Help!

Not sure if HJT will help or not... but...
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs RSS
Next:  ZEUS_GB's 2007 Game Awards  
Author Message
swmotors



Joined: Sep 10, 2004
Posts: 98
PostPosted: Sat Dec 29, 2007 5:41 pm    Post subject: Not sure if HJT will help or not... but...
I cannot add a picture to my desktop or change any settings on the desktop. Luckily it is a blank screen with a single color than something otherwise bad...

I'm posting my HJT log.. there is one thing i don't understand (O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
) and might be the problem.

Chris.. Rolling Eyes

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:39:24 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\dsnthser.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cli.../wuweb_
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/67...player/
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DoubleScreenService - Diamond Multimedia Systems, Inc - C:\WINDOWS\System32\dsnthser.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe

--
End of file - 4437 bytes
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 4868

Location: Brooklyn, NY
PostPosted: Sun Dec 30, 2007 2:13 pm    Post subject: Re: Not sure if HJT will help or not... but... [Login to view extended thread Info.]
Download Deckard's System Scanner at http://deckard.geekstogo.com/dss.exe to your Desktop.

- Close all applications and windows.
- Double-click on DSS.exe to run it, and follow the prompts.
- The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. In this case, it may be better to temporary disable your Antivirus.

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.
Back to top
AIM Address Yahoo Messenger
swmotors



Joined: Sep 10, 2004
Posts: 98
PostPosted: Tue Jan 01, 2008 7:37 pm    Post subject: [Login to view extended thread Info.]
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-01 19:30:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2008-01-02 00:30:30 UTC - RP917 - Deckard's System Scanner Restore Point
14: 2008-01-01 12:46:32 UTC - RP916 - System Checkpoint
13: 2007-12-31 08:01:39 UTC - RP915 - Software Distribution Service 3.0
12: 2007-12-31 05:25:02 UTC - RP914 - System Checkpoint
11: 2007-12-30 05:16:58 UTC - RP913 - System Checkpoint


-- First Restore Point --
1: 2007-12-23 20:59:45 UTC - RP903 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-01 19:34:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dsnthser.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comfortinn.com/ires/en-US/html/HotelInfo?hotel=NC342&si...Fnb.Ja$
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorMania...Initial
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/i263_32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cli.../wuweb_
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/PowerPoint2002/Install/10.0.260...IN98MeX
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/67...player/
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DoubleScreenService - Diamond Multimedia Systems, Inc - C:\WINDOWS\system32\dsnthser.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe


--
End of file - 6903 bytes

-- HijackThis Fixed Entries (C:\Program Files\HJT\backups\) --------------------

backup-20071226-211042-264 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
backup-20071226-211042-334 O24 - Desktop Component 0: (no name) - http://mail.charter.net/images/portal/mail_mid_left_blue.gif?l=en-US&a...v=chart
backup-20071226-211042-349 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20071226-211042-411 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128YYUS
backup-20071226-211042-432 F3 - REG:win.ini: run=???
backup-20071226-211042-458 O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
backup-20071226-211042-516 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
backup-20071226-211042-567 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071226-211042-609 F3 - REG:win.ini: load=???
backup-20071226-211042-653 O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
backup-20071226-211042-699 F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
backup-20071226-211042-721 O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} - (no file)
backup-20071226-211042-849 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
backup-20071226-211042-869 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20071226-211042-898 O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
backup-20071226-211042-928 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20071226-211042-967 O3 - Toolbar: (no name) - {3A8F16B6-356B-4CF4-A069-BD3A7B27639C} - (no file)
backup-20071226-211042-981 O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
backup-20071226-212512-173 O4 - HKLM\..\Run: [o3tX35P] hliext35.exe
backup-20071226-212512-276 O4 - HKCU\..\Run: [Z027RRj8e] hot101b.exe
backup-20071226-212512-496 O4 - HKLM\..\Run: [MaxInst] MaxInst
backup-20071226-212512-888 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20071226-212513-901 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyIniti...etup1.0

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys (file missing)
S0 IFP300 (iRiver Internet Audio Player IFP-300) - c:\windows\system32\drivers\ifp300.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys (file missing)
S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys (file missing)
S3 BrScnUsb (Brother USB Still Image driver) - c:\windows\system32\drivers\brscnusb.sys <Not Verified; Brother Industries Ltd.; Brother MFC Scanner>
S3 BrSerIf (Brother MFC Serial Port Interface WDM Driver) - c:\windows\system32\drivers\brserif.sys <Not Verified; Brother Industries Ltd.; Windows (R) Server 2003 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys (file missing)
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys (file missing)
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys (file missing)
S3 CA500AV (LV-10 WDM Video Capture) - c:\windows\system32\drivers\lv10av.sys (file missing)
S3 FireGL1 - c:\windows\system32\drivers\firegl1m.sys <Not Verified; Diamond Multimedia Systems, Inc.; Fire GL1>
S3 ovt519 (VGA USB Camera) - c:\windows\system32\drivers\ov519vid.sys (file missing)
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys (file missing)
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DoubleScreenService - c:\windows\system32\dsnthser.exe <Not Verified; Diamond Multimedia Systems, Inc; Fire GL1 MultiScreen Service>
R2 SDPASVC (SDPAUMS server service) - c:\windows\system32\sdpasvc.exe -service <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com 3C918 Integrated Fast Ethernet Controller (3C905B-TX Compatible)
Device ID: PCI\VEN_10B7&DEV_9055&SUBSYS_00801028&REV_00\3&61AAA01&0&88
Manufacturer: 3Com
Name: 3Com 3C918 Integrated Fast Ethernet Controller (3C905B-TX Compatible)
PNP Device ID: PCI\VEN_10B7&DEV_9055&SUBSYS_00801028&REV_00\3&61AAA01&0&88
Service: EL90XBC


-- Files created between 2007-12-01 and 2008-01-01 -----------------------------

2008-01-01 19:24:15 381012 --a------ C:\Program Files\Uninstall Fun Web Products.dll <Not Verified; MyWebSearch.com; My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients>
2007-12-30 09:55:23 0 d-a------ C:\Program Files\MyWebSearch
2007-12-29 17:44:59 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-12-26 20:42:01 0 d-------- C:\Program Files\HJT
2007-12-25 09:32:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-12-25 09:30:20 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 09:28:34 0 d-------- C:\Program Files\Common Files\Apple
2007-12-25 09:28:32 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-24 13:41:24 0 d-------- C:\Program Files\Temporary
2007-12-24 13:37:48 13824 --a------ C:\WINDOWS\system32\max1d11643v.exe
2007-12-24 13:37:23 1177452 --a------ C:\Documents and Settings\Owner\Application Data\Install.dat
2007-12-24 13:37:19 18 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe
2007-12-24 07:03:02 53760 --a------ C:\WINDOWS\b122.exe
2007-12-21 17:58:41 0 d-------- C:\Program Files\MySpace
2007-12-21 17:24:26 0 d-------- C:\Documents and Settings\Owner\Contacts
2007-12-21 16:15:19 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-21 16:08:23 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-21 16:05:34 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-21 15:38:56 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-21 15:38:44 0 d-------- C:\Program Files\Windows Live
2007-12-21 15:38:24 0 d------c- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-17 15:38:01 0 d-------- C:\Program Files\EZAutomation
2007-12-03 19:51:37 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-01-01 08:00:10 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-26 20:42:14 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-12-25 09:28:34 0 d-------- C:\Program Files\Common Files
2007-11-24 20:02:13 0 d-------- C:\Program Files\DivX
2007-11-24 19:57:00 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-01 17:30:12 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-19 19:06:54 22416 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-10-16 20:03:30 6 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini
2007-10-16 20:03:30 882 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2007-10-13 20:23:10 0 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [03/18/2002 06:00 AM]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [07/08/2003 02:00 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/28/2007 08:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 04:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"MyWebSearch bar Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)
"Wallpaper"=C:\WINDOWS\desktop.html

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1 (0x1)
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
? ??????????????????????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
? ??????????????????????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-01-01 19:36:23 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 447.54 MiB / 146.6 MiB
Pagefile Memory (total/avail): 770.13 MiB / 462.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.56 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 7.32 GiB total, 1.25 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 1.14 GiB total, 1.13 GiB free.

\\.\PHYSICALDRIVE1 - COMPAQ ST19171W SCSI Disk Device - 8.47 GiB - 2 partitions
\PARTITION0 - Unknown - 7.81 MiB
\PARTITION1 - MS-DOS V4 Huge - 8.46 GiB

\\.\PHYSICALDRIVE0 - FUJITSU MAG3091MP SCSI Disk Device - 8.47 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 7.32 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 1168.79 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"F:\\utorrent150.exe"="F:\\utorrent150.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\disnisa.exe"="C:\\WINDOWS\\disnisa.exe:*:Enabled:enable"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL-QGJUH6R4X3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\DELL-QGJUH6R4X3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=DELL-QGJUH6R4X3
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\UninstIPP.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
HijackThis 2.0.0 --> "C:\Program Files\HJT\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x9
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7557 / Error
Event Submitted/Written: 12/29/2007 01:00:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x62911878.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7556 / Error
Event Submitted/Written: 12/29/2007 00:59:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x62911878.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7555 / Error
Event Submitted/Written: 12/29/2007 00:33:12 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x62911878.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7554 / Error
Event Submitted/Written: 12/29/2007 08:46:41 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7553 / Error
Event Submitted/Written: 12/29/2007 08:46:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15593 / Error
Event Submitted/Written: 01/01/2008 07:35:17 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type15592 / Warning
Event Submitted/Written: 01/01/2008 07:28:29 PM
Event ID/Source: 3 / Print
Event Description:
Printer Auto HP DeskJet 1220C on ACER-684C9A655D was deleted.

