Problem removing ldcore.dll

Hi :)

Okay...You're logged in with an administrator account?
You could try this:
1. Uninstall your current printer
2. Restart the pc and check that is the print spooler running - if it is not, try to start it

Let me know :bigthumb:
 
Printing

Mr_JAk3 said:
Hi :)

Okay...You're logged in with an administrator account?
You could try this:
1. Uninstall your current printer
2. Restart the pc and check that is the print spooler running - if it is not, try to start it

Let me know :bigthumb:
Click to expand...

1. There is no printer to uninstall. The printer that was installed is no longer installed. I had only one login account on my computer (account name: Steve). After noticing the virus (or whatever it is), I rebooted to find a new account called Admin. I deleted that one, but had to activate the Windows default Administrator account to do so. Now I have twp accounts: Administrator and Steve, both of which have full administrative rights.
2. Restarted the pc and the print spooler is not running. Tried to start it and get the following error: "Could not start the Print Spooler service on Local Computer. Error: 1068. The dependency service or group failed to start.". Note that I am able to start and stop other services without any problems.

Are you making any headway on the core virus/trojan that seems to have my computer messed up? I'm not sure if it's gone or dormant or what but I've not had any more pop-up ads or other invasive problems (though the task bar still does not show active applications that I have open). None of the anti-virus tools I've used have been able to find a virus or malware either.
 
Hello :)

You still have this HP Web Jetadmin software running. It could be related to the problem too. Would be worth a try to uninstall it and see. (There are other with this Error: 1068in Google but haven't yet found any solution to it)

Also I can't see any signs of an infection....

Do you mean task bar ar the task manager?
 
Uninstalling HP JetAdmin

Tonight, I booted up my computer, logged into this forum and checked for a response to my last post. I read your post and I uninstalled HP JetAdmin. I then tried to start the Print Spooler service with no luck (same error as before).

Regarding the task bar, I am referring to the blue bar at the bottom of the Windows XP screen that contains your system tray as well as your START button. Normally, when you have open applications, they appear in the task bar. However, none of my open programs show up in the task bar. I have to CTRL+Tab in order to switch between open applications.

Also, whenever I click on Internet Explorer, I still get the quick flash of the IE browser window as IE opens and then immediately closes. As such, I still am unable to use IE.

I think I will try to repair my XP installation using the XP repair function packaged with XP's installation disk and see if that resolves the Print Spooler and task bar issues.

I'm glad that you cannot see any infections but these remaining issues are annoying. Should I post another HJT Log?

Thanks for all the assistance so far. I really appreciate the expertise.
 
Hello :)

OK let's try this fix for the taskbar. Please download and run this script -> xp_taskbar_desktop_fixall Allow to run it if promted.

Restart the pc and see if the taskbar works now.

Then the printer issue. Please create a new user account with admin rights. Log in and see if the printer spooler is running on this account. If not I'd like to see another log...

Make a new folder in the C:\drive called silentrunners
Download 'silent runners" from here: (direct download)
http://www.silentrunners.org/Silent Runners.vbs
Save it to your silentrunners folder.

Click start> run> type cmd and hit enter
Type the following exactly and hit enter after each line.
cd c:\silentrunners and hit enter
"silent runners.vbs" -all and hit enter

Wait until it pops up saying its completed, then post the resulting logfile here
It will be very large. You may need several posts to include everything
 
Silent Runner VB Script

So...I tried to run the Silent Runner script using your instructions and all that happens after I type:

"silent runners.vbs" -all

is that I immediately get returned to my command prompt:

C:\Documents and Settings\Steve>cd c:\silentrunners

C:\silentrunners>"Silent Runners.vbs" -all

C:\silentrunners>

Also, when I create another user account, that account does not have access to the taskbar (taskbar does not display at all) so I cannot select Start>Control Panel to get to printers or Services.

The XP_Taskbar_Desktop_Fixall.vbs did not appear to have any effect and I still do not see any active application icons in my taskbar.

Am I doing something wrong with the VB scripts? How can I tell if they even run?
 
Hi :)

Do you have the Silent Runners.vbs file in the folder C:\silentrunners ?

What happens if you doubleclick on the file Silent Runners.vbs?
 
Silent Runners

Mr_JAk3 said:
Hi :)

Do you have the Silent Runners.vbs file in the folder C:\silentrunners ?

What happens if you doubleclick on the file Silent Runners.vbs?
Click to expand...

Yes, I have "Silent Runners.vbs" (spelled exactly as I have it inside the quotes) in the folder "C:\silentrunners" (spelled exactly as I have it inside the quotes).

If I double click on the file Silent Runners.vbs, nothing at all appears to happen. The cursor briefly (e.g. less than 1 second) changes to an hour glass, then back to its normal pointer.
 
Ok we'll use another tool then...

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
 
Results of DSS Scan-Main.txt (part 1 of 2)

Here is part 1 of 3 of the Main.txt log:

Deckard's System Scanner v20071014.68
Run by Steve on 2007-12-06 22:16:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Steve.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:PM, on 2007-12-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\ASAP\ASAPSvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Steve\Desktop\dss.exe
C:\DOCUME~1\Steve\Desktop\Steve.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ASAP Browser Helper Object - {9A2A2BF3-A049-407A-B548-4668E673DCF7} - C:\Program Files\ASAP\ASAPBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [ASAPSvc.exe] "C:\Program Files\ASAP\ASAPSvc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2558107475-2740083912-10409753-1005\..\Run: [ASAPSvc.exe] "C:\Program Files\ASAP\ASAPSvc.exe" (User '?')
O4 - HKUS\S-1-5-21-2558107475-2740083912-10409753-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2558107475-2740083912-10409753-1005\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-2558107475-2740083912-10409753-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-2558107475-2740083912-10409753-1005\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skillcheck.com/onlinetesting/icaclients/win32/8.1.00/onlinetesting.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152571135828
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

--
End of file - 7351 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Steve\Desktop\backups\) ---------------

backup-20071116-192022-129 O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
2 AsfAlrt - c:\windows\system32\drivers\asfalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
3 catchme - c:\docume~1\steve\locals~1\temp\catchme.sys (file missing)
4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>
3 dot4 (MS IEEE-1284.4 Driver) - c:\windows\system32\drivers\dot4.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 Dot4Print (Print Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4prt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 dot4usb (Dot4USB Filter Dot4USB Filter) - c:\windows\system32\drivers\dot4usb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 E1000 (Intel(R) PRO/1000 Network Connection Driver) - c:\windows\system32\drivers\e1000325.sys <Not Verified; Intel Corporation; Intel(R) PRO/1000 Adapter>
3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - system32\drivers\el90xbc5.sys (file missing)
3 i81x - c:\windows\system32\drivers\i81xnt5.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP0 - c:\windows\system32\drivers\wadv01nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP1 - c:\windows\system32\drivers\wadv02nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP2 - c:\windows\system32\drivers\wadv05nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP3 - c:\windows\system32\drivers\wsiintxx.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP4 - c:\windows\system32\drivers\wvchntxx.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimTV0 - c:\windows\system32\drivers\watv01nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimTV1 - c:\windows\system32\drivers\watv02nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimTV2 - system32\drivers\watv03nt.sys (file missing)
3 iAimTV3 - c:\windows\system32\drivers\watv04nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimTV4 - c:\windows\system32\drivers\wch7xxnt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
 
DSS Scan Main.txt log Part 2 of 3

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 and ASF 2.0 Compatible>
2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
3 winvnc (VNC Server) - c:\program files\tightvnc\winvnc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Files created between 2007-11-06 and 2007-12-06 -----------------------------

2007-12-06 22:11:31 0 d-------- C:\WINDOWS\LastGood
2007-12-06 16:18:13 10752 -----n--- C:\WINDOWS\system32\smtpapi.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2007-12-06 16:18:13 9728 -----n--- C:\WINDOWS\system32\rwnh.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2007-12-06 14:30:06 351232 --a------ C:\WINDOWS\system32\winhttp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-06 14:30:06 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-06 11:31:55 0 d-------- C:\Program Files\Lavasoft
2007-12-06 11:31:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-05 20:19:40 382464 --a------ C:\WINDOWS\system32\qmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:19 45568 --a------ C:\WINDOWS\system32\safrslv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:18 29696 --a------ C:\WINDOWS\system32\safrdm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:18 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:18 43520 --a------ C:\WINDOWS\system32\racpldlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:17 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2007-12-05 19:08:17 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll <Not Verified; Intel Corporation; ISRDBG32.DLL>
2007-12-05 19:08:16 48128 --a------ C:\WINDOWS\system32\inetres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:15 65536 --a------ C:\WINDOWS\system32\icwphbk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:15 73728 --a------ C:\WINDOWS\system32\icwdial.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:14 81920 --a------ C:\WINDOWS\system32\isign32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:14 274432 --a------ C:\WINDOWS\system32\inetcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:02 239104 --a------ C:\WINDOWS\system32\srrstr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:01 170496 --a------ C:\WINDOWS\system32\srsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:01 67584 --a------ C:\WINDOWS\system32\srclient.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:01 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:08:00 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2007-12-05 19:08:00 69632 --a------ C:\WINDOWS\system32\msconf.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2007-12-05 19:08:00 34560 --a------ C:\WINDOWS\system32\mnmdd.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2007-12-05 19:08:00 81920 --a------ C:\WINDOWS\system32\ils.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2007-12-05 19:07:56 105984 --a------ C:\WINDOWS\system32\msoert2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:07:56 252928 --a------ C:\WINDOWS\system32\msoeacct.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:07:56 678400 --a------ C:\WINDOWS\system32\inetcomm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:07:55 190976 --a------ C:\WINDOWS\system32\schedsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:07:55 12288 --a------ C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:07:55 274944 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:29 131584 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:29 345088 --a------ C:\WINDOWS\system32\hypertrm.dll <Not Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System>
2007-12-05 19:06:29 183808 --a------ C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:28 11776 --a------ C:\WINDOWS\system32\xolehlp.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-12-05 19:06:28 67072 --a------ C:\WINDOWS\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:28 20480 --a------ C:\WINDOWS\system32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:28 90112 --a------ C:\WINDOWS\system32\mtxoci.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:28 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-12-05 19:06:28 949248 --a------ C:\WINDOWS\system32\msdtctm.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-12-05 19:06:28 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:28 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:27 58880 --a------ C:\WINDOWS\system32\msdtclog.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-12-05 19:06:27 6144 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-12-05 19:06:26 540160 --a------ C:\WINDOWS\system32\comuid.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:26 82432 --a------ C:\WINDOWS\system32\comrepl.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:26 62464 --a------ C:\WINDOWS\system32\colbact.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:26 110080 --a------ C:\WINDOWS\system32\clbcatex.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:26 85504 --a------ C:\WINDOWS\system32\catsrvps.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:26 229888 --a------ C:\WINDOWS\system32\catsrv.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:25 501248 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:21 56320 --a------ C:\WINDOWS\system32\servdeps.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:21 17408 --a------ C:\WINDOWS\system32\mmfutil.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:21 185344 --a------ C:\WINDOWS\system32\cmprops.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:20 343040 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:20 123392 --a------ C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:20 102912 --a------ C:\WINDOWS\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:19 6656 --a------ C:\WINDOWS\system32\wuauserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:19 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:19 538624 --a------ C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:19 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 295424 --a------ C:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 140800 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 60416 --a------ C:\WINDOWS\system32\remotepg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 62464 --a------ C:\WINDOWS\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 147968 --a------ C:\WINDOWS\system32\rdchost.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 655360 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 407552 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 11264 --a------ C:\WINDOWS\system32\icaapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:18 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:06:17 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-12-05 19:06:17 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:17 628224 --a------ C:\WINDOWS\system32\catsrvut.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-05 19:06:12 58880 --a------ C:\WINDOWS\system32\licwmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:05:04 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:05:01 52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 19:04:31 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 18:58:11 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 18:58:09 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 18:56:10 24661 --a------ C:\WINDOWS\system32\spxcoins.dll <Not Verified; Perle Systems Ltd.; Specialix Multi-port Serial Device Class CoInstaller>
2007-12-05 18:56:10 13312 --a------ C:\WINDOWS\system32\irclass.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 18:56:10 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 18:56:09 74752 --a------ C:\WINDOWS\system32\storprop.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-05 13:46:17 0 d-------- C:\WINDOWS\java
2007-11-30 19:48:36 0 d-------- C:\silentrunners
2007-11-30 19:43:38 0 d-------- C:\Documents and Settings\Steven\Application Data\Real
2007-11-30 19:41:52 0 d--h----- C:\Documents and Settings\Steven\Templates
2007-11-30 19:41:52 0 dr------- C:\Documents and Settings\Steven\Start Menu
2007-11-30 19:41:52 0 dr-h----- C:\Documents and Settings\Steven\SendTo
2007-11-30 19:41:52 0 dr-h----- C:\Documents and Settings\Steven\Recent
2007-11-30 19:41:52 0 d--h----- C:\Documents and Settings\Steven\PrintHood
2007-11-30 19:41:52 0 d--h----- C:\Documents and Settings\Steven\NetHood
2007-11-30 19:41:52 0 dr------- C:\Documents and Settings\Steven\My Documents
2007-11-30 19:41:52 0 d--h----- C:\Documents and Settings\Steven\Local Settings
2007-11-30 19:41:52 0 dr------- C:\Documents and Settings\Steven\Favorites
2007-11-30 19:41:52 0 d-------- C:\Documents and Settings\Steven\Desktop
2007-11-30 19:41:52 0 d--hs---- C:\Documents and Settings\Steven\Cookies
2007-11-30 19:41:52 0 dr-h----- C:\Documents and Settings\Steven\Application Data
2007-11-30 19:41:52 0 d-------- C:\Documents and Settings\Steven\Application Data\Sun
2007-11-30 19:41:52 0 d---s---- C:\Documents and Settings\Steven\Application Data\Microsoft
2007-11-30 19:41:52 0 d-------- C:\Documents and Settings\Steven\Application Data\Identities
2007-11-30 19:41:51 786432 --ah----- C:\Documents and Settings\Steven\NTUSER.DAT
2007-11-16 19:35:23 0 d-------- C:\Documents and Settings\Steve\DoctorWeb
2007-11-11 13:49:59 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-11 13:49:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-11 13:49:10 0 d-------- C:\Documents and Settings\Steve\Application Data\SUPERAntiSpyware.com
2007-11-09 20:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-09 20:58:35 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-09 19:22:33 0 d-------- C:\Documents and Settings\Steve\Application Data\Viewpoint
2007-11-09 05:26:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-11-09 05:25:31 0 dr------- C:\Documents and Settings\LocalService\Favorites
 
