Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This can't be good


  • Please log in to reply
15 replies to this topic

#1 Skulker

Skulker

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 28 December 2008 - 12:04 PM

My laptop is infected with so many pop ups. This thing seems to go by 3 names. It is called System Security in my Start programs. I have had IE redirected to Antivirus 2009. I have 2 system tray icons. Anyway, I am at a loss. I ran updated mbam in normal and safe modes both and it was unsuccessful. So I have no choice but to post a hjt log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:21 AM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\All Users\Application Data\922414813\723389588.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\Robert\LOCALS~1\Temp\yyy15243.exe
C:\DOCUME~1\Robert\LOCALS~1\Temp\~tmpb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\DOCUME~1\Robert\LOCALS~1\Temp\~tmpf.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\My HjT\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.legendsofchance.net/loc2forums/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070910
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [723389588] "C:\Documents and Settings\All Users\Application Data\922414813\723389588.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\******\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\******\LOCALS~1\Temp\yyy15243.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\******\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190131210171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11217 bytes

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 PM

Posted 28 December 2008 - 12:13 PM

Hi Skulker
  • Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Skulker

Skulker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 28 December 2008 - 12:22 PM

In running the RSIT I am getting an error. I says Line - 1: Error: Subscript used with non-Array variable

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 PM

Posted 28 December 2008 - 12:23 PM

Then please run this instead:

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt and Attach.txt will open.
  • Save both reports to your desktop.
Please include the contents of the following reports in your next reply:

DDS.txt
Attach.txt

Edited by Shaba, 28 December 2008 - 12:24 PM.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 Skulker

Skulker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 28 December 2008 - 12:40 PM

Thank you so much... :thumbsup:


DDS (Version 1.1.0) - NTFSx86
Run by Robert at 12:30:01.50 on Sun 12/28/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.364 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\All Users\Application Data\922414813\723389588.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\Robert\LOCALS~1\Temp\yyy15243.exe
C:\DOCUME~1\Robert\LOCALS~1\Temp\~tmpb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\Robert\LOCALS~1\Temp\~tmpf.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Robert\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.legendsofchance.net/loc2forums/index.php
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6]
uRun: [Cognac] c:\docume~1\robert\locals~1\temp\~tmpb.exe
uRun: [MSFox] c:\docume~1\robert\locals~1\temp\yyy15243.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [723389588] "c:\documents and settings\all users\application data\922414813\723389588.exe"
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\DELLNE~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\robert\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert\applic~1\mozilla\firefox\profiles\94r78g65.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-9-10 3456]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-9-18 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-9-18 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-9-18 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-9-18 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-9-18 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-9-18 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-9-18 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-9-18 4960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-10-4 24652]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\gunz\gameguard\dump_wmimmc.sys []

=============== Created Last 30 ================

2008-12-28 11:30 119,300 a------- c:\windows\system32\msxml71.dll
2008-12-27 13:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\922414813
2008-12-27 10:20 <DIR> --d----- c:\docume~1\robert\applic~1\RegistryDoctor2008
2008-12-27 09:44 <DIR> --d----- C:\My Downloads
2008-12-27 09:43 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-27 09:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 09:43 <DIR> --d----- c:\docume~1\robert\applic~1\Malwarebytes
2008-12-27 09:17 84,310 a------- c:\windows\system32\nepnndxjtainj.dll-uninst.exe
2008-12-26 19:52 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-26 19:52 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-10 17:21 268 a---h--- C:\sqmdata02.sqm
2008-12-10 17:21 244 a---h--- C:\sqmnoopt02.sqm
2008-12-09 16:20 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-07 19:19 <DIR> --d----- c:\docume~1\robert\applic~1\mIRC
2008-12-07 11:47 <DIR> --d----- c:\program files\BZFlag2.0.10
2008-11-30 11:18 31 a------- c:\documents and settings\robert\jagex_runescape_preferences.dat
2008-11-30 11:18 <DIR> --d----- c:\windows\.jagex_cache_32
2008-11-28 22:43 56 a---h--- c:\windows\system32\ezsidmv.dat

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-07 10:49 77,803 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-08 08:33 193,024 a------- c:\windows\system32\SET11DE.tmp
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-08-15 21:28 9,359,539 a------- c:\program files\The_Dark_Knight_screensaver.zip

============= FINISH: 12:30:39.32 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/18/2007 11:39:35 AM
System Uptime: 12/28/2008 11:03:59 AM (1 hours ago)

Motherboard: Dell Inc. | | 0WY383
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-53 | Socket M2/S1G1 | 1695/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 36.127 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP276: 9/30/2008 3:24:12 PM - Software Distribution Service 3.0
RP277: 10/1/2008 3:27:11 PM - Software Distribution Service 3.0
RP278: 10/1/2008 3:56:45 PM - Removed Windows Live Messenger
RP279: 10/1/2008 4:12:58 PM - Installed Windows Live Messenger
RP280: 10/1/2008 4:14:30 PM - Installed Rhapsody Player Engine
RP281: 10/2/2008 3:16:17 PM - Software Distribution Service 3.0
RP282: 10/3/2008 9:58:25 PM - Software Distribution Service 3.0
RP283: 10/4/2008 9:33:33 AM - Software Distribution Service 3.0
RP284: 10/5/2008 9:06:13 AM - Software Distribution Service 3.0
RP285: 10/6/2008 4:24:22 PM - Software Distribution Service 3.0
RP286: 10/7/2008 3:33:30 PM - Software Distribution Service 3.0
RP287: 10/8/2008 4:13:48 PM - Software Distribution Service 3.0
RP288: 10/9/2008 3:18:25 PM - Software Distribution Service 3.0
RP289: 10/10/2008 8:47:25 PM - Software Distribution Service 3.0
RP290: 10/11/2008 9:18:58 AM - Software Distribution Service 3.0
RP291: 10/11/2008 10:51:09 PM - Software Distribution Service 3.0
RP292: 10/13/2008 9:00:20 AM - Software Distribution Service 3.0
RP293: 10/14/2008 10:57:48 AM - Software Distribution Service 3.0
RP294: 10/14/2008 3:47:54 PM - Software Distribution Service 3.0
RP295: 10/14/2008 3:48:43 PM - Software Distribution Service 3.0
RP296: 10/15/2008 3:30:39 PM - Software Distribution Service 3.0
RP297: 10/17/2008 8:14:35 PM - Software Distribution Service 3.0
RP298: 10/18/2008 11:14:35 AM - Software Distribution Service 3.0
RP299: 10/19/2008 9:39:07 AM - Software Distribution Service 3.0
RP300: 10/20/2008 4:07:45 PM - Software Distribution Service 3.0
RP301: 10/21/2008 3:20:22 PM - Software Distribution Service 3.0
RP302: 10/22/2008 3:15:49 PM - Software Distribution Service 3.0
RP303: 10/23/2008 3:22:06 PM - Software Distribution Service 3.0
RP304: 10/24/2008 5:25:09 PM - Software Distribution Service 3.0
RP305: 10/25/2008 9:01:38 AM - Software Distribution Service 3.0
RP306: 10/25/2008 10:37:58 PM - Software Distribution Service 3.0
RP307: 10/29/2008 7:53:45 PM - Software Distribution Service 3.0
RP308: 10/30/2008 5:49:59 PM - Software Distribution Service 3.0
RP309: 10/31/2008 7:24:00 PM - Software Distribution Service 3.0
RP310: 10/31/2008 8:04:11 PM - Installed Windows Media Player 11
RP311: 10/31/2008 8:05:05 PM - Installed Windows XP Wudf01000.
RP312: 10/31/2008 8:07:15 PM - Installed Windows XP MSCompPackV1.
RP313: 10/31/2008 8:08:51 PM - Installed Windows XP KB926239.
RP314: 11/1/2008 9:00:21 AM - Software Distribution Service 3.0
RP315: 11/1/2008 4:03:30 PM - Software Distribution Service 3.0
RP316: 11/2/2008 10:05:23 AM - Software Distribution Service 3.0
RP317: 11/7/2008 6:48:07 PM - Software Distribution Service 3.0
RP318: 11/8/2008 7:46:02 AM - Software Distribution Service 3.0
RP319: 11/8/2008 7:47:18 AM - Software Distribution Service 3.0
RP320: 11/8/2008 9:00:54 AM - Software Distribution Service 3.0
RP321: 11/9/2008 9:01:25 AM - Software Distribution Service 3.0
RP322: 11/10/2008 9:00:18 AM - Software Distribution Service 3.0
RP323: 11/11/2008 9:00:38 AM - Software Distribution Service 3.0
RP324: 11/15/2008 7:01:41 AM - Software Distribution Service 3.0
RP325: 11/15/2008 9:00:24 AM - Software Distribution Service 3.0
RP326: 12/6/2008 6:01:17 PM - System Checkpoint
RP327: 12/7/2008 9:24:38 AM - Software Distribution Service 3.0
RP328: 12/9/2008 7:40:16 AM - System Checkpoint
RP329: 12/9/2008 4:20:05 PM - Installed Java™ 6 Update 11
RP330: 12/9/2008 4:21:34 PM - Installed MSN Toolbar Setup
RP331: 12/9/2008 6:05:41 PM - Software Distribution Service 3.0
RP332: 12/11/2008 7:44:01 PM - System Checkpoint
RP333: 12/13/2008 10:45:59 AM - System Checkpoint
RP334: 12/16/2008 7:49:24 PM - System Checkpoint
RP335: 12/17/2008 5:35:03 PM - Software Distribution Service 3.0
RP336: 12/21/2008 12:31:34 PM - System Checkpoint
RP337: 12/26/2008 8:41:04 PM - System Checkpoint
RP338: 12/28/2008 12:34:04 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
AIM 6
Aim Plugin for QQ Games
AIM Toolbar 5.0
AMIP (remove only)
ATI Catalyst Control Center
ATI Display Driver
AVG 7.5
Broadcom Management Programs
Browser Address Error Redirector
BZFlag 2.0.10 (remove only)
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Network Assistant
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
EA Download Manager
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IceChat 7.63 (Build 20080417)
ijji
ijji - Gunz
ijji Auto Installer
IMVU Avatar Chat Software
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mIRC
Modem Diagnostic Tool
Mozilla Firefox (2.0.0.14)
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PowerDVD
QQ Games
QuickSet
Rhapsody Player Engine
Search Assistant Searchersmart
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Skins
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SPORE™ Creature Creator
SpywareBlaster 4.0
TeamSpeak 2 RC2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xfire (remove only)
YahELite 326
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/21/2008 2:09:10 PM, error: Service Control Manager [7000] - The Kodak Camera Connection Software service failed to start due to the following error: The system cannot find the file specified.
12/27/2008 8:56:04 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 8:56:04 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 8:56:04 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 8:56:04 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 8:56:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Avg7Core Avg7RsW Avg7RsXP Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
12/27/2008 9:01:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/27/2008 9:01:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/27/2008 9:32:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================

#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 PM

Posted 28 December 2008 - 12:54 PM

Uninstall these:

J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O4 - HKLM\..\Run: [723389588] "C:\Documents and Settings\All Users\Application Data\922414813\723389588.exe"
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\******\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\******\LOCALS~1\Temp\yyy15243.exe


Close all windows including browser and press fix checked.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
    yyy15243.exe
    ~tmpb.exe
    ~tmpf.exe
    723389588.exe
    
    :files
    c:\windows\system32\msxml71.dll
    C:\Documents and Settings\All Users\Application Data\922414813
    C:\DOCUME~1\Robert\LOCALS~1\Temp\yyy15243.exe
    C:\DOCUME~1\Robert\LOCALS~1\Temp\~tmpb.exe
    C:\DOCUME~1\Robert\LOCALS~1\Temp\~tmpf.exe
    c:\windows\system32\nepnndxjtainj.dll-uninst.exe
    
    :commands
    [EmptyTemp]
    [reboot]
  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run DDS.

Post:

- DDS.txt
- otmoveit3 log
Microsoft MVP Consumer Security
Posted Image

Posted Image

#7 Skulker

Skulker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 28 December 2008 - 01:22 PM

when i try to save OTMoveit3 to my desktop, i get "cannot copy, access denied" AVG thnks it's a threat

#8 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 PM

Posted 28 December 2008 - 01:48 PM

Please disable AVG before downloading.

See here how to do it.

Remember to re-enable it after OTMoveIT3 has rebooted computer.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#9 Skulker

Skulker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 28 December 2008 - 02:00 PM

ok, turning off the AVG worked, i was able to copy the code under the yellow bar but now, under the green bar, i can't click anything on that side, or on any side if i click it, i get an error sound

#10 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 PM

Posted 28 December 2008 - 02:03 PM

If you were able to click Moveit!, that is fine.

Log can be found in C:\_OTMoveIt\MovedFiles after reboot.

Edited by Shaba, 28 December 2008 - 02:04 PM.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#11 Skulker

Skulker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 28 December 2008 - 02:18 PM

Error: Unable to interpret <processes> in the current context!
Error: Unable to interpret <yyy15243.exe> in the current context!
Error: Unable to interpret <~tmpb.exe> in the current context!
Error: Unable to interpret <~tmpf.exe> in the current context!
Error: Unable to interpret <723389588.exe> in the current context!
========== FILES ==========
File/Folder c:\windows\system32\msxml71.dll not found.
C:\Documents and Settings\All Users\Application Data\922414813\Languages moved successfully.
C:\Documents and Settings\All Users\Application Data\922414813 moved successfully.
C:\DOCUME~1\Robert\LOCALS~1\Temp\yyy15243.exe moved successfully.
C:\DOCUME~1\Robert\LOCALS~1\Temp\~tmpb.exe moved successfully.
File/Folder C:\DOCUME~1\Robert\LOCALS~1\Temp\~tmpf.exe not found.
c:\windows\system32\nepnndxjtainj.dll-uninst.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_784.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12282008_135330


DDS (Version 1.1.0) - NTFSx86
Run by Robert at 14:15:05.48 on Sun 12/28/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.504 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Robert\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.legendsofchance.net/loc2forums/index.php
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\DELLNE~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\robert\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert\applic~1\mozilla\firefox\profiles\94r78g65.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-9-10 3456]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-9-18 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-9-18 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-9-18 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-9-18 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-9-18 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-9-18 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-9-18 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-9-18 4960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-10-4 24652]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\gunz\gameguard\dump_wmimmc.sys []

=============== Created Last 30 ================

2008-12-28 13:53 <DIR> --d----- C:\_OTMoveIt
2008-12-27 10:20 <DIR> --d----- c:\docume~1\robert\applic~1\RegistryDoctor2008
2008-12-27 09:44 <DIR> --d----- C:\My Downloads
2008-12-27 09:43 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-27 09:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 09:43 <DIR> --d----- c:\docume~1\robert\applic~1\Malwarebytes
2008-12-26 19:52 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-26 19:52 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-10 17:21 268 a---h--- C:\sqmdata02.sqm
2008-12-10 17:21 244 a---h--- C:\sqmnoopt02.sqm
2008-12-09 16:20 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-07 19:19 <DIR> --d----- c:\docume~1\robert\applic~1\mIRC
2008-12-07 11:47 <DIR> --d----- c:\program files\BZFlag2.0.10
2008-11-30 11:18 31 a------- c:\documents and settings\robert\jagex_runescape_preferences.dat
2008-11-30 11:18 <DIR> --d----- c:\windows\.jagex_cache_32
2008-11-28 22:43 56 a---h--- c:\windows\system32\ezsidmv.dat

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-07 10:49 77,803 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-08 08:33 193,024 a------- c:\windows\system32\SET11DE.tmp
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-08-15 21:28 9,359,539 a------- c:\program files\The_Dark_Knight_screensaver.zip

============= FINISH: 14:15:47.32 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/18/2007 11:39:35 AM
System Uptime: 12/28/2008 2:07:39 PM (0 hours ago)

Motherboard: Dell Inc. | | 0WY383
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-53 | Socket M2/S1G1 | 1695/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 37.323 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP276: 9/30/2008 3:24:12 PM - Software Distribution Service 3.0
RP277: 10/1/2008 3:27:11 PM - Software Distribution Service 3.0
RP278: 10/1/2008 3:56:45 PM - Removed Windows Live Messenger
RP279: 10/1/2008 4:12:58 PM - Installed Windows Live Messenger
RP280: 10/1/2008 4:14:30 PM - Installed Rhapsody Player Engine
RP281: 10/2/2008 3:16:17 PM - Software Distribution Service 3.0
RP282: 10/3/2008 9:58:25 PM - Software Distribution Service 3.0
RP283: 10/4/2008 9:33:33 AM - Software Distribution Service 3.0
RP284: 10/5/2008 9:06:13 AM - Software Distribution Service 3.0
RP285: 10/6/2008 4:24:22 PM - Software Distribution Service 3.0
RP286: 10/7/2008 3:33:30 PM - Software Distribution Service 3.0
RP287: 10/8/2008 4:13:48 PM - Software Distribution Service 3.0
RP288: 10/9/2008 3:18:25 PM - Software Distribution Service 3.0
RP289: 10/10/2008 8:47:25 PM - Software Distribution Service 3.0
RP290: 10/11/2008 9:18:58 AM - Software Distribution Service 3.0
RP291: 10/11/2008 10:51:09 PM - Software Distribution Service 3.0
RP292: 10/13/2008 9:00:20 AM - Software Distribution Service 3.0
RP293: 10/14/2008 10:57:48 AM - Software Distribution Service 3.0
RP294: 10/14/2008 3:47:54 PM - Software Distribution Service 3.0
RP295: 10/14/2008 3:48:43 PM - Software Distribution Service 3.0
RP296: 10/15/2008 3:30:39 PM - Software Distribution Service 3.0
RP297: 10/17/2008 8:14:35 PM - Software Distribution Service 3.0
RP298: 10/18/2008 11:14:35 AM - Software Distribution Service 3.0
RP299: 10/19/2008 9:39:07 AM - Software Distribution Service 3.0
RP300: 10/20/2008 4:07:45 PM - Software Distribution Service 3.0
RP301: 10/21/2008 3:20:22 PM - Software Distribution Service 3.0
RP302: 10/22/2008 3:15:49 PM - Software Distribution Service 3.0
RP303: 10/23/2008 3:22:06 PM - Software Distribution Service 3.0
RP304: 10/24/2008 5:25:09 PM - Software Distribution Service 3.0
RP305: 10/25/2008 9:01:38 AM - Software Distribution Service 3.0
RP306: 10/25/2008 10:37:58 PM - Software Distribution Service 3.0
RP307: 10/29/2008 7:53:45 PM - Software Distribution Service 3.0
RP308: 10/30/2008 5:49:59 PM - Software Distribution Service 3.0
RP309: 10/31/2008 7:24:00 PM - Software Distribution Service 3.0
RP310: 10/31/2008 8:04:11 PM - Installed Windows Media Player 11
RP311: 10/31/2008 8:05:05 PM - Installed Windows XP Wudf01000.
RP312: 10/31/2008 8:07:15 PM - Installed Windows XP MSCompPackV1.
RP313: 10/31/2008 8:08:51 PM - Installed Windows XP KB926239.
RP314: 11/1/2008 9:00:21 AM - Software Distribution Service 3.0
RP315: 11/1/2008 4:03:30 PM - Software Distribution Service 3.0
RP316: 11/2/2008 10:05:23 AM - Software Distribution Service 3.0
RP317: 11/7/2008 6:48:07 PM - Software Distribution Service 3.0
RP318: 11/8/2008 7:46:02 AM - Software Distribution Service 3.0
RP319: 11/8/2008 7:47:18 AM - Software Distribution Service 3.0
RP320: 11/8/2008 9:00:54 AM - Software Distribution Service 3.0
RP321: 11/9/2008 9:01:25 AM - Software Distribution Service 3.0
RP322: 11/10/2008 9:00:18 AM - Software Distribution Service 3.0
RP323: 11/11/2008 9:00:38 AM - Software Distribution Service 3.0
RP324: 11/15/2008 7:01:41 AM - Software Distribution Service 3.0
RP325: 11/15/2008 9:00:24 AM - Software Distribution Service 3.0
RP326: 12/6/2008 6:01:17 PM - System Checkpoint
RP327: 12/7/2008 9:24:38 AM - Software Distribution Service 3.0
RP328: 12/9/2008 7:40:16 AM - System Checkpoint
RP329: 12/9/2008 4:20:05 PM - Installed Java™ 6 Update 11
RP330: 12/9/2008 4:21:34 PM - Installed MSN Toolbar Setup
RP331: 12/9/2008 6:05:41 PM - Software Distribution Service 3.0
RP332: 12/11/2008 7:44:01 PM - System Checkpoint
RP333: 12/13/2008 10:45:59 AM - System Checkpoint
RP334: 12/16/2008 7:49:24 PM - System Checkpoint
RP335: 12/17/2008 5:35:03 PM - Software Distribution Service 3.0
RP336: 12/21/2008 12:31:34 PM - System Checkpoint
RP337: 12/26/2008 8:41:04 PM - System Checkpoint
RP338: 12/28/2008 12:34:04 AM - System Checkpoint
RP339: 12/28/2008 1:02:28 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP340: 12/28/2008 1:03:28 PM - Removed Java™ 6 Update 2
RP341: 12/28/2008 1:04:23 PM - Removed Java™ 6 Update 3
RP342: 12/28/2008 1:05:34 PM - Removed Java™ 6 Update 5
RP343: 12/28/2008 1:06:57 PM - Removed Java™ 6 Update 7

==== Installed Programs ======================

µTorrent
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
AIM 6
Aim Plugin for QQ Games
AIM Toolbar 5.0
AMIP (remove only)
ATI Catalyst Control Center
ATI Display Driver
AVG 7.5
Broadcom Management Programs
Browser Address Error Redirector
BZFlag 2.0.10 (remove only)
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Network Assistant
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
EA Download Manager
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IceChat 7.63 (Build 20080417)
ijji
ijji - Gunz
ijji Auto Installer
IMVU Avatar Chat Software
Jasc Paint Shop Pro 8
Java™ 6 Update 11
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mIRC
Modem Diagnostic Tool
Mozilla Firefox (2.0.0.14)
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PowerDVD
QQ Games
QuickSet
Rhapsody Player Engine
Search Assistant Searchersmart
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Skins
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SPORE™ Creature Creator
SpywareBlaster 4.0
TeamSpeak 2 RC2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xfire (remove only)
YahELite 326
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/28/2008 1:03:02 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/28/2008 11:04:36 AM, error: Service Control Manager [7000] - The Kodak Camera Connection Software service failed to start due to the following error: The system cannot find the file specified.
12/28/2008 12:14:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/28/2008 12:13:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/27/2008 9:32:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/27/2008 8:56:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Avg7Core Avg7RsW Avg7RsXP Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
12/27/2008 8:56:04 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 8:56:04 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 8:56:04 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 8:56:04 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

#12 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 PM

Posted 28 December 2008 - 02:24 PM

Looks pretty good :thumbsup:

Delete this folder:

c:\Documents and Settings\robert\Application Data\RegistryDoctor2008

Empty Recycle Bin.

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Posted Image

5. Highlight Search Assistant Searchersmart and choose Delete this entry.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here
Microsoft MVP Consumer Security
Posted Image

Posted Image

#13 Skulker

Skulker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 29 December 2008 - 11:26 AM

Kasparsky didn't find anything

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:45 AM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\IceChat7\IceChat7.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\My HjT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.legendsofchance.net/loc2forums/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070910
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robert\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190131210171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10941 bytes

#14 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 PM

Posted 29 December 2008 - 11:32 AM

Log looks fine.

Still some issues left?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#15 Skulker

Skulker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 29 December 2008 - 11:44 AM

so far i cant see any problems




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users