Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91863 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] "55 critical system errors" popup...


  • This topic is locked This topic is locked
22 replies to this topic

#1 dozinslosh

dozinslosh

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 02 April 2008 - 07:48 AM

Hello,

I am trying to help my mother-in-law clean up her computer. There is so much junk on there I don't even know where to start. I did run the ATF Cleaner and Spybot Programs before running HijackThis. The computer runs really slow and when it is online it just crawls at a painfully slow speed. :pullhair: Here is a baseline HijackThis Log. Thanks

P.S. AVG is usually running on thecomputer, but it was not working properly (which explains why its not showing in the hjt log), so I had to reinstall.

P.S.S. When I went to check the firewall settings in windows, I was unable to access. There was a message saying that that service was not available.

Logfile of HijackThis v1.99.1
Scan saved at 8:05:04 PM, on 4/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...ast?query=39648
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [BCNT] C:\PROGRA~1\AWS\WEATHE~1\BCNT.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{636C9EED-136E-4ABE-9FBC-ECFC341E31BF}: NameServer = 208.137.128.8 208.137.128.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Edited by dozinslosh, 05 April 2008 - 07:44 PM.

    Advertisements

Register to Remove


#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 09 April 2008 - 12:04 PM

Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


#3 dozinslosh

dozinslosh

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 10 April 2008 - 05:09 PM

Hello, and thank you for your reply. Here is the Kaspersky Log: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, April 10, 2008 5:46:57 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 10/04/2008 Kaspersky Anti-Virus database records: 696282 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 89154 Number of viruses found: 4 Number of infected objects: 7 Number of suspicious objects: 0 Duration of the scan process: 01:18:15 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\AVG7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped C:\Program Files\Screensavers.com\SSSInstaller\bin\screensavers.exe Infected: not-a-virus:AdWare.Win32.Comet.bl skipped C:\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe/data0002 Infected: not-a-virus:AdWare.Win32.Comet.bl skipped C:\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe NSIS: infected - 1 skipped C:\Program Files\Screensavers.com\SSSInstaller\bin\SSSInstaller.dll Infected: not-a-virus:AdWare.Win32.Comet.bl skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP10\change.log Object is locked skipped C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP8\A0000591.EXE Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. ************************************************************** ************************************************************** I tried 4 times to run Deckard's System Scanner. Each time it would appear to be almost finished, then I would get an error message: dss.exe has encountered a problem and needs to close. We are sorry for the inconvenience. Thanks...Will be awaiting further instructions.

#4 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 10 April 2008 - 05:18 PM

Do this then

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - App Paths, Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

#5 dozinslosh

dozinslosh

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 13 April 2008 - 05:07 PM

Okay, the OT Scan Text FIle is attached. Thanks!

Attached Files



#6 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 14 April 2008 - 09:51 AM

Sorry, can I get you to run DSS agian but in Safe Mode

#7 dozinslosh

dozinslosh

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 15 April 2008 - 05:01 PM

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-15 17:52:38
Computer is in Safe Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
13: 2008-04-15 19:47:27 UTC - RP13 - System Checkpoint
12: 2008-04-12 01:07:30 UTC - RP12 - System Checkpoint
11: 2008-04-10 22:53:59 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2008-04-10 19:42:07 UTC - RP10 - System Checkpoint
9: 2008-04-06 00:53:43 UTC - RP9 - System Checkpoint


-- First Restore Point --
1: 2008-03-30 01:55:42 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-15 17:53:11
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...ast?query=39648
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PlayCenter2] "C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBLive\PlayCenter2" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [PlayCenter2] "C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBLive\PlayCenter2" (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.micr...D0C/wmv9dmo.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


--
End of file - 5737 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-29 20:58:13 300 --a------ C:\WINDOWS\Tasks\easy Internet sign-up.job
2008-03-29 19:53:18 390 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1206837060.job


-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Freedom
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-04-15 17:47:51 0 dra------ C:\Documents and Settings\Administrator\Favorites
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-15 17:47:51 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-15 17:47:51 0 drah----- C:\Documents and Settings\Administrator\Application Data
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Motive
2008-04-15 17:47:51 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-15 17:47:48 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-15 17:47:48 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-15 17:47:48 0 dra------ C:\Documents and Settings\Administrator\Start Menu
2008-04-15 17:47:48 0 drah----- C:\Documents and Settings\Administrator\SendTo
2008-04-15 17:47:48 0 drah----- C:\Documents and Settings\Administrator\Recent
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-15 17:47:48 0 dra------ C:\Documents and Settings\Administrator\My Documents
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-15 17:47:47 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-10 13:53:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-10 13:53:36 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-04-03 20:19:48 0 d-------- C:\Documents and Settings\Owner\Application Data\WeatherBug
2008-04-03 20:19:23 0 d-------- C:\Program Files\MyWebSearchWB
2008-04-01 20:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 20:57:29 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-03-29 20:55:51 288 --a------ C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
2008-03-29 20:55:51 288 --a------ C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
2008-03-29 20:51:49 26768 -----n--- C:\WINDOWS\System32\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-03-29 20:51:49 53552 -----n--- C:\WINDOWS\CTCCW.DLL <Not Verified; CreativeŽ Technology Ltd.; Custom Control for Windows>
2008-03-29 20:51:05 0 d-------- C:\Media
2008-03-29 20:51:04 54784 -----n--- C:\WINDOWS\System32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-03-29 20:51:00 25088 --a------ C:\WINDOWS\System32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-03-29 20:51:00 44032 --a------ C:\WINDOWS\System32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-03-29 20:45:52 0 d---s---- C:\Documents and Settings\Default User\UserData
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\MSN6
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Motive
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Lavasoft
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Help
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Freedom
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Corel
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\AVG7
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\ArcSoft
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\AdobeUM
2008-03-29 19:29:54 23040 --a------ C:\WINDOWS\System32\irisco32.dll
2008-03-29 19:29:36 0 d-------- C:\Program Files\ReadIris
2008-03-29 18:22:10 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-29 18:19:03 7765 -----n--- C:\WINDOWS\hpomdl01.dat
2008-03-29 18:19:03 27807 -----n--- C:\WINDOWS\hpoins01.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-03 20:19:22 0 d-------- C:\Program Files\AWS
2008-04-03 20:17:02 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-03 19:01:16 0 d-------- C:\Program Files\Common Files
2008-03-31 11:32:52 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-29 20:51:15 0 d-------- C:\Program Files\Creative
2008-03-29 19:31:21 0 d-------- C:\Program Files\Windows NT
2008-03-29 19:31:16 0 d-------- C:\Program Files\Movie Maker
2008-03-29 19:31:16 0 d-------- C:\Program Files\Messenger
2008-03-29 19:29:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 18:16:55 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-03-28 19:20:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlockTracker"="c:\hp\bin\BlockTracker.exe" []
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 08:42 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/18/2002 02:11 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [07/07/2001 12:56 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 11:01 AM]
"AutoTBar"="C:\hp\bin\autotbar.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 12:42 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [06/14/2002 07:39 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/28/2008 07:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [04/07/2006 04:02 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/21/2002 01:08 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
"PlayCenter2"="C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBLive\PlayCenter2"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6/27/2002 2:20:58 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [6/27/2002 2:21:30 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 10:20:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]




-- End of Deckard's System Scanner: finished at 2008-04-15 17:54:01 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 511.48 MiB / 397.19 MiB
Pagefile Memory (total/avail): 1250.52 MiB / 1185.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.36 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 67.22 GiB total, 56.16 GiB free.
D: is Fixed (FAT32) - 7.31 GiB total, 2.57 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP8004H - 74.56 GiB - 2 partitions
\PARTITION0 - Unknown - 7.33 GiB - D:
\PARTITION1 (bootable) - Installable File System - 67.22 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-6JNHHU0520
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-6JNHHU0520
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor\services;C:\Program Files\Sonic\MyDVD;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=MINIMAL
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-6JNHHU0520
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
ArcSoft Software Suite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Betty Bad --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {A27EAF80-CBFC-4F56-94E1-929A401D7515}
Blackhawk Striker --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {5415BC25-6D6C-46C4-B34C-EA8470FE56D5}
Blasterball 2 --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {357ECB62-CD36-4B63-B57E-769D0CA174F4}
Blasterball Wild --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}
Creative Driver --> C:\WINDOWS\System32\ctdrvins /s /u /g
Dark Orbit --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {7841B68B-B7DD-408E-8B45-D5CA39608185}
Detto IntelliMover Demo --> MsiExec.exe /X{E62C706B-1352-4DCA-B4D4-81C24750B70F}
Disney's Lilo and Stitch Pinball --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {63272979-21F0-48EF-9B97-A83DBC05BE39}
easy Internet sign-up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\setup.exe" -l0x9
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
hp center --> C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
HP Digital Imaging Album Printing 1.0 --> MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet --> C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers --> MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}
HP Photo and Imaging 1.1 - Photosmart Cameras --> MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
hp psc 2200 series --> rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series
hp toolkit --> c:\Windows\HPTK\unhptkit.exe
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
IndeoŽ Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
Intel® 82845G Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
MarketBrowser --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35845E72-E34A-11D4-817D-005004D0F1FA}\Setup.exe" -uninst
Men in Black II CROSSFIRE Trial Version --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {3EA6838C-5C34-4F9C-A8DA-434D65DD1356}
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PigPen --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
Readiris 7.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
ShowBiz --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07295ABF-1245-415A-BE06-863271753443}\Setup.exe" -l0x9
Simple Backup for My Pictures --> MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Simple Installer - Multilanguage Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
Snowboard Extreme --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {753FE96B-D926-4B6C-BCFB-CC59153D004A}
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\Setup.exe" -l0x9 /nofinish
Space Rocks --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {9FA01E11-9015-4140-B10A-5C6AA949B2FC}
Virtual Warfare --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {4F0AE1FB-4082-4A27-8363-05D292D92FB0}
WeatherBug --> C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WeatherBug Browser Bar - powered by MyWebSearch --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\w6Bar.dll,O
WildTangent Channel Manager --> C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
WordPerfect Productivity Pack --> C:\WINDOWS\Corel\uninst32.exe
WordPerfect Productivity Pack --> c:\WINDOWS\Corel\Uninst32.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1492 / Error
Event Submitted/Written: 04/15/2008 05:51:52 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type1491 / Error
Event Submitted/Written: 04/15/2008 05:51:52 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type1490 / Error
Event Submitted/Written: 04/15/2008 05:47:40 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type1489 / Error
Event Submitted/Written: 04/15/2008 05:47:40 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type1285 / Error
Event Submitted/Written: 04/13/2008 03:32:10 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3007 / Error
Event Submitted/Written: 04/15/2008 05:53:23 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsW
Avg7RsXP
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip

Event Record #/Type3006 / Error
Event Submitted/Written: 04/15/2008 05:53:23 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type3005 / Error
Event Submitted/Written: 04/15/2008 05:53:23 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error:
%%31

Event Record #/Type3004 / Error
Event Submitted/Written: 04/15/2008 05:53:23 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Event Record #/Type3003 / Error
Event Submitted/Written: 04/15/2008 05:53:23 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-04-15 17:54:01 ------------

#8 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 17 April 2008 - 05:36 PM

