Member Panel

HyeVltg3 · 01:47 AM

---From thread at: http://www.pchelpforum.com/internet-...ng-google.html---

Ok, I'm a bit confused, It says to post the HiJackthis log in the specific thread...but.....

Also another issue I've noticed...but this happened after my Brother got ZoneAlarm, because he thought it was a virus issue (unless he is right) either way, when he first ran a scan Zonealarm froze on a certain .dll file in system32 and ZA just stayed there frozen.....and ever since then..the computer has been acting like the RAM is being overly-used by something else....like right now the typing is..stuttering...like something is using up my precious RAM.

Here they are:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:24 PM, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Advertising Your Business with Yahoo! Search Marketing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Advertising Your Business with Yahoo! Search Marketing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.mg2.mail.yahoo.com/dc/laun...=8r5edket2ne27
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Advertising Your Business with Yahoo! Search Marketing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Advertising Your Business with Yahoo! Search Marketing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31} - C:\WINDOWS\system32\efcYsPiF.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95872C65-34FA-47D8-9B79-EA20197A012C} - C:\WINDOWS\system32\ddcDvwXo.dll
O2 - BHO: {a81b4fdc-7b2b-abc8-4c44-264f8d44b10b} - {b01b44d8-f462-44c4-8cba-b2b7cdf4b18a} - C:\WINDOWS\system32\hsogtjux.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [984e45ff] rundll32.exe "C:\WINDOWS\system32\tgramlks.dll",b
O4 - HKLM\..\Run: [BM9b7d7663] Rundll32.exe "C:\WINDOWS\system32\tjdcjjct.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: efcYsPiF - efcYsPiF.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9108 bytes
========================================

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-02 22:30:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; the call timed out due to a wait on a mutex for setting restore points.

-- Last 5 Restore Point(s) --
106: 2008-06-01 20:21:47 UTC - RP154 - Printer Driver PaperlessPrinter Installed
105: 2008-05-31 23:03:52 UTC - RP153 - Removed BitDefender Internet Security 2008
104: 2008-05-31 23:02:18 UTC - RP152 - Installed AVG 7.5
103: 2008-05-31 23:00:20 UTC - RP151 - Removed AVG 7.5
102: 2008-05-31 08:33:01 UTC - RP150 - Last known good configuration

-- First Restore Point --
1: 2008-05-31 08:30:42 UTC - RP27 - Installed Windows XP Wudf01000.