DSS Log Main.txt part 3 of 3

-- Find3M Report ---------------------------------------------------------------

2007-12-06 16:15:20 0 d-------- C:\Program Files\Movie Maker
2007-12-06 16:15:07 0 d-------- C:\Program Files\Windows NT
2007-12-06 16:12:21 250032 -rahs---- C:\ntldr
2007-12-06 11:31:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 19:30:20 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-05 19:06:58 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-16 23:33:43 0 d-------- C:\Program Files\microsoft frontpage
2007-11-10 21:16:27 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01:AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00:AM]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-22 06:59:PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 12:00:PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 02:43:PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-11 11:55:AM]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [2005-01-27 04:00:AM]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 12:21:PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASAPSvc.exe"="C:\Program Files\ASAP\ASAPSvc.exe" [2006-01-11 10:08:PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:56:AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 03:45:PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 07:05:PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 02:06:PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 01:55:PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 01:41:PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
C:\WINDOWS\System32\catsrvut.dll 2004-08-04 12:56:AM 628224 C:\WINDOWS\SYSTEM32\catsrvut.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= ???

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-12-06 22:17:08 ------------
 
DSS Scan Extra.txt part 1 of 2

Here's the Extra.txt log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 25%
Physical Memory (total/avail): 1278.98 MiB / 957.53 MiB
Pagefile Memory (total/avail): 3054 MiB / 2901.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.58 MiB

C: is Fixed (NTFS) - 37.2 GiB total, 16.88 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Steve\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BIGGERDELL
ComSpec=C:\WINDOWS\system32\cmd.exe
DXSDK_DIR=C:\Program Files\Microsoft DirectX 9.0 SDK (October 2004)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Steve
LOGONSERVER=\\BIGGERDELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Steve\LOCALS~1\Temp
TMP=C:\DOCUME~1\Steve\LOCALS~1\Temp
USERDOMAIN=BIGGERDELL
USERNAME=Steve
USERPROFILE=C:\Documents and Settings\Steve
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Steve (admin)
Steven (new local)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ASAP --> MsiExec.exe /I{0BC218E9-BEDD-4AC7-9610-6189AEB88140}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{6877BB34-2631-46DA-AD62-3DE601E8D7BE}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Belarc Advisor 6.1 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Canasis Games (Aug 27 2006) --> "C:\Program Files\Canasis\unins000.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
eFax Messenger 4.3 --> C:\Program Files\eFax Messenger 4.3\Uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Steve\Desktop\HijackThis.exe" /uninstall
HP Download Manager --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Uninstrq.isu
HP LaserJet 2200 Uninstaller --> C:\Program Files\Hewlett-Packard\LaserJet All-in-one\Uninstall\2200\setup.exe uninst22.ini
Intel (R) Pro Alerting Agent --> MsiExec.exe /I{3C50A915-DD33-4802-B83B-9EA997D3337B}
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Journal Macro 1.77 --> C:\Program Files\Journal Macro\Uninstall.exe
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft DirectX 9.0 SDK Update (October 2004) --> MsiExec.exe /I{EE03B0F1-7579-4CDD-BA63-BA37A8B9E2DB}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook Web Access S/MIME --> MsiExec.exe /X{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}
Microsoft Producer for Microsoft Office PowerPoint 2003 --> MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-15E08F691033}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
Online Testing Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symtrax Web 5250 v1.2.03 --> C:\PROGRA~1\Symtrax\SYMTRA~1\UNWISE.EXE C:\PROGRA~1\Symtrax\SYMTRA~1\Install.log
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type86 / Error
Event Submitted/Written: 12/05/2007 08:46:51 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 21955421.

Event Record #/Type85 / Error
Event Submitted/Written: 12/05/2007 08:46:43 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type44 / Error
Event Submitted/Written: 12/05/2007 07:09:35 PM
Event ID/Source: 4101 / VSS
Event Description:
Volume Shadow Copy Service error: Cannot obtain the collection 'Applications' from the COM+ catalog [0x8004e00f].

Event Record #/Type43 / Error
Event Submitted/Written: 12/05/2007 07:09:35 PM
Event ID/Source: 4691 / COM+
Event Description:
The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Event Record #/Type42 / Warning
Event Submitted/Written: 12/05/2007 07:09:30 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26171 / Error
Event Submitted/Written: 12/06/2007 04:09:07 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type26170 / Error
Event Submitted/Written: 12/06/2007 04:08:37 PM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with service-specific error 2147943764 (0x80070554).

Event Record #/Type26167 / Error
Event Submitted/Written: 12/06/2007 04:08:37 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type26166 / Error
Event Submitted/Written: 12/06/2007 04:08:07 PM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with service-specific error 2147943764 (0x80070554).

Event Record #/Type26163 / Error
Event Submitted/Written: 12/06/2007 04:08:07 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2007-12-06 22:17:08 ------------
 
DSS Scan

Ok.. I just posted the Main.txt (had to break it into 3 parts to adhere to the 20,000 character posting limit) and the extra.txt which I thought would take 2 posts but only took one.

One thing to note: I got impatient (my computer has been sick for 3 weeks now) and used the repair function that came with my XP install disk. After I did that I noticed that everything "seemed" to be working correctly, even my task bar and print spooler were working fine. I then installed XP service pack 2. Now I seem to have all the same problems I had before (cannot start services again, task bar doesn't show open applications and dialog boxes, cryptographic service is stopped and I cannot start it, etc.).

I wonder if that info helps you narrow down what the problem might be. I know it's not XP's SP2 so the infection is having an adverse effect on the system when I install SP2.

This is really frustrating so I am hoping that you can work some magic and help me fix this mess without losing everything I have on my computer.

Thanks,
Steve
 
Hello :)

I wonder if that info helps you narrow down what the problem might be. I know it's not XP's SP2 so the infection is having an adverse effect on the system when I install SP2.
Click to expand...
If you google, you're not the only one having these similar problems after SP2 install. There are no signs of any infections on your pc. It is possible that something went wrong with the SP2 installation...

Let's see if the logs say anything.

Go to C:\Windows and look for the following files:
Setupapi.log
Svcpack.log
Spuninst.log

Then add those to your post here as an attachment. Or alternatively you could upload the files to eg Rapidshare and then post a link to your log to me :bigthumb:
 
Hi again :)

Ok I've now checked the logs, your SP2 didn't install properly. This doesn't seem to be malware related (as you pc seems to be clean) and I'm sorry but these kind of issues really aren't my cup of tea.

So I think that it is best that I'll recommend the CastleCops forums for you. They have eg this Windows NT/2000/2003/XP section. I think you'd get more experienced help to the issue there...

Also here is a what-to-do-before-SP2 list, it is worth checking too.

:bigthumb:
 
You must log in or register to reply here.
Back
Top