Page 1 of 3 123 LastLast
Results 1 to 10 of 27
  1. #1
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default PC having program problems

    I have a dell XPS 410, 1gig of ram, 250 gig HDD, Microsoft Windows XP MCE 2005. It has been giving me trouble for some time now. One day, some of the programs on my pc decided they did not have a logo. For example, Microsft word, including the program file and the desktop shortcut, randomly one day had it's word icon replaced with that picture of a blank white window, which usually shows up when something is an unknown file type. Also, it says that I do not have sufficent rights to install things on this pc! I am the only user on this PC, there is one account, mine and I am the admin, I checked her is my Hijack this--
    Logfile of HijackThis v1.99.1
    Scan saved at 10:38:28 PM, on 11/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\java.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\system32\dlcjcoms.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Ryan Matzen\Local Settings\Temp\QTFairUse6-2.5\QTFairUse6.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3070213
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2A96D88B-55DD-46de-8235-455759988526} (Intel Content Update) - http://vvswupdate.intel-support.com/...l/gtdownin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://vep.intel.com/Entriq_3_5_2_2_Silent.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SMS_v3_1_0 - Unknown owner - C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe" -s "C:\Program Files\Rosetta Stone\SMS v3.1.0hs\service\wrapper.conf (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

  2. #2
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default

    oh and thank you for your time as well.

  3. #3
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default

    by the way I ran your spyware programs like you asked before I posted this log and they turned up nothing, which is why I am here.

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    No problems in your hijackthis log, just a couple of orphan keys ...

    You are running an out-of-date version of java

    jre1.5.0 now has update _11 ... But jre1.6.0 is much faster...

    Go to add/remove programs and uninstall any earlier versions ...

    Then You can go here and install the latest version of Java.

    http://java.sun.com/javase/downloads/index.jsp

    Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 3' and press the 'Download' button.


    Running an out-of-date version of java is an infection risk.

    THEN ...

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    THEN ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    Please remember to post :-


    1. SUPERAntiSpyware Scan Log
    2. C:\ComboFix.txt

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default

    This is what happened when I tried to install superantispyware, I am the admin. This is good though because this is the problem I was trying to explain:http://img525.imageshack.us/img525/5149/95744889up5.png

    Here is the combofix log:
    ComboFix 07-11-29.3 - Ryan Matzen 2007-11-28 20:09:29.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.498 [GMT -8:00]
    Running from: C:\Documents and Settings\Ryan Matzen\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Ryan Matzen\My Documents\STEM32~1
    C:\Documents and Settings\Ryan Matzen\My Documents\STEM32~1\??stem32\

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
    .

    2007-11-28 20:07 . 2007-11-28 20:07 d-------- C:\Documents and Settings\Ryan Matzen\Application Data\SUPERAntiSpyware.com
    2007-11-23 00:34 . 2007-11-23 00:34 d-------- C:\Program Files\Neoretix
    2007-11-23 00:27 . 2007-11-23 00:27 d-------- C:\Program Files\Riva
    2007-11-23 00:27 . 2007-11-23 00:27 d-------- C:\Program Files\Common Files\SWF Studio
    2007-11-23 00:22 . 2007-11-23 00:22 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2007-11-23 00:09 . 2007-11-23 23:05 d-------- C:\Program Files\CinemaForge
    2007-11-23 00:09 . 2007-10-25 10:29 1,558,280 --a------ C:\WINDOWS\screengenie.scr