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:24 PM, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Advertising Your Business with Yahoo! Search Marketing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Advertising Your Business with Yahoo! Search Marketing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.mg2.mail.yahoo.com/dc/laun...=8r5edket2ne27
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Advertising Your Business with Yahoo! Search Marketing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Advertising Your Business with Yahoo! Search Marketing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31} - C:\WINDOWS\system32\efcYsPiF.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95872C65-34FA-47D8-9B79-EA20197A012C} - C:\WINDOWS\system32\ddcDvwXo.dll
O2 - BHO: {a81b4fdc-7b2b-abc8-4c44-264f8d44b10b} - {b01b44d8-f462-44c4-8cba-b2b7cdf4b18a} - C:\WINDOWS\system32\hsogtjux.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [984e45ff] rundll32.exe "C:\WINDOWS\system32\tgramlks.dll",b
O4 - HKLM\..\Run: [BM9b7d7663] Rundll32.exe "C:\WINDOWS\system32\tjdcjjct.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: efcYsPiF - efcYsPiF.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9108 bytes
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Files created between 2008-05-02 and 2008-06-02 -----------------------------
2008-06-02 16:40:24 115200 --a------ C:\WINDOWS\system32\tgramlks.dll
2008-06-02 16:38:44 133120 --a------ C:\WINDOWS\system32\hsogtjux.dll
2008-06-02 16:37:27 125952 --a------ C:\WINDOWS\system32\tjdcjjct.dll
2008-06-01 22:48:45 0 d-------- C:\Documents and Settings\Owner\Application Data\MailFrontier
2008-06-01 22:41:28 433696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 22:34:55 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-01 22:34:44 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-01 22:34:27 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-01 22:33:19 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-01 22:31:35 0 d-------- C:\WINDOWS\Internet Logs
2008-06-01 16:44:46 132096 --a------ C:\WINDOWS\system32\ipaikvhc.dll
2008-06-01 16:20:47 0 d-------- C:\Program Files\RareFind
2008-06-01 00:17:54 0 d-------- C:\Program Files\a-squared Free
2008-05-31 22:48:03 59392 --a------ C:\WINDOWS\system32\mlJCTLfe.dll
2008-05-31 19:02:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-31 16:38:51 132096 --a------ C:\WINDOWS\system32\dlauwwsu.dll
2008-05-31 16:35:13 126464 --a------ C:\WINDOWS\system32\xufbtoax.dll
2008-05-31 04:34:06 114176 --a------ C:\WINDOWS\system32\apisakls.dll
2008-05-31 04:30:22 460641 --ahs---- C:\WINDOWS\system32\oXwvDcdd.ini2
2008-05-31 04:30:12 373248 --a------ C:\WINDOWS\system32\ddcDvwXo.dll
2008-05-31 04:25:58 59392 --a------ C:\WINDOWS\system32\yaywtUkh.dll
2008-05-30 01:56:15 120499 --a------ C:\WINDOWS\File Renamer - Basic Uninstaller.exe
2008-05-30 01:55:52 0 d-------- C:\Program Files\File Renamer
2008-05-27 23:18:37 0 d-------- C:\Program Files\Avidemux 2.4
2008-05-27 23:03:52 408576 --a------ C:\WINDOWS\system32\Smab.dll
2008-05-27 23:03:49 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-05-27 23:03:48 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-05-27 23:03:45 217073 --a------ C:\WINDOWS\meta4.exe
2008-05-27 23:03:21 27648 --ahs---- C:\WINDOWS\system32\Smab0.dll
2008-05-27 23:03:20 31232 -rahs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-05-27 23:03:19 163328 -rahs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-05-27 23:02:53 0 d-------- C:\Program Files\eRightSoft
2008-05-27 22:52:09 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-27 22:51:23 0 d-------- C:\Program Files\Riva
2008-05-27 22:29:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Eltima Software
2008-05-26 02:28:04 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRight
2008-05-26 02:26:27 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-05-16 23:27:37 0 d-------- C:\Program Files\Winamp
2008-05-16 23:27:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-14 13:24:28 0 d-------- C:\Program Files\ImTOO
2008-05-10 15:36:55 0 d-------- C:\Syncdrop 0.5
2008-05-10 14:08:51 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-05-09 08:29:57 0 d-------- C:\Program Files\VSTplugins
2008-05-09 08:29:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Publish Providers
2008-05-09 08:24:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony
2008-05-09 08:22:10 0 d-------- C:\Program Files\Sony
2008-05-09 08:21:01 0 d-------- C:\Program Files\Sony Setup
2008-05-09 07:55:15 0 d-------- C:\Program Files\BitPim
2008-05-08 12:07:03 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 02:52:55 0 d-------- C:\Program Files\OGM to AVI
2008-05-06 12:24:48 0 d-------- C:\Program Files\AbleMP3
2008-05-04 03:23:06 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-04 02:38:44 0 d-------- C:\Program Files\Photodex Presenter
2008-05-04 02:38:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2008-05-04 02:37:04 0 d-------- C:\Program Files\Photodex
2008-05-04 02:33:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Photodex
2008-05-02 20:15:00 0 d-------- C:\Documents and Settings\Owner\Application Data\River Past G5
2008-05-02 20:14:59 0 d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-05-02 20:14:58 0 d-------- C:\Program Files\Common Files\River Past
2008-05-02 13:11:54 0 d-------- C:\Program Files\X-Projects
2008-05-02 05:32:09 0 d-------- C:\TubeTilla
2008-05-02 05:25:14 0 d-------- C:\videooutput
2008-05-02 05:25:07 383238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-05-02 05:25:07 3086336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-05-02 05:25:06 3086336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-05-02 05:25:06 0 d-------- C:\Program Files\Smallvideosoft

-- Find3M Report ---------------------------------------------------------------
2008-05-31 01:57:43 0 d-------- C:\Program Files\Zoom Player
2008-05-28 04:11:43 0 d-------- C:\Program Files\Batch Image Resizer
2008-05-27 23:21:56 0 d-------- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-05-27 23:02:13 0 d-------- C:\Program Files\Common Files
2008-05-08 12:13:05 0 d-------- C:\Program Files\Xilisoft
2008-05-04 02:38:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-28 17:53:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-28 14:41:10 540 --a------ C:\Documents and Settings\Owner\Application Data\AutoGK.ini
2008-04-28 14:34:33 43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-04-28 14:34:06 0 d-------- C:\Program Files\AviSynth 2.5
2008-04-28 14:33:43 0 d-------- C:\Program Files\Gabest
2008-04-23 23:54:52 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-17 03:19:50 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-04-17 03:17:35 0 d-------- C:\Program Files\VideoLAN
2008-04-16 18:33:26 0 d-------- C:\Program Files\GPSdash2
2008-04-15 13:48:48 0 d-------- C:\Program Files\Winnydows
2008-04-13 20:12:09 0 d-------- C:\Program Files\Common Files\Logishrd
2008-04-08 19:53:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-08 19:44:40 1690 --a------ C:\WINDOWS\mozver.dat
2008-04-07 21:58:15 0 d-------- C:\Program Files\DirectVobSub
2008-04-07 21:57:34 0 d-------- C:\Program Files\DSP-worx
2008-04-07 21:40:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-04 00:50:07 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-03-06 19:13:24 20992 --a------ C:\WINDOWS\jestertb.dll
2008-03-05 04:16:58 2528 --a------ C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
2008-03-04 17:19:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-04 17:16:00 0 --a------ C:\WINDOWS\ativpsrm.bin

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31}]
C:\WINDOWS\system32\efcYsPiF.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95872C65-34FA-47D8-9B79-EA20197A012C}]
31/05/2008 04:30 AM 373248 --a------ C:\WINDOWS\system32\ddcDvwXo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b01b44d8-f462-44c4-8cba-b2b7cdf4b18a}]
02/06/2008 04:38 PM 133120 --a------ C:\WINDOWS\system32\hsogtjux.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 07:04 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [19/12/2001 02:39 AM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [15/05/2002 06:29 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [15/05/2002 06:20 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [14/06/2002 07:39 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 03:56 AM C:\WINDOWS\system32\bthprops.cpl]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 11:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 11:13 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [04/08/2004 01:32 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [04/08/2004 01:32 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [04/08/2004 01:31 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29/11/2007 02:17 AM C:\WINDOWS\KHALMNPR.Exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [04/08/2004 01:31 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47 AM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 04:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [05/03/2008 05:26 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"ATIPTA"="atiptaxx.exe" [21/06/2002 08:17 PM C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 05:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"984e45ff"="C:\WINDOWS\system32\tgramlks.dll" [02/06/2008 04:40 PM]
"BM9b7d7663"="C:\WINDOWS\system32\tjdcjjct.dll " [02/06/2008 04:37 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 03:56 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 01:39 PM]
"RamBooster"="C:\Program Files\RamBooster 2.0\Rambooster.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce]
"FlashPlayerUpdate"=C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 9:24:54 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [27/03/2008 10:37:49 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31}"= C:\WINDOWS\system32\efcYsPiF.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYsPiF]
efcYsPiF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 09/01/2008 12:30 PM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcDvwXo
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan
bthsvcs BthServ

-- End of Deckard's System Scanner: finished at 2008-06-02 23:25:49 ------------
=======================================
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.53GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 511.48 MiB / 172.39 MiB
Pagefile Memory (total/avail): 1250.62 MiB / 575.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.39 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 71.3 GiB total, 47.06 GiB free.
D: is Fixed (FAT32) - 7.85 GiB total, 7.85 GiB free.
E: is Fixed (FAT32) - 5.02 GiB total, 0.78 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 4R080L0 - 76.33 GiB - 2 partitions
\PARTITION0 - Unknown - 5.03 GiB - E:
\PARTITION1 (bootable) - Installable File System - 71.3 GiB - C:
\\.\PHYSICALDRIVE1 - SAMSUNG SV0844D - 7.87 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 7.87 GiB - D:

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Bitdefender Firewall v8.0 (BitDefender) Disabled
FW: ZoneAlarm Security Suite Firewall v7.0.470.000 (Check Point, LTD.) Disabled
AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled
AV: ZoneAlarm Security Suite Antivirus v7.0.470.000 (Check Point, LTD.)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BASEMENT_COMP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\BASEMENT_COMP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;c:\Python22;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=BASEMENT_COMP
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------
Owner (admin)

