1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

spyware Detector [HJT log]

Discussion in 'Malware and Virus Removal Archive' started by flanders, 2007/09/16.

  1. 2007/09/16
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    Recently my wifes laptop was attacked by some kind of virus or malware. It started getting tons of popups and had some rogue spyware software trying to get her to buy it to stop what was going on. It was called SpyShredder. I was having no part of that so I went to my computer and started to download a legitimate looking spyware program called Spyware Detector. I started to download it an it was coming so slow ( I am cursed with IDSL) that I decided to discontinue the download and just download it on her laptop and run if from there.
    I went to delete the icon that was left on my desktop from the partial download (spywaredetectorb.exe) and it would not delete. I get a message saying:
    "cannot delete spywaredetectorb.exe: It is being used buy another person or program. Close any programs that may be using the file and try again ".

    I tried a virus scan, and a spyware scan. Well I figured the hell with it and went to run system restore and got another interesting message saying, "system restore is unable to protect your computer. Please restart your computer and then run system restore again ". I restarted and still got the same message.

    I tried to use the back door and restart in safe mode or the safe mode command prompt and found another nice little suprise. My computer will only boot to normal windows. I get the blue screen of death when booting to safe mode, or safe mode with command prompt. I've been to lots of sites looking for help but found nothing so far that helps the symptoms. I ran Hijackthis, sfc /scannow, tried to even run the dos command from the run menu at the C prompt. I'm stumped. Is there anyone out there that thinks they can help?

    Thanks
     
  2. 2007/09/16
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    flanders - Welcome to the Board :)

    Post the HijackThis log here for one of our trained analysists to look at - I trust you did not 'fix' anything in HijackThis.

    My standard note on HJT ....

     

  3. to hide this advert.

  4. 2007/09/16
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    HJT Log File

    Don't know how to post a file :(
     
  5. 2007/09/16
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    HJT Log

    Well, I'll just cut and paste it :)
    I renamed the Hijackthis.exe to Crusty.exe. I read some of the viruses and malware can now detect Hijackthis (I'm peranoid :) ).

    Logfile of HijackThis v1.99.1
    Scan saved at 5:07:11 PM, on 9/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\HijackThis\Crusty.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093149530015
    O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
    O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CDBCEEE5-0977-4B05-B173-6356410C007B}: NameServer = 64.81.79.2,216.231.41.2
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  6. 2007/09/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi flanders :)

    Copy/paste is exactly how it's done. ;)

    The HijackThis log isn't showing us much, so lets use another tool to get a better look at things.

    Note: You must be logged onto an account with administrator privileges to complete the following.

    Download Deckard's System Scanner (dss.exe) to your desktop.
    Close all applications and windows.
    Double-click on dss.exe to run it and follow the prompts.
    When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

    Post the contents of both main.txt and extra.txt
     
  7. 2007/09/16
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    DSS.exe Log Files

    I sure appreciate the help.


    Deckard's System Scanner v20070905.67
    Run by Blah on 2007-09-16 19:18:58
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Failed to create restore point; System Restore is disabled (service is not running).


    -- Last 5 Restore Point(s) --
    59: 2007-08-02 03:08:08 UTC - RP948 - System Checkpoint
    58: 2007-08-01 02:12:08 UTC - RP947 - System Checkpoint
    57: 2007-07-31 01:01:44 UTC - RP946 - Printer Driver hp deskjet 5550 series Installed
    56: 2007-07-31 00:44:42 UTC - RP945 - Printer Driver hp deskjet 5550 series Installed
    55: 2007-07-30 15:35:48 UTC - RP944 - System Checkpoint


    -- First Restore Point --
    1: 2007-05-05 04:02:58 UTC - RP890 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Blah.exe) ------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 7:20:22 PM, on 9/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\Blah\Desktop\dss.exe
    C:\PROGRA~1\HIJACK~1\Blah.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093149530015
    O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
    O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CDBCEEE5-0977-4B05-B173-6356410C007B}: NameServer = 64.81.79.2,216.231.41.2
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    -- File Associations -----------------------------------------------------------

    .scr - AutoCADScript - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1 "


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>

    S3 ASUSHWIO - c:\windows\system32\drivers\asushwio.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S4 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2007-08-25 03:00:00 486 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job


    -- Files created between 2007-08-16 and 2007-09-16 -----------------------------

    2007-09-15 22:00:29 0 d--h----- C:\WINDOWS\PIF
    2007-09-15 21:39:54 63 --a------ C:\WINDOWS\system\SysSD.dll
    2007-09-15 20:24:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2007-09-01 11:28:11 0 d-------- C:\Program Files\Virtual Earth 3D
    2007-08-25 20:22:39 1156 --a------ C:\WINDOWS\mozver.dat
    2007-08-20 10:49:06 0 d-------- C:\Documents and Settings\Blah\Application Data\Sony Corporation
    2007-08-20 10:45:57 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
    2007-08-20 10:45:57 0 d-------- C:\Drivers
    2007-08-20 10:44:47 0 d-------- C:\Program Files\Sony