Hello

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> AutoTBar -> %SystemDrive%\hp\bin\autotbar.exe [C:\hp\bin\autotbar.exe]
YN -> BlockTracker -> %SystemDrive%\hp\bin\BlockTracker.exe [c:\hp\bin\BlockTracker.exe]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearchWB\bar\1.bin\W6BAR.DLL [My Web Search Bar BHO]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearchWB\bar\1.bin\W6BAR.DLL [WeatherBug Browser Bar - powered by MyWebSearch]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YY -> {17A27031-71FC-11d4-815C-005004D0F1FA}:Exec -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser]
YN -> {c95fe080-8f5d-11d2-a20b-00aa003c157a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@shdoclc.dll,-866]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YY -> CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser]
YN -> CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] -> [@shdoclc.dll,-866]
YN -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YY -> CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YY -> CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2908572736-99931356-3806881469-1003\] > -> HKEY_USERS\S-1-5-21-2908572736-99931356-3806881469-1003\Software\Microsoft\Internet Explorer\Extensions\
YY -> CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser]
[Files/Folders - Created Within 90 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Then post a new DSS log

#9 dozinslosh

dozinslosh

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 21 April 2008 - 05:29 PM

Hi, Sorry it has taken so long...Ran OTS Fix...I'm still getting the same adware popup. Also, something is preventing me from activating windows firewall. Here is the text of the OTS Fix and another dss log. Thanks!

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AutoTBar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BlockTracker deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2}\ deleted successfully.
C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL unregistered successfully.
C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2}\ not found.
File C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{17A27031-71FC-11d4-815C-005004D0F1FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17A27031-71FC-11d4-815C-005004D0F1FA}\ not found.
C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17A27031-71FC-11d4-815C-005004D0F1FA}\ not found.
File C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17A27031-71FC-11d4-815C-005004D0F1FA}\ not found.
File C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17A27031-71FC-11d4-815C-005004D0F1FA}\ not found.
File C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy not found.
Registry value HKEY_USERS\S-1-5-21-2908572736-99931356-3806881469-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17A27031-71FC-11d4-815C-005004D0F1FA}\ not found.
File C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy not found.
[Files/Folders - Created Within 90 days]
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.9.0 fix logfile created on 04212008_181305


Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-21 18:28:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:28:44 PM, on 4/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\winamp.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\Computer Cleaning Stuff\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...ast?query=39648
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{636C9EED-136E-4ABE-9FBC-ECFC341E31BF}: NameServer = 208.137.128.8 208.137.128.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 18:04:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-04-19 11:56:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-19 11:55:55 0 d-------- C:\Program Files\Google
2008-04-18 21:03:58 63963 --a------ C:\WINDOWS\System32\egvur.exe
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Freedom
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-04-15 17:47:51 0 dra------ C:\Documents and Settings\Administrator\Favorites
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-15 17:47:51 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-15 17:47:51 0 drah----- C:\Documents and Settings\Administrator\Application Data
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Motive
2008-04-15 17:47:51 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-15 17:47:48 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-15 17:47:48 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-15 17:47:48 0 dra------ C:\Documents and Settings\Administrator\Start Menu
2008-04-15 17:47:48 0 drah----- C:\Documents and Settings\Administrator\SendTo
2008-04-15 17:47:48 0 drah----- C:\Documents and Settings\Administrator\Recent
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-15 17:47:48 0 dra------ C:\Documents and Settings\Administrator\My Documents
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-15 17:47:47 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-10 13:53:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-10 13:53:36 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-04-03 20:19:48 0 d-------- C:\Documents and Settings\Owner\Application Data\WeatherBug
2008-04-03 20:19:23 0 d-------- C:\Program Files\MyWebSearchWB
2008-04-01 20:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 20:57:29 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-03-29 20:55:51 288 --a------ C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
2008-03-29 20:55:51 288 --a------ C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
2008-03-29 20:51:49 26768 -----n--- C:\WINDOWS\System32\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-03-29 20:51:49 53552 -----n--- C:\WINDOWS\CTCCW.DLL <Not Verified; CreativeŽ Technology Ltd.; Custom Control for Windows>
2008-03-29 20:51:05 0 d-------- C:\Media
2008-03-29 20:51:04 54784 -----n--- C:\WINDOWS\System32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-03-29 20:51:00 25088 --a------ C:\WINDOWS\System32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-03-29 20:51:00 44032 --a------ C:\WINDOWS\System32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-03-29 20:45:52 0 d---s---- C:\Documents and Settings\Default User\UserData
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\MSN6
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Motive
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Lavasoft
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Help
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Freedom
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Corel
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\AVG7
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\ArcSoft
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\AdobeUM
2008-03-29 19:29:54 23040 --a------ C:\WINDOWS\System32\irisco32.dll
2008-03-29 19:29:36 0 d-------- C:\Program Files\ReadIris
2008-03-29 18:22:10 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-29 18:19:03 7765 -----n--- C:\WINDOWS\hpomdl01.dat
2008-03-29 18:19:03 27807 -----n--- C:\WINDOWS\hpoins01.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-20 20:16:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-03 20:19:22 0 d-------- C:\Program Files\AWS
2008-04-03 20:17:02 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-03 19:01:16 0 d-------- C:\Program Files\Common Files
2008-03-31 11:32:52 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-29 20:51:15 0 d-------- C:\Program Files\Creative
2008-03-29 19:31:21 0 d-------- C:\Program Files\Windows NT
2008-03-29 19:31:16 0 d-------- C:\Program Files\Movie Maker
2008-03-29 19:31:16 0 d-------- C:\Program Files\Messenger
2008-03-29 19:29:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 18:16:55 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-03-28 19:20:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 08:42 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/18/2002 02:11 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [07/07/2001 12:56 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 11:01 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 12:42 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [06/14/2002 07:39 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/28/2008 07:48 AM]
"Winamp Agent"="C:\WINDOWS\System32\winamp.exe" [08/29/2002 07:00 AM]
"Windows Logon Application"="C:\WINDOWS\System32\winIogon.exe" [08/29/2002 07:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [04/07/2006 04:02 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/21/2002 01:08 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/19/2008 11:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
"PlayCenter2"="C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBLive\PlayCenter2"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6/27/2002 2:20:58 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [6/27/2002 2:21:30 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 10:20:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]




-- End of Deckard's System Scanner: finished at 2008-04-21 18:29:10 ------------

#10 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 21 April 2008 - 05:53 PM

Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\System32\egvur.exe
    C:\Program Files\MyWebSearchWB
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Reboot and post a new DSS log and tell me how your PC is running

    Advertisements

Register to Remove


#11 dozinslosh

dozinslosh

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 24 April 2008 - 04:52 PM

Explorer killed successfully
File/Folder C:\WINDOWS\System32\egvur.exe not found.
C:\Program Files\MyWebSearchWB\bar\Settings moved successfully.
C:\Program Files\MyWebSearchWB\bar\History moved successfully.
C:\Program Files\MyWebSearchWB\bar\Cache moved successfully.
C:\Program Files\MyWebSearchWB\bar\1.bin moved successfully.
C:\Program Files\MyWebSearchWB\bar moved successfully.
C:\Program Files\MyWebSearchWB moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04242008_173455

**********************************
**********************************
I tried several times to run Kaspersky, but it would not succesfully update, so it would not scan.