-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.5 --> "C:\Program Files\a-squared Free\unins000.exe"
Able MP3 OGG to WAV converter 1.00 --> "C:\Program Files\AbleMP3\Uninstall.exe" "C:\Program Files\AbleMP3\install.log" -u
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Allok Video to MP4 Converter 4.2.0709 --> "C:\Program Files\Allok Video to MP4 Converter\unins000.exe"
Allok Video to PSP Converter 4.7.1202 --> "C:\Program Files\Allok Video to PSP Converter\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
Avidemux 2.4 --> C:\Program Files\Avidemux 2.4\uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Batch Image Resizer 2.88 --> "C:\Program Files\Batch Image Resizer\unins000.exe"
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
BitPim 1.0.5 --> "C:\Program Files\BitPim\unins000.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\ffdshow\unins000.exe"
File Renamer - Basic --> C:\WINDOWS\File Renamer - Basic Uninstaller.exe
Freez FLV to AVI/MPEG/WMV Converter --> "C:\Program Files\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
GPSdash2 (remove only) --> "C:\Program Files\GPSdash2\uninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) 845G Chipset Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
MediaMonkey 3.0 --> "C:\Program Files\MediaMonkey\unins000.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
OGM to AVI Beta .6 --> "C:\Program Files\OGM to AVI\unins000.exe"
Pandora's GUI --> MsiExec.exe /X{B63FAB20-EA87-4C20-AA28-32DC973D5751}
PaperlessPrinter version 3.0 --> "C:\Program Files\RareFind\PaperlessPrinter\unins000.exe"
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealMedia (remove only) --> "C:\Program Files\RealMedia\uninstall.exe"
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe"
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SHOUTcast Source (remove only) --> "C:\Program Files\SHOUTcast Source\uninstall.exe"
Sony Sound Forge Audio Studio 9.0 --> MsiExec.exe /X{C5C66EEE-7A05-4B11-A0B9-524F917BCE25}
SUPER © Version 2008.bld.30 (Mar 22, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Windows Mobile Feb. 2008 DST Updates --> MsiExec.exe /X{1E56D5CB-0A76-4290-A998-1EAB8A5F2092}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
XviD4PSP 5.0 --> C:\Program Files\Winnydows\XviD4PSP5\Uninstall.exe
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"

-- Application Event Log -------------------------------------------------------
Event Record #/Type8464 / Error
Event Submitted/Written: 06/01/2008 08:37:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application setpoint.exe, version 4.40.88.0, faulting module unknown, version 0.0.0.0, fault address 0x42cf2f35.
Processing media-specific event for [setpoint.exe!ws!]
Event Record #/Type8461 / Success
Event Submitted/Written: 06/01/2008 06:01:06 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type8437 / Success
Event Submitted/Written: 05/31/2008 09:59:33 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type8412 / Success
Event Submitted/Written: 05/30/2008 09:22:07 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type8400 / Error
Event Submitted/Written: 05/29/2008 03:04:04 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.3.1938, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [winamp.exe!ws!]

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type13583 / Error
Event Submitted/Written: 06/02/2008 05:41:41 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the service.
Event Record #/Type13582 / Error
Event Submitted/Written: 06/02/2008 05:41:12 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the vsmon service.
Event Record #/Type13581 / Warning
Event Submitted/Written: 06/02/2008 04:57:19 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "DccMan"
Event Record #/Type13578 / Error
Event Submitted/Written: 06/02/2008 01:53:13 PM
Event ID/Source: 10261 / ati2mtag
Event Description:
Display is not active
Event Record #/Type13560 / Error
Event Submitted/Written: 06/02/2008 01:51:02 PM / 06/02/2008 01:51:32 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

-- End of Deckard's System Scanner: finished at 2008-06-02 23:25:49 ------------

Pancake

Its a Vundo infection.

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer and also those in the registry.
Please visit this webpage for download links, and instructions for running ComboFix
When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
=======================================
Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

HyeVltg3

Ok...a small...but bog problem, The page won't load....(for Combofix)....I know its not my internet connection....the site just hangs at "Waiting for response"

Pancake

Do the SDFix and then try Combo later...

HyeVltg3

Ok, here they are:
I made a reportcopy-maybe.txt because...sdfix said a report was copied to the clipboard and then it showed me the report...so i don't want to have missed anything so just in case I pasted the clipboard into another new text.

EDIT: YAY!!!!! thanks it all ok....google works...lol I know thats lame but its the only way I can test i

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud