View Full Version : Trojan.gen and killapp Having problems keeping Spybot running
stvnlo80
2009-04-09, 02:54
Neither my Spybot or AVG sees this stuff. Found it with the GeekSquad System Analyzer.
Here is my HJT file.
Thanks in advance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:48, on 4/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
C:\Program Files\AVG\AVG8\avgtray.exe
D:\Program Files\apdproxy.exe
C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Drivers Daily Log\DriversDailyLog.exe
C:\Users\owner\Desktop\SystemAnalyzer\SystemAnalyzer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Users\owner\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Steve's Browser
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Transflo Notify] C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EPSON WorkForce 600(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\Windows\TEMP\E_S5E57.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON644E31] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\Windows\TEMP\E_S695D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Desktop Manager.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{770BD83B-E6B2-4185-AC61-DA89A8D16983}: NameServer = 4.2.2.2,4.2.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Sprint Con App Svc (CASprint) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSCM Utility Service - Unknown owner - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\Windows\system32\SAgent4.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TRANSFLO Client Agent Service (TRANSFLOClientAgentService) - Pegasus TransTech Corp. - c:\program files\pegasus transtech\transflo now\transflo.client.agent.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11535 bytes
Hi there,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/us/languages/english/check.html?n=1225554235248)
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read the requirements and privacy statement then click on the Accept button.
The program will launch and start to download the latest definition files.
You will be prompted to install an application from Kaspersky. Click Run
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
Click on Save Report As....
Change the Files of type to Text file (.txt) before clicking on the Save button.
Save this report to a convenient place.
Copy and paste that information into your topic.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
stvnlo80
2009-04-11, 05:39
Thanks for the help!
Here are the DDS files.
Also, I tried to click on the Kapersky(sp) link and got a page with error 404 on it twice.
DDS (Ver_09-03-16.01) - NTFSx86
Run by owner at 22:32:50.46 on Fri 04/10/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.955 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SAgent4.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\program files\pegasus transtech\transflo now\transflo.client.agent.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTEKA.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\owner\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://cm.my.yahoo.com/
uWindow Title = Steve's Browser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPSON WorkForce 600(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatieka.exe /fu "c:\windows\temp\E_S5E57.tmp" /EF "HKCU"
uRun: [EPSON644E31] c:\windows\system32\spool\drivers\w32x86\3\e_fatieka.exe /fu "c:\windows\temp\E_S695D.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [Transflo Notify] c:\program files\pegasus transtech\transflo now\Transflo.Notify.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Desktop Manager.lnk.disabled
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {770BD83B-E6B2-4185-AC61-DA89A8D16983} = 4.2.2.2,4.2.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-26 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-5 107272]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;d:\program files\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-26 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-26 298264]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-8 1153368]
R2 TRANSFLOClientAgentService;TRANSFLO Client Agent Service;c:\program files\pegasus transtech\transflo now\Transflo.Client.Agent.exe [2008-2-19 122880]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-7-18 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2008-7-18 19968]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-6-19 124184]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [2008-5-20 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [2008-5-20 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [2008-5-20 52309]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-2-1 92160]
=============== Created Last 30 ================
2009-04-10 00:51 <DIR> --d----- c:\program files\Synaptics
2009-04-08 20:39 <DIR> --d----- c:\users\owner\appdata\roaming\Malwarebytes
2009-04-08 20:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-08 20:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 20:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-08 15:39 <DIR> --d----- c:\program files\Spybot - Search & Destroy(215)
2009-04-08 15:39 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-07 20:00 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-07 20:00 1,409 a------- c:\windows\QTFont.for
2009-04-05 17:05 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-04-05 17:05 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-04-05 15:43 0 a------- c:\windows\EEventManager.INI
2009-04-04 10:44 131,072 a------- c:\windows\system32\SAgent4.exe
2009-03-28 23:59 135,168 a------- c:\windows\system32\EEBAPI.dll
2009-03-28 23:59 110,592 a------- c:\windows\system32\EEBDSCVR.dll
2009-03-28 23:59 77,824 a------- c:\windows\system32\EBAPI.dll
2009-03-28 23:59 65,536 a------- c:\windows\system32\EEBUtil.dll
2009-03-28 23:59 55,808 a------- c:\windows\system32\EEBSDKIF.dll
2009-03-28 23:59 <DIR> --d----- c:\program files\common files\EPSON
2009-03-28 23:59 1,120 a------- c:\windows\system32\E_ADDNET.DAT
2009-03-28 23:58 474,892 a------- c:\windows\system32\ensppmon.dll
2009-03-28 23:58 457,611 a------- c:\windows\system32\ensppui.dll
2009-03-28 23:58 249,344 a------- c:\windows\system32\enspres.dll
2009-03-28 23:58 474,892 a------- c:\windows\system32\enppmon.dll
2009-03-28 23:58 457,611 a------- c:\windows\system32\enppui.dll
2009-03-28 23:58 249,344 a------- c:\windows\system32\enpres.dll
2009-03-28 23:51 <DIR> --d----- c:\program files\ABBYY FineReader 6.0 Sprint
2009-03-28 23:50 <DIR> --d----- c:\programdata\ArcSoft
2009-03-28 23:50 <DIR> --d----- c:\progra~2\ArcSoft
2009-03-28 23:48 <DIR> --d----- c:\program files\Epson Software
2009-03-28 23:47 <DIR> --d----- c:\program files\EpsonNet
2009-03-28 23:45 86,528 a------- c:\windows\system32\E_FLBEKA.DLL
2009-03-28 23:45 78,848 a------- c:\windows\system32\E_FD4BEKA.DLL
2009-03-28 23:45 <DIR> --d----- c:\programdata\EPSON
2009-03-28 23:45 <DIR> --d----- c:\progra~2\EPSON
2009-03-28 23:44 71,680 a------- c:\windows\system32\escwiad.dll
2009-03-28 23:44 9,216 a------- c:\windows\system32\escdev.dll
2009-03-28 23:44 <DIR> --d----- c:\program files\epson
2009-03-28 23:43 79 a------- c:\windows\EPWF600.ini
2009-03-24 04:32 <DIR> --d----- c:\users\owner\appdata\roaming\Research In Motion
2009-03-24 04:27 <DIR> --d----- c:\program files\Research In Motion
2009-03-24 03:53 50 a------- c:\windows\MegaManager.INI
2009-03-23 22:45 <DIR> --d----- c:\program files\JL_Cmder
2009-03-23 22:10 256 a------- c:\windows\system32\pool.bin
2009-03-23 22:00 <DIR> --d----- c:\programdata\InstallShield
2009-03-23 21:24 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-21 21:58 <DIR> --dsh--- c:\windows\ftpcache
==================== Find3M ====================
2009-04-10 22:14 4,592 a------- c:\windows\cpppc6.dat
2009-04-10 22:11 41,662 a------- c:\programdata\nvModes.dat
2009-04-10 22:11 41,662 a------- c:\progra~2\nvModes.dat
2009-04-10 00:51 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-10 00:51 86,016 a------- c:\windows\inf\infpub.dat
2009-04-10 00:51 143,360 a------- c:\windows\inf\infstor.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-08 22:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-05 09:13 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2008-12-30 17:19 13,025 a------- c:\users\owner\appdata\roaming\nvModes.dat
2008-07-19 23:29 174 a--sh--- c:\program files\desktop.ini
2008-07-19 23:15 665,600 a------- c:\windows\inf\drvindex.dat
2007-08-09 08:22 0 a------- c:\users\owner\appdata\roaming\wklnhst.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-02-25 10:23 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-02-25 10:23 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-02-25 10:23 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 22:33:36.48 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/25/2007 07:30:04
System Uptime: 4/10/2009 00:53:11 (22 hours ago)
Motherboard: Quanta | | 30B9
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-64 | Socket S1 | 2200/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 104 GiB total, 52.285 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 109.774 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1.726 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP710: 4/6/2009 10:36:47 - Removed Software Suite
RP712: 4/6/2009 10:40:00 - Removed Mega Manager
RP714: 4/6/2009 10:41:03 - Removed PayPal Plug-In