Event Record #/Type15591 / Warning
Event Submitted/Written: 01/01/2008 07:28:26 PM
Event ID/Source: 4 / Print
Event Description:
Printer Auto HP DeskJet 1220C on ACER-684C9A655D is pending deletion.

Event Record #/Type15590 / Warning
Event Submitted/Written: 01/01/2008 07:28:23 PM
Event ID/Source: 3 / Print
Event Description:
Printer Epson Stylus COLOR 740 ESC/P 2 (Copy 1) was deleted.

Event Record #/Type15589 / Warning
Event Submitted/Written: 01/01/2008 07:28:20 PM
Event ID/Source: 4 / Print
Event Description:
Printer Epson Stylus COLOR 740 ESC/P 2 (Copy 1) is pending deletion.



-- End of Deckard's System Scanner: finished at 2008-01-01 19:36:23 ------------
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 4868

Location: Brooklyn, NY
PostPosted: Wed Jan 02, 2008 9:39 pm    Post subject: [Login to view extended thread Info.]
Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"MyWebSearch bar Uninstall"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0
"Wallpaper"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=0

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Uninstall MyWebSearch, FunWebProducts and SpyShredder via the Add/Remove programs panel if found.

Delete these if found:

C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
C:\Program Files\SpyShredder\
hliext35.exe
hot101b.exe
MaxInst
C:\Program Files\Uninstall Fun Web Products.dll
C:\Program Files\MyWebSearch
C:\WINDOWS\system32\max1d11643v.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\desktop.html
C:\WINDOWS\disnisa.exe

Restart and run DSS again. Post the logs here along with a new HijackThis log and a progress report. You should be able to change the background now.
Back to top
AIM Address Yahoo Messenger
swmotors



Joined: Sep 10, 2004
Posts: 98
PostPosted: Sun Feb 24, 2008 5:48 pm    Post subject: Update [Login to view extended thread Info.]
Desktop function is fine.. here is the latest HJT and DSS logs

Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-24 17:43:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:25 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\dsnthser.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
E:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comfortinn.com/ires/en-US/html/HotelInfo?hotel=NC342&si...Fnb.Ja$
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cli.../wuweb_
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/67...player/
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DoubleScreenService - Diamond Multimedia Systems, Inc - C:\WINDOWS\System32\dsnthser.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe

--
End of file - 4796 bytes

-- Files created between 2008-01-24 and 2008-02-24 -----------------------------

2008-02-19 15:26:55 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-02-13 21:00:47 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-13 21:00:06 0 d-------- C:\Program Files\Messenger
2008-02-12 23:00:50 0 d------c- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-06 16:25:58 0 d-------- C:\Program Files\WinBudget


-- Find3M Report ---------------------------------------------------------------

2008-02-24 17:07:22 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-02-24 08:00:10 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-23 21:19:45 22416 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-02-13 22:55:16 0 d-------- C:\Program Files\CCleaner
2008-02-03 10:39:07 1069 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2008-01-22 19:53:57 0 d-------- C:\Program Files\dizzler
2008-01-22 18:53:16 0 d-------- C:\Program Files\Common Files
2008-01-22 18:53:16 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-01-19 15:44:11 0 d-------- C:\Program Files\DivX
2008-01-19 15:34:18 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-05 16:17:18 0 d-------- C:\Program Files\Trend Micro
2008-01-05 15:56:53 0 d-------- C:\Program Files\HJT
2008-01-04 16:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 16:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 16:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 16:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 16:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-01 19:30:06 0 d------c- C:\Program Files\Deckard
2007-12-25 09:32:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-12-25 09:28:34 0 d-------- C:\Program Files\Common Files\Apple
2007-12-24 13:37:32 1177452 --a------ C:\Documents and Settings\Owner\Application Data\Install.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/12/2008 11:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1 (0x1)
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
? ??????????????????????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
? ??????????????????????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d268388f-b41c-11dc-becd-000d8867620a}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-02-24 17:44:09 ------------
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 4868

Location: Brooklyn, NY
PostPosted: Sun Mar 30, 2008 9:37 pm    Post subject: Re: Update [Login to view extended thread Info.]
Hi, sorry for the huge delay. I haven't been to this forum for a while...

Do you still need help in this issue? If so, please post the new logs (run the scans again).
Back to top
AIM Address Yahoo Messenger
swmotors



Joined: Sep 10, 2004
Posts: 98
PostPosted: Sat Jun 21, 2008 12:15 pm    Post subject: [Login to view extended thread Info.]
AOK here Smile

Chris...
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum