(In the event you lost your copy of DSS, download a new one from one of the links below and save to your Desktop.
(1) Download Deckard's System Scanner (dss.exe)
(2) Download Deckard's System Scanner (dss.exe))
  • Click on Start, click on Run....
    • This will bring up the Run box.
  • Copy and paste the entire contents inside the CODE box below in the Open: field:
    "%userprofile%\Desktop\dss.exe" /config
  • Close all other open windows.
  • Click OK.This will open up DSS configuration.
  • Click on Check All.
  • Click Scan!.DSS will now run again.
  • When the scan is complete, two text files will open in Notepad (if not, they both can be found in the C:\Deckard\System Scanner folder):
    • main.txt <- will be maximized
    • extra.txt <- will be minimized;
    please copy (Ctrl + A then Ctrl + C) and paste (Ctrl + V) the entire contents of main.txt and the extra.txt in your next reply.


So in your next reply, please include the following:
  • the HaxFix's log
  • OTMoveIt2's log
  • DSS's main.txt log
  • DSS's extra.txt log
NOTE: Use several posts if necessary to include everything in the requested logs.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#6 mikballs

mikballs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Aus
  • Local time:04:35 PM

Posted 13 August 2008 - 02:21 AM

HAXFIX logfile - by Marckie

version 5.01.2
Wed 13/08/2008 17:00:36.14
running from C:\HaxFix

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
Aspi32

checking for matching safeboot services
no matching safeboot services found


--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking iexplore.exe
iexplore.exe is not infected


--- Checking for other Goldun and Haxdoor files ---
no other Haxdoor or Goldun files found


--- Catchme logfile - thank you Gmer ---

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 17:00:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 28


--- Analysing Catchme logfile ---

no matching regkeys found


Finished!


---------------------------------------------------------------------------------------------

File/Folder C:\WINDOWS\system32\wincqt32.dll not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14998b0b-2671-4adb-a005-dde2fb18eb35} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14998b0b-2671-4adb-a005-dde2fb18eb35}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{bf2aa568-0085-423c-ba01-69b6705a9a96} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{bf2aa568-0085-423c-ba01-69b6705a9a96} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf2aa568-0085-423c-ba01-69b6705a9a96}\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DXDllRegExe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DXDllRegExe deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\eTrustPPAP >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\eTrustPPAP deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinPatrol >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinPatrol deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\URLLSTCK.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\URLLSTCK.exe deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32\\ deleted successfully.
Pcouffin service deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08132008_171028

______________________________________________________________________________________________________________________________

Deckard's System Scanner v20071014.68
Run by Mikki on 2008-08-13 17:17:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-08-13 07:17:09 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2008-08-13 06:48:01 UTC - RP10 - Removed Java™ SE Runtime Environment 6 Update 1
9: 2008-08-13 06:47:20 UTC - RP9 - Removed Java™ 6 Update 5
8: 2008-08-13 06:46:38 UTC - RP8 - Removed Java™ 6 Update 3
7: 2008-08-13 06:45:56 UTC - RP7 - Removed Java™ 6 Update 2


-- First Restore Point --
1: 2008-08-10 09:26:54 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Mikki.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:11 PM, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Mikki\Desktop\dss.exe
C:\DOCUME~1\Mikki\Desktop\CLEANC~1\Mikki.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search In &All Reference - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\all_reference.htm
O8 - Extra context menu item: Search In &Dictionary - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\dictionary.htm
O8 - Extra context menu item: Search In &Encyclopedia - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\encyclopedia.htm
O8 - Extra context menu item: Search In &Thesaurus - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\thesaurus.htm
O8 - Extra context menu item: Search In &Web - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\web.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174648032640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://trx.centricom.com.au/ewcustomer/POLiPayOnline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 14674 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Mikki\Desktop\CLEANC~1\backups\) ------

backup-20080809-211547-312 O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll (file missing)
backup-20080809-211547-395 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 ET5Drv - c:\windows\system32\drivers\et5drv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R3 MarkFun_NT - c:\program files\gigabyte\et5\markfun.w32 <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 gdrv - c:\windows\gdrv.sys
S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
S3 wanusb (D-Link DSL-200 USB ADSL Modem(WAN)) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata WAN ADSL USB Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S3 bpcService (BigPond Broadband Cable Login) - "c:\program files\telstra\cable login\bpcservice.exe"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 2336)
2003-09-15 21:00:00 180224 --a------ C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. HydraVision Desktop Manager>
2005-04-04 12:06:02 1515520 -----n--- C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll <Not Verified; Nero AG; Nero Digital Tools>
2006-06-26 02:06:50 166912 --a------ C:\Program Files\WinAce\arcext.dll <Not Verified; e-merge GmbH; WinAce-Archiver>
2006-06-26 02:06:50 235008 --a------ C:\Program Files\WinAce\acev2.dll <Not Verified; ACE Compression Software; WinAce>


-- Scheduled Tasks -------------------------------------------------------------

2008-08-13 16:33:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-08-12 16:37:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-13 16:59:59 0 d-------- C:\HaxFix
2008-08-11 22:14:46 0 d-------- C:\Program Files\a-squared HiJackFree
2008-08-07 19:15:37 0 dr-h----- C:\Documents and Settings\Wendy\Recent
2008-08-07 19:10:25 0 dr-h----- C:\Documents and Settings\Henry\Recent
2008-08-07 19:04:30 0 dr-h----- C:\Documents and Settings\Mikki\Recent
2008-08-07 19:01:40 0 d-------- C:\Program Files\CCleaner
2008-08-05 16:44:03 0 d-------- C:\Documents and Settings\Henry\Application Data\Real
2008-08-02 22:59:50 0 d-------- C:\Multimedia Files
2008-08-02 22:30:02 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-02 14:35:30 0 d-------- C:\Program Files\Common Files\xing shared
2008-08-02 11:40:44 0 d-------- C:\Program Files\Warcraft III
2008-07-31 22:20:01 0 d-------- C:\Program Files\Windows Resource Kits
2008-07-24 15:36:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-07-22 17:32:30 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-08-13 16:48:09 0 d-------- C:\Program Files\Java
2008-08-13 16:34:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-10 19:57:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-10 19:25:47 0 d-------- C:\Program Files\Yahoo!
2008-08-10 19:25:42 0 d-------- C:\Program Files\Common Files
2008-08-09 23:22:22 0 d-------- C:\Documents and Settings\Mikki\Application Data\Hamachi
2008-08-09 01:11:27 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-08-02 14:36:44 0 d-------- C:\Documents and Settings\Mikki\Application Data\Real
2008-08-02 14:35:24 0 d-------- C:\Program Files\Common Files\Real
2008-07-24 15:37:07 0 d-------- C:\Program Files\Google
2008-07-02 23:30:05 0 d-------- C:\Program Files\FinePixViewer
2008-06-30 18:57:52 0 d-------- C:\Program Files\Real
2008-06-19 18:13:08 0 d-------- C:\Program Files\Flickr Uploadr
2008-06-19 18:13:00 0 d-------- C:\Documents and Settings\Mikki\Application Data\Flickr
2008-06-17 11:34:11 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-17 11:33:44 0 d-------- C:\Program Files\Windows Live Favorites
2008-06-17 11:25:12 0 d-------- C:\Program Files\Windows Live
2008-06-17 11:24:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-10 17:09:46 128 --a------ C:\WINDOWS\system32\dictionary_bho.reg


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 08:15 PM]
"SoundMan"="SOUNDMAN.EXE" [23/02/2005 08:13 PM C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/09/2003 08:10 PM]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [21/01/2005 06:04 PM]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [21/01/2005 06:04 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/05/2004 03:18 PM]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [14/06/2004 10:54 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [05/12/2005 05:04 PM]
"ServiceLayer"="C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe" [16/10/2002 07:43 AM]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [22/10/2002 07:52 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [15/09/2003 09:00 PM]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [03/10/2006 09:16 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [16/02/2005 11:11 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [29/12/2006 04:52 PM]
"BigPondCable"="C:\Program Files\Telstra\Cable Login\bpcable.exe" [03/07/2006 12:21 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 10:32 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [09/06/2007 12:59 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/08/2008 02:35 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27 AM]
"StartFoxie"="C:\Program Files\Foxie Suite\StartFoxie.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [26/02/2005 10:28 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 02:24 AM]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [03/10/2006 09:16 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 01:39 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 08:05 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [13/10/2007 2:11:08 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1/03/2008 10:10:55 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 4:19:24 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 12:01:04 AM]
NETGEAR Smart Wizard.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [21/07/2007 9:36:30 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1
"NoAdminPage"=1

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-08-13 17:18:46 ------------

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 1023.48 MiB / 433.53 MiB
Pagefile Memory (total/avail): 1692.64 MiB / 1196.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 107.27 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160812A - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1132 (Trend Micro, Inc.) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Warcraft 3\\war3.exe"="C:\\Program Files\\Warcraft 3\\war3.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\\Program Files\\Gigabyte\\ET5\\update.exe"="C:\\Program Files\\Gigabyte\\ET5\\update.exe:*:Enabled:ftptest"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mikki\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LARRY-F79FD144F
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mikki
ITEMID=dj-22741-15
LANG=3081
LOGONSERVER=\\LARRY-F79FD144F
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONID=1157637587759htx6060.cce.hp.com171570:10d8893844f:-31af
SESSIONNAME=Console
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mikki\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Mikki\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Mikki\LOCALS~1\Temp\rad975F0.tmp
USERDOMAIN=LARRY-F79FD144F
USERNAME=Mikki
USERPROFILE=C:\Documents and Settings\Mikki
VERSION=3.0.5.001
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Larry Carter (admin)
Mikki (admin)
Henry (admin)
Wendy (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared HiJackFree 3.1 --> "C:\Program Files\a-squared HiJackFree\unins000.exe"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
All Sound Recorder XP 2.15 --> "C:\Program Files\All Sound Recorder XP\unins000.exe"
Any Video Converter 2.1.0 --> "C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BA Installer --> MsiExec.exe /I{EDA0FFC5-7964-4E2F-9014-693F04695933}
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BigPond Broadband Cable Login --> MsiExec.exe /I{BCE5A33D-A808-492A-9B5C-DCAFCFF24D27}
BigPond Broadband Cable Self Install Kit --> MsiExec.exe /I{F6A39BCA-8C6C-4BAA-BE1D-1C3E784ADB95}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon EOS 5D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot S45 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{938DB54D-B302-4594-A782-32219F1734AB}
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities Digital Photo Professional 3.3 --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities File Viewer Utility 1.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
Canon Utilities MyCamera --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities Original Data Security Tools --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
Canon Utilities RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities WFT-E1/E2/E3 Utility --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
D-Link DSL-200 ADSL Modem --> C:\Program Files\D-Link\DSL-200\uninstall.exe
Dictionary.com Toolbar --> MsiExec.exe /I{075FBB1B-B803-4C31-B54C-ADDC6AE2845B}
DivX Media Codec 4.2.1 --> C:\WINDOWS\system32\uninstdivx.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD X Player Professional 2.0 --> "C:\Program Files\DVD X Player Professional\unins000.exe"
EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
Elecard DVD Player --> "C:\Program Files\Elecard\Elecard DVD Player 1.0\Uninstall.exe" "C:\Program Files\Elecard\Elecard DVD Player 1.0\install.log"
FinePix Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource --> C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.3 --> C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Flickr Uploadr 3.0.5 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Hamachi 1.0.1.3 --> C:\Program Files\Hamachi\uninstall.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Mikki\Desktop\CLEANCOMP\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Unload DLL Patch --> MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
HyperSnap 6 --> C:\Program Files\HyperSnap 6\HprUnInst.exe
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
iriver plus 3 (remove only) --> "C:\Program Files\iriver\iriver plus 3\uninstall.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft GIF Animator --> C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MOVAVI Suite Edition 2.0 --> C:\Program Files\MOVAVI Suite Edition 2.0\uninst.exe
MP3 Player --> MsiExec.exe /I{EA470D3B-058E-4772-B020-3C8C1F652A2E}
Nero PhotoShow Express --> "C:\Program Files\Nero\data\Xtras\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NETGEAR WG511v2 wireless PC card --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B93D24B3-928D-4805-B379-4AA47CB3794E}
ninemsn Internet Software --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nokia PC Connectivity SDK 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D2BAD7A0-610B-4691-A054-D8A9F15FF708}
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RaidApplication --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8483 / Error
Event Submitted/Written: 08/13/2008 01:40:35 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.

Event Record #/Type8481 / Warning
Event Submitted/Written: 08/13/2008 01:39:49 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync' failed during request for component '{25AE009D-012F-4A42-A341-259F0FB629A0}'

Event Record #/Type8480 / Warning
Event Submitted/Written: 08/13/2008 01:39:49 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync', component '{13611E77-B9F9-43C7-85A6-1CB12FD67A1D}' failed. The resource 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows CE Services\Defname' does not exist.

Event Record #/Type8454 / Success
Event Submitted/Written: 08/12/2008 06:54:39 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8447 / Error
Event Submitted/Written: 08/12/2008 04:05:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37860 / Error
Event Submitted/Written: 08/13/2008 04:48:23 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type37857 / Error
Event Submitted/Written: 08/13/2008 04:48:23 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type37854 / Error
Event Submitted/Written: 08/13/2008 04:48:23 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type37851 / Error
Event Submitted/Written: 08/13/2008 04:48:23 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type37848 / Error
Event Submitted/Written: 08/13/2008 04:48:23 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-08-13 17:18:46 ------------

#7 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 13 August 2008 - 08:28 AM

Hello again mikballs. We are making progress. :thumbsup:

[...]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1
"NoAdminPage"=1
Are you aware of these policies restrictions for the current user? In other words: Have you possibly set these yourself or has an administrator set these for you?
The above policies restrictions respectively indicate that registry editing has been disabled (for current user) and that the current user is stopped from being able to access the remote administration page in control panel.

[...]

Can you please give me an answer to this question I have stated before?

Also please let me know if you have run the Norton Removal Tool (see instructions in my previous post).



Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost. There is also a possibility some of the instructions will need to be carried out in Safe Mode where Internet access is not available, and thus you will be unable to access this thread at that time.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


It appears your Trend Micro PC-cillin Internet Security 2007's Anti-Virus is out of date. Please update it!

Step #1: Reinstalling (or Uninstalling) the Dictionary.com Toolbar
You have probably noticed that the Dictionary.com Toolbar program does not work as an important file belonging to the program was missing. (This file was already missing before I started helping you.) You can fix the Dictionary.com Toolbar program if you want by following these steps:
  • Click Start on the taskbar, then click on the Control Panel icon.
  • Double-click the Add or Remove Programs icon.
    • A list of programs installed will be "populated"; this may take a bit of time.
  • Uninstall Dictionary.com Toolbar if it is listed by clicking the entry and selecting the Remove (or Change/Remove) button, and follow the on-screen instructions for the Dictionary.com Toolbar uninstaller.
  • Follow the instructions located here to download and reinstall the toolbar.
    :)
    NOTE: If you do not want to have/use the Dictionary.com Toolbar anymore, just uninstall the program from Add or Remove Programs without installing it again.
Step #2: HijackThis fix
I overlooked the fact that you have uninstalled the Foxie Suite program. Therefore we can have HijackThis fix the entry we restored before:
  • Re-run HijackThis.
  • Click on Do a system scan only.
  • Put a checkmark next to this entry if it is present, double-checking to be sure that only this entry is checked:
    O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
  • Close all other windows - you should only see HijackThis on your Desktop - and then click the Fix checked button.
  • A box will pop up asking you if you wish to fix the selected item; please choose Yes.
  • Close HijackThis.
Step #3: DAFT (Deckard's Association Fix Tool)
We need to fix altered file associations:
  • Make sure Deckard's System Scanner (dss.exe) is located on your Desktop.
  • Open a Run prompt by clicking Start > Run....
  • Copy and paste the entire contents of the CODE box below into the Open: field:
    "%userprofile%\Desktop\dss.exe" /daft
  • Click OK or press Enter on your keyboard.
  • You will be presented with 1 or 2 prompt(s). Accept each.
  • Click Scan at the bottom of the resulting window.
    • If DSS finds faulty file associations, they will appear in red next to a checkbox.
  • Check each item found by DSS.
  • Click the Fix button at the bottom of the window.
  • Rescan and save a log file (by default, it will save as daft.txt).
  • Close DSS /daft.
  • Copy and paste the entire contents of the saved log file (daft.txt) in your next reply.
Step #4: GMER
We need to scan for rootkits with GMER.
  • Please download GMER from one of the links below and save to your Desktop.
    Download GMER (gmer.zip)
    (alternate download site 1) Download GMER (gmer.zip)
    (alternate download site 2) Download GMER (gmer.zip)
  • Unzip/Extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    NOTE: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan, click No.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
    :)
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C: drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    IMPORTANT: Please do not select the "Show All" checkbox during the scan.
  • Click on the Scan and wait for the scan to finish.
    NOTE: ** Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. **
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > "Text Document". Once the file is created, open it and right-click again and choose Paste or press Ctrl + V. Save the file as gmer.txt and copy the information in your next reply.

NOTE: ** If you have any problems, try running GMER in Safe Mode. **

Step #5: HijackThis scan
Scan with HijackThis and post a new HijackThis log.



So in your next reply, please post the entire contents of:
  • daft.txt
  • GMER's log
  • the new HijackThis log
NOTE: Use several posts if necessary to include everything in the requested logs.

Edited by htv8, 13 August 2008 - 08:34 AM.

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#8 mikballs

mikballs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Aus
  • Local time:04:35 PM

Posted 14 August 2008 - 04:04 AM

Thank you so much for your help so far, really, much appreciated.
I am not sure about the
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1
"NoAdminPage"=1

xD
so you can tell me whatever you think is best to do to fix that or leave it as it is.

I cant get the norton uninstallation tool as my internet is tooooo slow for some reason, it should be really fast..
But lately its just been stopping. So it would take me half an hour to 1 hour to probably just load the norton page.

The dictionary.com toolbar wont uninstall as it says 'fatal error occured while installing' when i try to uninstall it.


------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:21 PM, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Mikki\Desktop\CLEANCOMP\gmer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mikki\Desktop\CLEANCOMP\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search In &All Reference - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\all_reference.htm
O8 - Extra context menu item: Search In &Dictionary - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\dictionary.htm
O8 - Extra context menu item: Search In &Encyclopedia - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\encyclopedia.htm
O8 - Extra context menu item: Search In &Thesaurus - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\thesaurus.htm
O8 - Extra context menu item: Search In &Web - C:\Program Files\Dictionary.com\Dictionary.com Toolbar\web.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174648032640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://trx.centricom.com.au/ewcustomer/POLiPayOnline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 14778 bytes

#9 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 14 August 2008 - 04:38 AM

Hello again, mikballs.

Thanks for the info.

Have you run Deckard's Association Fix Tool (DAFT) and GMER as instructed to in my previous post? I would like to see the logs created by these tools before continuing. :thumbsup:

Edited by htv8, 14 August 2008 - 04:42 AM.
typo

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#10 mikballs

mikballs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Aus
  • Local time:04:35 PM

Posted 14 August 2008 - 07:15 AM

the GMER file is really really big.

its like 900 pages of microsoft word :S

i think my nets too crappy to upload it..as i said lately nets been really slow and non-responsive.

oh wait, the filesize is 19mb...

and the DAFT one--

DAFT Log saved on 2008-08-14 18:23:20
-----------------------------------------------------------------------
All associations okay!

Edited by mikballs, 14 August 2008 - 07:16 AM.


#11 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 14 August 2008 - 12:32 PM

Hello again.

Thank you so much for your help so far, really, much appreciated.
[...]

You're welcome. :thumbsup:

[...]

I cant get the norton uninstallation tool as my internet is tooooo slow for some reason, it should be really fast..
But lately its just been stopping. So it would take me half an hour to 1 hour to probably just load the norton page.

[...]

OK, don't bother about it for now. We can always try running it later. It's not of major importance at the moment.

[...]

The dictionary.com toolbar wont uninstall as it says 'fatal error occured while installing' when i try to uninstall it.

[...]

OK. Just following the instructions located here to download the toolbar again and (re)install it will probably do the trick.

the GMER file is really really big.

[...]

OK, we will try something different. Please continue with the instructions below.



Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


Step #1: Policies Restrictions Fix
Follow the instructions below if you are not aware that there are policies set for accessing the remote administration page in Control Panel and registry editing - this means that you are stopped from being able to access the remote administration page in Control Panel and that registry editing has been disabled for you. If you or a possible adminstrator hasn't set these policies for you, then please run OTMoveIt2 with the specified script below:
  • In the event you lost your copy: Please download the OTMoveIt2 by OldTimer.
    Download OTMoveIt2 (OTMoveIt2.exe
  • Save it to your Desktop.
  • Double-click OTMoveIt2.exe to run it. (NOTE: ** If using Windows Vista, right-click the file and choose "Run as administrator". **)
  • Copy the lines in the CODE box below to the clipboard by highlighting ALL of them and pressing Ctrl + C (or, after highlighting, right-click and choose Copy):
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoAdminPage
    WARNING: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Return to OTMoveIt2, right-click in the Paste List Of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL contents and pressing Ctrl + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply.
  • Close OTMoveIt2.
Step #2: ComboFix
We need to run ComboFix.
  • Please visit this webpage for download links, and instructions for running the tool: How to use ComboFix.
  • Please ensure you read this guide carefully and install the Recovery Console first.
    • The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed.
  • Please continue as follows:
    • VERY IMPORTANT: Close/Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix.
      ** Click on this link to see a list of programs that should be disabled. NOTE: The list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask. **
    • Click Yes to allow ComboFix to continue scanning for malware.
      NOTE: ** Do not mouseclick ComboFix's window whilst it's running. That may cause your system to hang! **
    • When finished, ComboFix shall produce a log for you; post the entire contents of that report in your next reply for further review, and so we may continue cleansing the system.

GENERAL WARNING: Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your Operating System such as preventing it from ever starting again. Please read ComboFix's Disclaimer.


Step #3: F-Secure Blacklight
We need to run F-Secure Blacklight to detect files, folders and processes that are hidden from the user and other programs:
  • Please download F-Secure Blacklight and save to your C:\ drive.
    Download F-Secure Blacklight (fsbl.exe)
  • Click on Start, then click on Run....
    • This will bring up the Run box.
  • Type cmd in the Open: field, then press Enter.A command window will open.
  • Copy and paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit Enter to start the program and then close the cmd box.
  • Review and accept the user agreement by selecting the radio button labelled "I accept the agreement".
  • Click Next.
  • Click Scan.
  • After the scan is complete, click Next, then Exit.F-Secure Blacklight will create a log in C:\ drive named fsbl-xxxxxxx.log (the xxxxxxx will be the date and time of the scan).
    The log will have a list of all items found. Do NOT choose to rename any yet! I want to see the log first because legitimate items can also be present (like wbemtest.exe and tcptest.exe).
  • Exit F-Secure Blacklight and post the contents of the log in your next reply.

NOTE: ** If Blacklight does not work, rename fsbl.exe to zsbl.exe and try running it again. **

Step #4: Jotti/VirusTotal scan
We need to determine if some files are malware or not.
  • Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows.
  • Please go to Jotti: http://virusscan.jotti.org/.
  • When the Jotti page has finished loading, click the Browse... button at the top and navigate to each of the following files if they are present and click Submit:
    C:\WINDOWS\gdrv.sys
    C:\WINDOWS\system32\NeroCheck.exe

    NOTE: You will only be able to have one file scanned at a time.
  • Please be patient as the file will be scanned.
  • Please post back the results of the scan in your next post.
NOTE: In case Jotti is busy, try the same at VirusTotal: http://www.virustotal.com/.



So in your next reply, please post the entire contents of:
  • OTMoveIt2's log
  • C:\ComboFix.txt
  • F-Secure Blacklight's log
  • Jotti's/VirusTotal's scan report
NOTE: Use several posts if necessary to include everything in the requested logs.

Edited by htv8, 14 August 2008 - 12:43 PM.
little typo

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#12 mikballs

mikballs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Aus
  • Local time:04:35 PM

Posted 15 August 2008 - 05:04 PM

the windows xp file that i had to download from microsoft, the recovery console..
wouldnt download..
i left it running for like 7 hours and it only got to 50% and then timed out.
It was only a 4mb file as well..
internet is stuffed ay.

#13 mikballs

mikballs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Aus
  • Local time:04:35 PM

Posted 16 August 2008 - 06:55 AM

I ended up being able to download the file haha.


well here are the logs + results-

ComboFix 08-08-14.02 - Mikki 2008-08-16 21:06:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.637 [GMT 10:00]
Running from: C:\Documents and Settings\Mikki\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mikki\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mikki\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Mikki\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Mikki\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Program Files\Adssite Advanced Toolbar
C:\WINDOWS\system32\dllcache\npptools.dll
C:\WINDOWS\system32\npptools.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-14 18:24 . 2008-08-14 18:30 345 --a------ C:\WINDOWS\gmer.ini
2008-08-13 17:10 . 2008-08-13 17:10 <DIR> d-------- C:\_OTMoveIt
2008-08-13 16:59 . 2008-08-13 17:07 <DIR> d-------- C:\HaxFix
2008-08-12 19:01 . 2008-08-12 19:01 <DIR> d-------- C:\Deckard
2008-08-11 22:14 . 2008-08-11 22:14 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-08-07 22:28 . 2008-08-13 17:12 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-08-07 19:01 . 2008-08-07 19:01 <DIR> d-------- C:\Program Files\CCleaner
2008-08-02 22:59 . 2008-08-02 22:59 <DIR> d-------- C:\Multimedia Files
2008-08-02 22:30 . 2008-08-02 22:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-02 14:35 . 2008-08-02 14:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-02 11:40 . 2008-08-02 11:40 <DIR> d-------- C:\Program Files\Warcraft III
2008-07-31 22:20 . 2008-07-31 22:20 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-07-22 17:32 . 2008-07-22 17:32 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 07:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-15 14:38 --------- d-----w C:\Documents and Settings\Mikki\Application Data\Hamachi
2008-08-13 06:48 --------- d-----w C:\Program Files\Java
2008-08-13 06:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-10 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 09:25 --------- d-----w C:\Program Files\Yahoo!
2008-08-10 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo
2008-08-08 15:11 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-07 09:10 --------- d-----w C:\Documents and Settings\Henry\Application Data\LimeWire
2008-08-02 04:35 --------- d-----w C:\Program Files\Common Files\Real
2008-07-24 05:37 --------- d-----w C:\Program Files\Google
2008-07-02 13:30 --------- d-----w C:\Program Files\FinePixViewer
2008-06-30 08:57 --------- d-----w C:\Program Files\Real
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 08:13 --------- d-----w C:\Program Files\Flickr Uploadr
2008-06-19 08:13 --------- d-----w C:\Documents and Settings\Mikki\Application Data\Flickr
2008-06-19 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Arclab
2008-06-17 01:34 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-17 01:33 --------- d-----w C:\Program Files\Windows Live Favorites
2008-06-17 01:25 --------- d-----w C:\Program Files\Windows Live
2008-06-17 01:24 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-17 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-07 07:14 21,512 ----a-w C:\Documents and Settings\Mikki\Application Data\GDIPFONTCACHEV1.DAT
2007-10-21 16:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
2007-10-21 16:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
2007-10-21 16:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
2007-10-21 16:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-10-21 16:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
2007-10-21 16:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
2007-10-21 16:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
2007-10-21 16:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
2007-10-21 16:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
2007-08-19 08:12 21,512 ----a-w C:\Documents and Settings\Wendy\Application Data\GDIPFONTCACHEV1.DAT
2005-10-03 04:54 265,984 ----a-w C:\WINDOWS\inf\WG511v2\WG511v2XP.sys
2005-10-03 04:54 265,856 ----a-w C:\WINDOWS\inf\WG511v2\WG511v2.sys
2004-08-05 06:06 212,992 ----a-w C:\WINDOWS\inf\WG511v2\CopyWHQLDriver.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 10:28 212992]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24 1694208]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-03 09:16 190024]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 20:15 106496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 20:10 335872]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-01-21 18:04 356352]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-01-21 18:04 16384]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 10:54 200704]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2005-12-05 17:04 691200]
"ServiceLayer"="C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe" [2002-10-16 07:43 69632]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2002-10-22 07:52 598016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 21:00 270336]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-03 09:16 190024]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 16:52 3429904]
"BigPondCable"="C:\Program Files\Telstra\Cable Login\bpcable.exe" [2006-07-03 00:21 258048]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-09 00:59 224248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-02 14:35 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 20:13 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-01 10:10 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-10-13 14:11:08 303104]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-01 10:10:55 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
NETGEAR Smart Wizard.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [2007-07-21 21:36:30 2238]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2006-01-07 14:07]
S3 bpcService;BigPond Broadband Cable Login;C:\Program Files\Telstra\Cable Login\bpcService.exe [2006-07-03 00:21]

*Newly Created Service* - MARKFUN_NT
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-16 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
C:\WINDOWS\Downloaded Program Files\BeboUploader.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\BeboUploader.ocx

O16 -: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} - hxxps://trx.centricom.com.au/ewcustomer/POLiPayOnline.cab
C:\WINDOWS\Downloaded Program Files\POLiPayOnline.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 21:17:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [3060] 0x8527C020

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-08-16 21:24:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 11:24:22

Pre-Run: 114,898,014,208 bytes free
Post-Run: 115,357,696,000 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

217 --- E O F --- 2008-08-07 12:57:41
-------------------------------------------------------------------------------------------------------


08/16/08 21:33:06 [Info]: BlackLight Engine 1.0.70 initialized
08/16/08 21:33:06 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/16/08 21:33:07 [Note]: 7019 4
08/16/08 21:33:07 [Note]: 7005 0
08/16/08 21:33:14 [Note]: 7006 0
08/16/08 21:33:14 [Note]: 7022 0
08/16/08 21:33:14 [Note]: 7011 160
08/16/08 21:33:16 [Note]: 7035 0
08/16/08 21:33:16 [Note]: 7026 0
08/16/08 21:33:16 [Note]: 7026 0
08/16/08 21:33:24 [Note]: FSRAW library version 1.7.1024
08/16/08 21:44:07 [Note]: 7007 0
--------------------------------------------------------------------------------

and the Online jotti malware scan was all clean.

-----------------------

< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoAdminPage >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoAdminPage deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08152008_163100


----------------------------------------------

thanks lots for all the help so far :D,
but net is still running a little slow.

Edited by mikballs, 16 August 2008 - 06:59 AM.


#14 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 17 August 2008 - 04:14 AM

Hello, mikballs.

I am out of town today. When I am back again, I will look over your log as soon as possible and reply back. Just want to let you know you haven't been forgotten. :thumbsup:

Thanks for your understanding,

htv8
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#15 mikballs

mikballs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Aus
  • Local time:04:35 PM

Posted 17 August 2008 - 06:20 AM

hey,
yeah no worries man,
I dont really expect you to be free every single day haha.
have fun!

=]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users