RP715: 4/6/2009 22:49:54 - Windows Update
RP716: 4/6/2009 23:34:00 - Device Driver Package Install: Research In Motion Universal Serial Bus controllers
RP717: 4/8/2009 01:07:32 - Scheduled Checkpoint
RP718: 4/8/2009 18:22:52 - Scheduled Checkpoint
RP719: 4/10/2009 00:13:24 - Restore Operation
RP720: 4/10/2009 00:50:25 - Device Driver Package Install: Synaptics Human Interface Devices
RP721: 4/10/2009 00:51:03 - Device Driver Package Install: Synaptics Mice and other pointing devices
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
5700_Help
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.3
AnswerWorks 5.0 English Runtime
ArcSoft Print Creations
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
Audacity 1.2.6
AVG Free 8.0
BackCountry Navigator 2.5.6
BackCountry Navigator Desktop Edition
BitPim 1.0.7.20080908
BlackBerry Desktop Software 4.7
BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CDDRV_Installer
Conexant HD Audio
CoPilot - Pocket PC 6
CoPilot PocketPC
CustomerResearchQFolder
CutePDF Writer 2.7
DDL DDLcustomers Module
Destinations
DeviceManagementQFolder
DHTML Editing Component
DiscAPI (Studio 10)
DockWare 2.0 for Pocket PCs
DocProc
DocProcQFolder
Drivers Daily Log
Epson Event Manager
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
EpsonNet Print
ESU for Microsoft Vista
eSupportQFolder
Fax
FormMax Evaluation
FormMax Filler 3.5
FTMVistaUpdater
Fuel Pricing 6.0.0
Google Chrome
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guide 0042
HP Wireless Assistant
HPNetworkAssistant
HPProductAssistant
HPSSupply
IncrediMail
J5700
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6
KhalInstallWrapper
LG USB Modem driver
LightScribe 1.4.136.1
Logitech SetPoint
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Networks Media Player for Internet Explorer
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
PCsync
ProductContext
PSSWCORE
Quicken 2008
Quicken WillMaker Plus 2009
QuickTime
RAPID (Studio 10)
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
RunAlyzer
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SmartSound Quicktracks Plugin
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Sprint SmartView
Spybot - Search & Destroy
Status
Studio 10
Synaptics Pointing Device Driver
Toolbox
Total 3D Home and Landscape Deluxe Suite
TRANSFLO Now!™ 1.1
TrayApp
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
V CAST Music with Rhapsody
Virtual Earth 3D (Beta)
VST Bridge 1.1
WeatherBug
WebReg
WIDCOMM Bluetooth Software 6.0.1.5100
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zinio Reader
==== Event Viewer Messages From Past Week ========
4/3/2009 02:28:39, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A736EC1C4. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/3/2009 02:45:53, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A736EC1C4. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/3/2009 03:34:48, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
4/4/2009 10:53:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
4/5/2009 00:58:28, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A736EC1C4. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/5/2009 13:43:23, Error: Service Control Manager [7000] - The OSCM Utility Service service failed to start due to the following error: The system cannot find the file specified.
4/5/2009 13:44:17, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/5/2009 13:44:20, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/5/2009 13:45:02, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
4/5/2009 13:45:02, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
4/8/2009 12:29:32, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/8/2009 15:31:45, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
==== End Of File ===========================
Once again, thanks!
Hi
Uninstall these vulnerable Javas:
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6
Update Adobe Reader 8.1.3 to 8.1.4 (http://www.adobe.com/support/downloads/detail.jsp?ftpID=4408)
Please follow instructions here (http://maximumpcguides.com/windows-vista/how-to-use-check-disk-in-windows-vista/) to run check disk to your c: drive.
Let's see if you're able to run another scanner instead of Kaspersky.
* Go here (http://www.eset.eu/eos/eset-online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish
Copy and paste that log as a reply to this topic, along with a new dds.txt log & a description of any remaining problems
stvnlo80
2009-04-13, 05:47
I ran the ESET tool. It said it was a beta version. When it was finished, I tried to copy the text, the wondow, everything.....and nothing would copy for me.
The scan did say there was nothing found.
Here are the dds files.
DDS (Ver_09-03-16.01) - NTFSx86
Run by owner at 22:34:38.06 on Sun 04/12/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.982 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SAgent4.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\program files\pegasus transtech\transflo now\transflo.client.agent.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\owner\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://cm.my.yahoo.com/
uWindow Title = Steve's Browser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPSON WorkForce 600(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatieka.exe /fu "c:\windows\temp\E_S5E57.tmp" /EF "HKCU"
uRun: [EPSON644E31] c:\windows\system32\spool\drivers\w32x86\3\e_fatieka.exe /fu "c:\windows\temp\E_S695D.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [Transflo Notify] c:\program files\pegasus transtech\transflo now\Transflo.Notify.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {770BD83B-E6B2-4185-AC61-DA89A8D16983} = 4.2.2.2,4.2.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-26 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-5 107272]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [2008-5-20 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [2008-5-20 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [2008-5-20 52309]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-2-1 92160]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-7-18 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2008-7-18 19968]
=============== Created Last 30 ================
2009-04-11 22:38 <DIR> --d----- c:\program files\ESET
2009-04-10 00:51 <DIR> --d----- c:\program files\Synaptics
2009-04-08 20:39 <DIR> --d----- c:\users\owner\appdata\roaming\Malwarebytes
2009-04-08 20:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-08 20:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 20:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-08 15:39 <DIR> --d----- c:\program files\Spybot - Search & Destroy(215)
2009-04-08 15:39 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-07 20:00 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-07 20:00 1,409 a------- c:\windows\QTFont.for
2009-04-05 17:05 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-04-05 17:05 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-04-05 15:43 0 a------- c:\windows\EEventManager.INI
2009-04-04 10:44 131,072 a------- c:\windows\system32\SAgent4.exe
2009-03-28 23:59 135,168 a------- c:\windows\system32\EEBAPI.dll
2009-03-28 23:59 110,592 a------- c:\windows\system32\EEBDSCVR.dll
2009-03-28 23:59 77,824 a------- c:\windows\system32\EBAPI.dll
2009-03-28 23:59 65,536 a------- c:\windows\system32\EEBUtil.dll
2009-03-28 23:59 55,808 a------- c:\windows\system32\EEBSDKIF.dll
2009-03-28 23:59 <DIR> --d----- c:\program files\common files\EPSON
2009-03-28 23:59 1,120 a------- c:\windows\system32\E_ADDNET.DAT
2009-03-28 23:58 474,892 a------- c:\windows\system32\ensppmon.dll
2009-03-28 23:58 457,611 a------- c:\windows\system32\ensppui.dll
2009-03-28 23:58 249,344 a------- c:\windows\system32\enspres.dll
2009-03-28 23:58 474,892 a------- c:\windows\system32\enppmon.dll
2009-03-28 23:58 457,611 a------- c:\windows\system32\enppui.dll
2009-03-28 23:58 249,344 a------- c:\windows\system32\enpres.dll
2009-03-28 23:51 <DIR> --d----- c:\program files\ABBYY FineReader 6.0 Sprint
2009-03-28 23:50 <DIR> --d----- c:\programdata\ArcSoft
2009-03-28 23:50 <DIR> --d----- c:\progra~2\ArcSoft
2009-03-28 23:48 <DIR> --d----- c:\program files\Epson Software
2009-03-28 23:47 <DIR> --d----- c:\program files\EpsonNet
2009-03-28 23:45 86,528 a------- c:\windows\system32\E_FLBEKA.DLL
2009-03-28 23:45 78,848 a------- c:\windows\system32\E_FD4BEKA.DLL
2009-03-28 23:45 <DIR> --d----- c:\programdata\EPSON
2009-03-28 23:45 <DIR> --d----- c:\progra~2\EPSON
2009-03-28 23:44 71,680 a------- c:\windows\system32\escwiad.dll
2009-03-28 23:44 9,216 a------- c:\windows\system32\escdev.dll
2009-03-28 23:44 <DIR> --d----- c:\program files\epson
2009-03-28 23:43 79 a------- c:\windows\EPWF600.ini
2009-03-24 04:32 <DIR> --d----- c:\users\owner\appdata\roaming\Research In Motion
2009-03-24 04:27 <DIR> --d----- c:\program files\Research In Motion
2009-03-24 03:53 50 a------- c:\windows\MegaManager.INI
2009-03-23 22:45 <DIR> --d----- c:\program files\JL_Cmder
2009-03-23 22:10 256 a------- c:\windows\system32\pool.bin
2009-03-23 22:00 <DIR> --d----- c:\programdata\InstallShield
2009-03-23 21:24 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-21 21:58 <DIR> --dsh--- c:\windows\ftpcache
==================== Find3M ====================
2009-04-12 21:54 41,662 a------- c:\programdata\nvModes.dat
2009-04-12 21:54 41,662 a------- c:\progra~2\nvModes.dat
2009-04-10 22:14 4,592 a------- c:\windows\cpppc6.dat
2009-04-10 00:51 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-10 00:51 86,016 a------- c:\windows\inf\infpub.dat
2009-04-10 00:51 143,360 a------- c:\windows\inf\infstor.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-08 22:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-05 09:13 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2008-12-30 17:19 13,025 a------- c:\users\owner\appdata\roaming\nvModes.dat
2008-07-19 23:29 174 a--sh--- c:\program files\desktop.ini
2008-07-19 23:15 665,600 a------- c:\windows\inf\drvindex.dat
2007-08-09 08:22 0 a------- c:\users\owner\appdata\roaming\wklnhst.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-02-25 10:23 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-02-25 10:23 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-02-25 10:23 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 22:35:43.80 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/25/2007 07:30:04
System Uptime: 4/11/2009 04:19:33 (42 hours ago)
Motherboard: Quanta | | 30B9
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-64 | Socket S1 | 800/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 104 GiB total, 49.961 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 109.774 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1.726 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP715: 4/6/2009 22:49:54 - Windows Update
RP716: 4/6/2009 23:34:00 - Device Driver Package Install: Research In Motion Universal Serial Bus controllers
RP717: 4/8/2009 01:07:32 - Scheduled Checkpoint
RP718: 4/8/2009 18:22:52 - Scheduled Checkpoint
RP719: 4/10/2009 00:13:24 - Restore Operation
RP720: 4/10/2009 00:50:25 - Device Driver Package Install: Synaptics Human Interface Devices
RP721: 4/10/2009 00:51:03 - Device Driver Package Install: Synaptics Mice and other pointing devices
RP722: 4/11/2009 04:51:21 - Scheduled Checkpoint
RP723: 4/11/2009 22:08:28 - Removed Java(TM) 6 Update 2
RP724: 4/11/2009 22:09:43 - Removed Java(TM) SE Runtime Environment 6
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
5700_Help
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.4
AnswerWorks 5.0 English Runtime
ArcSoft Print Creations
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
Audacity 1.2.6
AVG Free 8.0
BackCountry Navigator 2.5.6
BackCountry Navigator Desktop Edition
BitPim 1.0.7.20080908
BlackBerry Desktop Software 4.7
BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CDDRV_Installer
Conexant HD Audio
CoPilot - Pocket PC 6
CoPilot PocketPC
CustomerResearchQFolder
CutePDF Writer 2.7
DDL DDLcustomers Module
Destinations
DeviceManagementQFolder
DHTML Editing Component
DiscAPI (Studio 10)
DockWare 2.0 for Pocket PCs
DocProc
DocProcQFolder
Drivers Daily Log
Epson Event Manager
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
EpsonNet Print
ESET Online Scanner v3
ESU for Microsoft Vista
eSupportQFolder
Fax
FormMax Evaluation
FormMax Filler 3.5
FTMVistaUpdater
Fuel Pricing 6.0.0
Google Chrome
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guide 0042
HP Wireless Assistant
HPNetworkAssistant
HPProductAssistant
HPSSupply
IncrediMail
J5700
Java(TM) 6 Update 13
KhalInstallWrapper
LG USB Modem driver
LightScribe 1.4.136.1
Logitech SetPoint
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Networks Media Player for Internet Explorer
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
PCsync
ProductContext
PSSWCORE
Quicken 2008
Quicken WillMaker Plus 2009
QuickTime
RAPID (Studio 10)
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
RunAlyzer
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SmartSound Quicktracks Plugin
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Sprint SmartView
Spybot - Search & Destroy
Status
Studio 10
Synaptics Pointing Device Driver
Toolbox
Total 3D Home and Landscape Deluxe Suite
TRANSFLO Now!™ 1.1
TrayApp
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
V CAST Music with Rhapsody
Virtual Earth 3D (Beta)
VST Bridge 1.1
WeatherBug
WebReg
WIDCOMM Bluetooth Software 6.0.1.5100
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zinio Reader
==== Event Viewer Messages From Past Week ========
4/5/2009 00:54:13, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
4/5/2009 00:55:37, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A736EC1C4. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/5/2009 00:58:28, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A736EC1C4. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/5/2009 07:02:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
4/5/2009 07:28:36, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A736EC1C4. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/5/2009 13:43:23, Error: Service Control Manager [7000] - The OSCM Utility Service service failed to start due to the following error: The system cannot find the file specified.
4/5/2009 13:44:17, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/5/2009 13:44:20, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/5/2009 13:45:02, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
4/5/2009 13:45:02, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
4/8/2009 12:29:32, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/8/2009 15:31:45, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
4/11/2009 00:36:32, Error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/11/2009 00:36:32, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the AVG Free8 WatchDog service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/11/2009 04:20:25, Error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/11/2009 22:23:08, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/11/2009 22:23:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/11/2009 22:23:08, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================
I'm wondering if that scan tool that the "Geek Squad" put on here is just a way to get me to come in for them to "fix" my computer......
Nothing else has found those files.
It's still slow to come up or shut down...but, I think that's just the nature of the beast. Would it help if I moved everything except programs from the one disk and put it all on the other? Thanks, for all the help.
Hi
How much memory does the system have?
I recommend you run disk defragging tool like Jkdefrag (http://www.kessels.com/Jkdefrag/) against your hard drive partitions.
Other hints to improve system performance can be found here (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html).
I'm wondering if that scan tool that the "Geek Squad" put on here is just a way to get me to come in for them to "fix" my computer......
Does the tool still detect something? If so, what does it detect?
stvnlo80
2009-04-15, 04:14
I ran the Geek Squad tool again. Here is an excerpt -
Computer: STEVESHP
Scan Date: 4/14/2009 18:34
Malware Scan
Risk rating: High
Trojans: 1
� trojan.gen
System monitors: 0
Viruses: 0
Adware: 0
Is there a way to see where these cookies keep coming from? I don't think I hit very many sites that would use these type of cookies. But, you never know.
Tracking cookies: 14
� tacoda cookie
� atwola cookie
� adlegend cookie
� angelfire cookie
� ic-live cookie
� azjmp cookie
� burstbeacon cookie
� did-it cookie
� adbureau cookie
� redsheriff cookies
� about cookie
� pointroll cookie
� specificclick.com cookie
� nextag cookie
Informational items: 1
� killapp
Windows User Accounts 4
User account list
�
owner (Adminstrator account)
Last login: 4/14/2009 (07:59)
Administrator (Adminstrator account)
Last login: 6/25/2007 (07:34)
ASPNET (User account) This Puzzles me. It doesn't show up anywhere
Last login: Never
Guest (Guest account)
Last login: Never
I have 2GB of Ram.
I am gonna run the JKDefrag tool as soon as I post this. My scan says I am 11% Fragmented.
Malware Scan
Risk rating: High
Trojans: 1
� trojan.gen
System monitors: 0
Viruses: 0
Adware: 0
Does the tool give any details about location? It's namely possible that the finding is false positive.
Is there a way to see where these cookies keep coming from? I don't think I hit very many sites that would use these type of cookies. But, you never know.
If cookies bother the easiest way is to install hosts file to block most of those. I'll give a link later.
ASPNET (User account) This Puzzles me. It doesn't show up anywhere
Last login: Never
That account is set up when .NET framework is installed on system. It's normal to have that there :)
stvnlo80
2009-04-15, 19:52
1. No, it doesn't give any location.
2. The cookies don't seem to be causing any problems......but, I hate the fact that they are there and my spybot isn't taking them off.
3. OK. That explains that. I was worried that someone had access and I didn't know it.
I really appreciate all the help!
Hi
I don't personally like tool that doesn't tell where suspected problem is. Without specific location it's difficult to find out if the problem is false positive.
Some signs in log show that you have/had Malwarebytes' Anti-Malware installed. Could you run it with full scan to see if it finds anything?
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.