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-29 04:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-27 06:38 --------- d-----w C:\Program Files\Hijack This
    2007-11-24 10:59 --------- d-----w C:\Program Files\Windows Defender
    2007-11-24 10:57 --------- d-----w C:\Program Files\QuickTime
    2007-11-24 10:56 --------- d-----w C:\Program Files\Dell Photo AIO Printer 964
    2007-11-24 10:52 --------- d-----w C:\Program Files\Bonjour
    2007-11-24 10:49 --------- d-----w C:\Program Files\Ace Utilities
    2007-11-24 09:21 --------- d-----w C:\Program Files\Dell Support
    2007-11-24 07:06 --------- d-----w C:\Program Files\Common Files\AVSMedia
    2007-11-24 07:06 --------- d-----w C:\Program Files\AVSMedia
    2007-11-23 08:23 --------- d-----w C:\Documents and Settings\Ryan Matzen\Application Data\AVSMedia
    2007-11-23 08:18 --------- d-----w C:\Program Files\Common Files\Download Manager
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 18:29 35,080 ----a-w C:\WINDOWS\system32\npmirage.dll
    2007-10-25 18:29 1,558,280 ----a-w C:\WINDOWS\system32\xmirage.exe
    2007-10-24 00:41 --------- d-----w C:\Documents and Settings\Ryan Matzen\Application Data\freeverbix
    2007-10-15 22:31 19,915 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2007-10-15 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-15 22:31 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
    2007-09-30 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-09-13 06:59 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2007-09-13 06:59 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2007-08-23 07:06 60,968 ----a-w C:\Documents and Settings\Ryan Matzen\GoToAssistDownloadHelper.exe
    2007-02-24 03:48 251 ----a-w C:\Program Files\wt3d.ini
    2007-03-29 01:55 1,701,894 --sha-w C:\WINDOWS\system32\ckpyrehx.ini2
    2007-03-18 08:08 1,164,621 --sha-w C:\WINDOWS\system32\ihkmp.bak1
    2007-03-21 08:58 1,224,494 --sha-w C:\WINDOWS\system32\ilkkj.ini2
    2007-03-26 22:47 1,392,089 --sha-w C:\WINDOWS\system32\jjjlm.bak1
    2007-03-28 02:13 1,288,914 --sha-w C:\WINDOWS\system32\jjjlm.bak2
    2007-03-28 13:33 1,302,316 --sha-w C:\WINDOWS\system32\jjjlm.ini2
    2007-03-21 01:49 1,224,230 --sha-w C:\WINDOWS\system32\npqss.bak1
    2007-03-18 23:05 1,168,251 --sha-w C:\WINDOWS\system32\prqss.ini2
    2007-03-18 21:07 1,164,621 --sha-w C:\WINDOWS\system32\qrutv.bak1
    2007-03-19 02:07 1,164,655 --sha-w C:\WINDOWS\system32\rrqss.bak1
    2007-04-02 19:51 1,297,038 --sha-w C:\WINDOWS\system32\stutv.ini2
    2007-03-28 13:49 1,283,278 --sha-w C:\WINDOWS\system32\vycdd.bak1
    2007-03-28 13:53 1,283,726 --sha-w C:\WINDOWS\system32\vycdd.ini2
    2007-03-19 01:33 1,165,957 --sha-w C:\WINDOWS\system32\xbadd.ini2
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 08:20 C:\WINDOWS\stsystra.exe]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50]
    "DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 12:40]
    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 14:50]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:59]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
    backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan Matzen^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Ryan Matzen\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan Matzen^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=C:\Documents and Settings\Ryan Matzen\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-10 03:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
    C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
    2006-02-10 14:06 278528 --a------ C:\Program Files\DIGStream\digstream.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcjmon.exe]
    2005-09-30 09:51 430080 --a------ C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    C:\Program Files\Electronic Arts\EA Link\Core.exe -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2006-07-06 06:15 151552 --a------ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2003-12-05 02:25 1237042 --a------ C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2004-06-03 00:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-07-31 17:44 271672 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
    2005-08-10 09:12 286720 --a------ C:\Program Files\Dell Photo AIO Printer 964\memcard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 02:50 155648 -ra------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    2004-06-03 00:51 172032 --a------ C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

    R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
    R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
    R2 SMS_v3_1_0;SMS_v3_1_0;"C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe" -s "C:\Program Files\Rosetta Stone\SMS v3.1.0hs\service\wrapper.conf"
    R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys
    R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
    S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
    S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    QWAVE QWAVE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-30 00:00:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-29 04:06:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-28 20:12:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-28 20:14:19
    .
    --- E O F ---
    Hijackthis:
    Logfile of HijackThis v1.99.1
    Scan saved at 8:27:17 PM, on 11/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe
    C:\WINDOWS\system32\java.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Documents and Settings\Ryan Matzen\Desktop\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\MSIEXEC.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3070213
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2A96D88B-55DD-46de-8235-455759988526} (Intel Content Update) - http://vvswupdate.intel-support.com/...l/gtdownin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://vep.intel.com/Entriq_3_5_2_2_Silent.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SMS_v3_1_0 - Unknown owner - C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe" -s "C:\Program Files\Rosetta Stone\SMS v3.1.0hs\service\wrapper.conf (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    RE: Error 1303. The installer has insufficient privileges to access this directory: . The installation cannot continue. Log on as administrator or contact your system administrator.

    The SYSTEM group MUST have Full Control privileges for the folder in which Superantispyware is trying to install, the same goes for any other folder which you are trying to install into ...

    As the install folder is created by the installer ...

    C:\Program Files\Superantispyware

    This folder will take it's permissions from it's parent folder Program Files

    So make sure the Program Files folder has Full Control privileges for administrator

    Do you have XP pro or home ?

    Assuming you have XP Pro ... look at the picture below

    -
    You haven't updated your java... as I suggested ... vundo Trojans get in through old java versions ...

    You have 14 vundo files ...

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:
    File::
    C:\Program Files\wt3d.ini
    C:\WINDOWS\system32\ckpyrehx.ini2
    C:\WINDOWS\system32\ihkmp.bak1
    C:\WINDOWS\system32\ilkkj.ini2
    C:\WINDOWS\system32\jjjlm.bak1
    C:\WINDOWS\system32\jjjlm.bak2
    C:\WINDOWS\system32\jjjlm.ini2
    C:\WINDOWS\system32\npqss.bak1
    C:\WINDOWS\system32\prqss.ini2
    C:\WINDOWS\system32\qrutv.bak1
    C:\WINDOWS\system32\rrqss.bak1
    C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\vycdd.bak1
    C:\WINDOWS\system32\vycdd.ini2
    C:\WINDOWS\system32\xbadd.ini2
    Save this as "CFScript.txt"

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default

    I have media center edition so I'm not sure which one that is. Should I follow the steps you mentioned anyway?

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    The media center edition is an up-market version of XP Pro ...

    So please go ahead and follow the instructions in my last post ...

    If you can't or don't know what to do about the permissions I mentioned ... forget that part & let me know, I have found a batch file which may resolve that for you ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default

    ComboFix 07-11-29.3 - Ryan Matzen 2007-11-30 15:23:27.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.515 [GMT -8:00]
    Running from: C:\Documents and Settings\Ryan Matzen\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Ryan Matzen\Desktop\CFScript.txt
    * Created a new restore point

    FILE
    C:\Program Files\wt3d.ini
    C:\WINDOWS\system32\ckpyrehx.ini2
    C:\WINDOWS\system32\ihkmp.bak1
    C:\WINDOWS\system32\ilkkj.ini2
    C:\WINDOWS\system32\jjjlm.bak1
    C:\WINDOWS\system32\jjjlm.bak2
    C:\WINDOWS\system32\jjjlm.ini2
    C:\WINDOWS\system32\npqss.bak1
    C:\WINDOWS\system32\prqss.ini2
    C:\WINDOWS\system32\qrutv.bak1
    C:\WINDOWS\system32\rrqss.bak1
    C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\vycdd.bak1
    C:\WINDOWS\system32\vycdd.ini2
    C:\WINDOWS\system32\xbadd.ini2
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\wt3d.ini
    C:\WINDOWS\system32\ckpyrehx.ini2
    C:\WINDOWS\system32\ihkmp.bak1
    C:\WINDOWS\system32\ilkkj.ini2
    C:\WINDOWS\system32\jjjlm.bak1
    C:\WINDOWS\system32\jjjlm.bak2
    C:\WINDOWS\system32\jjjlm.ini2
    C:\WINDOWS\system32\npqss.bak1
    C:\WINDOWS\system32\prqss.ini2
    C:\WINDOWS\system32\qrutv.bak1
    C:\WINDOWS\system32\rrqss.bak1
    C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\vycdd.bak1
    C:\WINDOWS\system32\vycdd.ini2
    C:\WINDOWS\system32\xbadd.ini2

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
    .

    2007-11-30 15:21 . 2007-11-30 15:21 d-------- C:\Program Files\Sun
    2007-11-23 00:34 . 2007-11-23 00:34 d-------- C:\Program Files\Neoretix
    2007-11-23 00:27 . 2007-11-23 00:27 d-------- C:\Program Files\Riva
    2007-11-23 00:27 . 2007-11-23 00:27 d-------- C:\Program Files\Common Files\SWF Studio
    2007-11-23 00:22 . 2007-11-23 00:22 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2007-11-23 00:09 . 2007-11-23 23:05 d-------- C:\Program Files\CinemaForge
    2007-11-23 00:09 . 2007-10-25 10:29 1,558,280 --a------ C:\WINDOWS\screengenie.scr
    2007-10-25 23:18 . 2007-10-25 23:18 2,544 --a------ C:\WINDOWS\system32\settings.aaw
    2007-10-25 10:29 . 2007-10-25 10:29 1,558,280 --a------ C:\WINDOWS\system32\xmirage.exe
    2007-10-25 10:29 . 2007-10-25 10:29 300,296 --a------ C:\WINDOWS\system32\xmirage.ocx
    2007-10-24 00:08 . 2007-10-24 00:08 135,944 --a------ C:\WINDOWS\system32\xmirageu.ocx
    2007-10-23 16:41 . 2007-10-23 16:41 d-------- C:\Documents and Settings\Ryan Matzen\Application Data\freeverbix
    2007-10-15 14:31 . 2007-10-15 14:31 d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
    2007-10-15 14:31 . 2007-10-15 14:31 19,915 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2007-10-15 14:31 . 2007-10-15 14:31 1,155 --a------ C:\WINDOWS\system32\WLAN.INI
    2007-10-15 14:30 . 2007-10-15 14:30 d-------- C:\Linksys Driver
    2007-10-09 16:37 . 2007-07-09 05:16 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-30 23:21 --------- d-----w C:\Program Files\Java
    2007-11-30 23:07 --------- d-----w C:\Program Files\Steam
    2007-11-29 04:27 --------- d-----w C:\Program Files\Hijack This
    2007-11-29 04:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-24 10:59 --------- d-----w C:\Program Files\Windows Defender
    2007-11-24 10:57 --------- d-----w C:\Program Files\QuickTime
    2007-11-24 10:56 --------- d-----w C:\Program Files\Dell Photo AIO Printer 964
    2007-11-24 10:52 --------- d-----w C:\Program Files\Bonjour
    2007-11-24 10:49 --------- d-----w C:\Program Files\Ace Utilities
    2007-11-24 09:21 --------- d-----w C:\Program Files\Dell Support
    2007-11-24 07:06 --------- d-----w C:\Program Files\Common Files\AVSMedia
    2007-11-24 07:06 --------- d-----w C:\Program Files\AVSMedia
    2007-11-23 08:23 --------- d-----w C:\Documents and Settings\Ryan Matzen\Application Data\AVSMedia
    2007-11-23 08:18 --------- d-----w C:\Program Files\Common Files\Download Manager
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 18:29 35,080 ----a-w C:\WINDOWS\system32\npmirage.dll
    2007-10-15 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-30 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-09-13 06:59 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2007-09-13 06:59 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2007-08-23 07:06 60,968 ----a-w C:\Documents and Settings\Ryan Matzen\GoToAssistDownloadHelper.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:04 6,058,496 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:04 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:04 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:04 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:04 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:20 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-28_20.12.53.28 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2005-11-10 17:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
    + 2007-09-25 06:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2005-11-10 17:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2007-09-25 06:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2005-11-10 19:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2007-09-25 07:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2007-11-30 23:05:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6dc.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 08:20 C:\WINDOWS\stsystra.exe]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50]
    "DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 12:40]
    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 14:50]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:59]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
    backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan Matzen^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Ryan Matzen\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan Matzen^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=C:\Documents and Settings\Ryan Matzen\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-10 03:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
    C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
    2006-02-10 14:06 278528 --a------ C:\Program Files\DIGStream\digstream.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcjmon.exe]
    2005-09-30 09:51 430080 --a------ C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    C:\Program Files\Electronic Arts\EA Link\Core.exe -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2006-07-06 06:15 151552 --a------ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2003-12-05 02:25 1237042 --a------ C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2004-06-03 00:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-07-31 17:44 271672 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
    2005-08-10 09:12 286720 --a------ C:\Program Files\Dell Photo AIO Printer 964\memcard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 02:50 155648 -ra------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    2004-06-03 00:51 172032 --a------ C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

    R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
    R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
    R2 SMS_v3_1_0;SMS_v3_1_0;"C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe" -s "C:\Program Files\Rosetta Stone\SMS v3.1.0hs\service\wrapper.conf"
    R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys
    R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
    S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
    S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    QWAVE QWAVE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-30 00:00:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-30 23:08:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-30 15:26:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-30 15:28:24
    C:\ComboFix2.txt ... 2007-11-28 20:14
    .
    --- E O F ---


    =========================================================================


    Logfile of HijackThis v1.99.1
    Scan saved at 3:30:38 PM, on 11/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe
    C:\WINDOWS\system32\java.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3070213
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: (no name) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2A96D88B-55DD-46de-8235-455759988526} (Intel Content Update) - http://vvswupdate.intel-support.com/...l/gtdownin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://vep.intel.com/Entriq_3_5_2_2_Silent.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SMS_v3_1_0 - Unknown owner - C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe" -s "C:\Program Files\Rosetta Stone\SMS v3.1.0hs\service\wrapper.conf (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

  10. #10
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Your logs are looking good now .... just a couple of orphans to remove ...

    Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O3 - Toolbar: (no name) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - (no file)


    Do you still have the install problem ?

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

Page 1 of 3 123 LastLast