**********************************
**********************************

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-24 17:43:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:43:11 PM, on 4/24/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\winamp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spooIsv.exe
C:\WINDOWS\System32\aufhzbnz.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Owner\Desktop\Computer Cleaning Stuff\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...ast?query=39648
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\aufhzbnz.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2008-04-24 12:16:48 9353 --a------ C:\WINDOWS\System32\ftpupd.exe
2008-04-24 09:44:25 34788 --a------ C:\WINDOWS\System32\uqhpd.exe
2008-04-23 18:28:16 34788 --a------ C:\WINDOWS\System32\xipv.exe
2008-04-23 18:28:15 23040 --a------ C:\WINDOWS\System32\aufhzbnz.exe
2008-04-23 18:26:11 53248 --a------ C:\WINDOWS\System32\xssbjkzl.exe
2008-04-23 18:26:08 34788 --a------ C:\WINDOWS\System32\ohhncqpz.exe
2008-04-21 18:04:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-04-19 11:56:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-19 11:55:55 0 d-------- C:\Program Files\Google
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Freedom
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-04-15 17:47:51 0 dra------ C:\Documents and Settings\Administrator\Favorites
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-15 17:47:51 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-15 17:47:51 0 drah----- C:\Documents and Settings\Administrator\Application Data
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Motive
2008-04-15 17:47:51 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-15 17:47:48 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-15 17:47:48 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-15 17:47:48 0 dra------ C:\Documents and Settings\Administrator\Start Menu
2008-04-15 17:47:48 0 drah----- C:\Documents and Settings\Administrator\SendTo
2008-04-15 17:47:48 0 drah----- C:\Documents and Settings\Administrator\Recent
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-15 17:47:48 0 dra------ C:\Documents and Settings\Administrator\My Documents
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-15 17:47:47 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-10 13:53:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-10 13:53:36 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-04-03 20:19:48 0 d-------- C:\Documents and Settings\Owner\Application Data\WeatherBug
2008-04-01 20:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 20:57:29 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-03-29 20:55:51 288 --a------ C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
2008-03-29 20:55:51 288 --a------ C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
2008-03-29 20:51:49 26768 -----n--- C:\WINDOWS\System32\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-03-29 20:51:49 53552 -----n--- C:\WINDOWS\CTCCW.DLL <Not Verified; CreativeŽ Technology Ltd.; Custom Control for Windows>
2008-03-29 20:51:05 0 d-------- C:\Media
2008-03-29 20:51:04 54784 -----n--- C:\WINDOWS\System32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-03-29 20:51:00 25088 --a------ C:\WINDOWS\System32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-03-29 20:51:00 44032 --a------ C:\WINDOWS\System32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-03-29 20:45:52 0 d---s---- C:\Documents and Settings\Default User\UserData
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\MSN6
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Motive
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Lavasoft
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Help
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Freedom
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Corel
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\AVG7
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\ArcSoft
2008-03-29 20:45:52 0 d-------- C:\Documents and Settings\Default User\Application Data\AdobeUM
2008-03-29 19:29:54 23040 --a------ C:\WINDOWS\System32\irisco32.dll
2008-03-29 19:29:36 0 d-------- C:\Program Files\ReadIris
2008-03-29 18:22:10 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-29 18:19:03 7765 -----n--- C:\WINDOWS\hpomdl01.dat
2008-03-29 18:19:03 27807 -----n--- C:\WINDOWS\hpoins01.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-20 20:16:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-03 20:19:22 0 d-------- C:\Program Files\AWS
2008-04-03 20:17:02 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-03 19:01:16 0 d-------- C:\Program Files\Common Files
2008-03-31 11:32:52 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-29 20:51:15 0 d-------- C:\Program Files\Creative
2008-03-29 19:31:21 0 d-------- C:\Program Files\Windows NT
2008-03-29 19:31:16 0 d-------- C:\Program Files\Movie Maker
2008-03-29 19:31:16 0 d-------- C:\Program Files\Messenger
2008-03-29 19:29:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 18:16:55 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-03-28 19:20:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 08:42 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/18/2002 02:11 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [07/07/2001 12:56 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 11:01 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 12:42 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [06/14/2002 07:39 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/28/2008 07:48 AM]
"Winamp Agent"="C:\WINDOWS\System32\winamp.exe" [08/29/2002 07:00 AM]
"Windows Logon Application"="C:\WINDOWS\System32\winIogon.exe" []
"Spooler SubSystem App"="C:\WINDOWS\System32\spooIsv.exe" [08/29/2002 07:00 AM]
"Advanced DHTML Enable"="C:\WINDOWS\System32\aufhzbnz.exe" [04/23/2008 06:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [04/07/2006 04:02 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/21/2002 01:08 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/19/2008 11:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
"PlayCenter2"="C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBLive\PlayCenter2"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6/27/2002 2:20:58 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [6/27/2002 2:21:30 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 10:20:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]




-- End of Deckard's System Scanner: finished at 2008-04-24 17:44:10 ------------


Computer seems to be working a bit better.

Thanks! Will await further instructions.

#12 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 24 April 2008 - 05:05 PM

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\aufhzbnz.exe


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\System32\ftpupd.exe
    C:\WINDOWS\System32\uqhpd.exe
    C:\WINDOWS\System32\xipv.exe
    C:\WINDOWS\System32\aufhzbnz.exe
    C:\WINDOWS\System32\xssbjkzl.exe
    C:\WINDOWS\System32\ohhncqpz.exe
    C:\WINDOWS\System32\spooIsv.exe
    C:\WINDOWS\System32\winIogon.exe
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log

#13 dozinslosh

dozinslosh

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 28 April 2008 - 05:47 PM

I apologize for taking so long with this...it's difficult with the computer being at my mother-in-law's house...I will get back to this on Thursday...I appreciate your patience. Thanks!

#14 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 28 April 2008 - 07:00 PM

No problem Take your time

#15 dozinslosh

dozinslosh

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 01 May 2008 - 06:03 PM

Hello, still getting the "Critical system errors" popup and AVG is still catching around 20 virus threats every 10 minutes or so while online. I have been clicking on the Move to Virus Vault Option. Could this have to do with the firewall not working properly?
Thanks!

Explorer killed successfully
File/Folder C:\WINDOWS\System32\ftpupd.exe not found.
File/Folder C:\WINDOWS\System32\uqhpd.exe not found.
File/Folder C:\WINDOWS\System32\xipv.exe not found.
C:\WINDOWS\System32\aufhzbnz.exe moved successfully.
File/Folder C:\WINDOWS\System32\xssbjkzl.exe not found.
File/Folder C:\WINDOWS\System32\ohhncqpz.exe not found.
File/Folder C:\WINDOWS\System32\spooIsv.exe not found.
File/Folder C:\WINDOWS\System32\winIogon.exe not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05012008_184910


Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-01 18:54:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:54:17 PM, on 5/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\winamp.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Owner\Desktop\Computer Cleaning Stuff\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...ast?query=39648
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\icjvv.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-04-30 06:08:40 53248 --a------ C:\WINDOWS\System32\onuayeqd.exe
2008-04-30 06:08:39 27409 --a------ C:\WINDOWS\System32\wpsw.exe
2008-04-29 21:08:41 53248 --a------ C:\WINDOWS\System32\zweex.exe
2008-04-27 21:48:48 27409 --a------ C:\WINDOWS\System32\mzdymhy.exe
2008-04-27 21:48:48 53248 --a------ C:\WINDOWS\System32\diwdwdw.exe
2008-04-27 21:48:47 64840 --a------ C:\WINDOWS\System32\ousvxdc.exe
2008-04-27 20:02:58 104 --a------ C:\WINDOWS\System32\o
2008-04-27 19:29:11 27409 --a------ C:\WINDOWS\System32\zjmvb.exe
2008-04-27 19:29:08 53248 --a------ C:\WINDOWS\System32\ovhtzxz.exe
2008-04-27 19:29:05 27409 --a------ C:\WINDOWS\System32\wcxocjzc.exe
2008-04-27 19:29:05 64840 --a------ C:\WINDOWS\System32\hzlnqn.exe
2008-04-26 20:57:32 27409 --a------ C:\WINDOWS\System32\vlckt.exe
2008-04-26 20:57:23 64840 --a------ C:\WINDOWS\System32\wbjbdmh.exe
2008-04-26 20:57:21 23040 --a------ C:\WINDOWS\System32\xjyq.exe
2008-04-26 15:51:25 23040 --a------ C:\WINDOWS\System32\vncjepge.exe
2008-04-26 15:51:22 64840 --a------ C:\WINDOWS\System32\tmlprt.exe
2008-04-26 15:40:16 0 -ra------ C:\WINDOWS\System32\TFTP876
2008-04-26 14:25:11 27409 --a------ C:\WINDOWS\System32\wtapm.exe
2008-04-26 14:25:04 23040 --a------ C:\WINDOWS\System32\zbmy.exe
2008-04-26 14:25:04 27409 --a------ C:\WINDOWS\System32\qixjub.exe
2008-04-26 08:31:33 53248 --a------ C:\WINDOWS\System32\nxse.exe
2008-04-26 08:31:32 34788 --a------ C:\WINDOWS\System32\ubrppg.exe
2008-04-21 18:04:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-04-19 11:56:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-19 11:55:55 0 d-------- C:\Program Files\Google
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-15 17:47:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Freedom
2008-04-15 17:47:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-04-15 17:47:51 0 dra------ C:\Documents and Settings\Administrator\Favorites
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-15 17:47:51 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-15 17:47:51 0 drah----- C:\Documents and Settings\Administrator\Application Data
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-15 17:47:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Motive
2008-04-15 17:47:51 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-15 17:47:48 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-15 17:47:48 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-15 17:47:48 0 dra------ C:\Documents and Settings\Administrator\Start Menu
2008-04-15 17:47:48 0 drah----- C:\Documents and Settings\Administrator\SendTo
2008-04-15 17:47:48 0 drah----- C:\Documents and Settings\Administrator\Recent
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-15 17:47:48 0 dra------ C:\Documents and Settings\Administrator\My Documents
2008-04-15 17:47:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-15 17:47:47 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-10 13:53:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-10 13:53:36 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-04-03 20:19:48 0 d-------- C:\Documents and Settings\Owner\Application Data\WeatherBug
2008-04-01 20:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy


-- Find3M Report ---------------------------------------------------------------

2008-05-01 18:50:15 288 --a------ C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
2008-05-01 18:50:15 288 --a------ C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
2008-04-20 20:16:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-03 20:19:22 0 d-------- C:\Program Files\AWS
2008-04-03 20:17:02 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-03 19:01:16 0 d-------- C:\Program Files\Common Files
2008-03-31 11:32:52 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-29 20:51:15 0 d-------- C:\Program Files\Creative
2008-03-29 19:31:21 0 d-------- C:\Program Files\Windows NT
2008-03-29 19:31:16 0 d-------- C:\Program Files\Movie Maker
2008-03-29 19:31:16 0 d-------- C:\Program Files\Messenger
2008-03-29 19:29:56 0 d-------- C:\Program Files\ReadIris
2008-03-29 19:29:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 18:22:10 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-29 18:16:55 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-03-28 19:20:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 08:42 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/18/2002 02:11 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [07/07/2001 12:56 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 11:01 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 12:42 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [06/14/2002 07:39 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/28/2008 09:31 AM]
"Winamp Agent"="C:\WINDOWS\System32\winamp.exe" [08/29/2002 07:00 AM]
"Advanced DHTML Enable"="C:\WINDOWS\System32\icjvv.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [04/07/2006 04:02 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/21/2002 01:08 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/19/2008 11:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
"PlayCenter2"="C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBLive\PlayCenter2"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6/27/2002 2:20:58 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [6/27/2002 2:21:30 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 10:20:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]




-- End of Deckard's System Scanner: finished at 2008-05-01 18:55:09 ------------

Edited by dozinslosh, 01 May 2008 - 06:09 PM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users