    -- Find3M Report ---------------------------------------------------------------

    2007-09-15 09:06:24 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2007-09-13 20:39:47 0 d-------- C:\Program Files\Lx_cats
    2007-09-11 08:33:10 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2007-09-02 08:42:47 0 d-------- C:\Program Files\Google
    2007-09-01 10:42:18 0 d-------- C:\Program Files\Common Files\Real
    2007-09-01 10:42:17 0 d-------- C:\Program Files\Common Files
    2007-09-01 10:42:14 0 d-------- C:\Documents and Settings\Blah\Application Data\Real
    2007-08-20 10:46:09 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-20 10:14:19 0 d-------- C:\Documents and Settings\Blah\Application Data\MSN6
    2007-08-14 19:07:14 0 d-------- C:\Program Files\Lexmark 730 Series
    2007-08-13 21:58:54 0 d-------- C:\Program Files\SpywareBlaster
    2007-08-13 21:36:59 0 d-------- C:\Program Files\Alwil Software
    2007-08-13 21:35:08 0 d-------- C:\Program Files\Lavasoft
    2007-08-13 21:34:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-13 21:26:48 0 d-------- C:\Documents and Settings\Blah\Application Data\Mozilla
    2007-08-12 21:23:12 0 d-------- C:\Program Files\SPAMfighter
    2007-08-11 10:00:44 0 d-------- C:\Program Files\MSXML 4.0
    2007-08-10 22:12:45 10752 --a------ C:\WINDOWS\DCEBoot.exe
    2007-08-05 13:18:15 0 d-------- C:\Program Files\hp deskjet 5550 series
    2007-08-01 21:50:57 30208 --a------ C:\WINDOWS\Program1.EXE
    2007-07-31 18:03:46 0 d-------- C:\Program Files\AutoCAD R14
    2007-07-30 18:00:54 0 d-------- C:\Program Files\Hewlett-Packard
    2007-07-23 08:57:13 30298 --a------ C:\WINDOWS\DIIUnin.dat
    2007-07-23 08:49:15 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
    2007-07-23 08:49:15 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
    2007-07-23 08:49:15 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
    2007-07-23 08:40:32 2829 --a------ C:\WINDOWS\DIIUnin.pif
    2007-07-23 08:40:32 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
    2007-07-16 14:28:55 75243 --a------ C:\WINDOWS\War3Unin.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [12/09/2002 05:19 PM]
    "avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 03:06 AM]
    "LXCFCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [07/20/2005 12:47 PM]
    "KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
    "MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 12:56 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/7/2007 5:42:54 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Blah^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
    path=C:\Documents and Settings\Blah\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
    backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    KHALMNPR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
    "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    C:\Program Files\Microsoft Money\System\reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
    C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ERSvc "=2 (0x2)
    "RasAuto "=3 (0x3)
    "Netlogon "=3 (0x3)
    "SandraTheSrv "=3 (0x3)
    "SandraDataSrv "=3 (0x3)
    "PnkBstrA "=2 (0x2)
    "aawservice "=2 (0x2)
    "lxcf_device "=3 (0x3)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c7d141-f206-11d8-a67f-806d6172696f}]
    AutoRun\command- D:\Setup\rsrc\Autorun.exe
    dinstall\command- D:\Directx\dxsetup.exe




    -- End of Deckard's System Scanner: finished at 2007-09-16 19:21:48 ------------

    HERES THE EXTRA LOG FILE !!!!!!!!!!!!!!!!!!!!:eek:


    Deckard's System Scanner v20070905.67
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: AMD Athlon(tm) XP 2800+
    Percentage of Memory in Use: 32%
    Physical Memory (total/avail): 1023.49 MiB / 694.27 MiB
    Pagefile Memory (total/avail): 2974.11 MiB / 2737.38 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1969.59 MiB

    A: is Removable (Unformatted)
    C: is Fixed (NTFS) - 74.52 GiB total, 25.36 GiB free.
    D: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD800JB-00ETA0 - 74.53 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    AV: avast! antivirus 4.7.1043 [VPS 000775-0] v4.7.1043 (ALWIL Software)

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 "

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Games\\mIRC\\mirc.exe "= "C:\\Games\\mIRC\\mirc.exe:*:Enabled:mIRC "
    "C:\\Program Files\\The All-Seeing Eye\\eye.exe "= "C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:The All-Seeing Eye "
    "C:\\Games\\Warcraft III\\war3.exe "= "C:\\Games\\Warcraft III\\war3.exe:*:Enabled:Warcraft III "
    "C:\\Games\\Quake3\\quake3.exe "= "C:\\Games\\Quake3\\quake3.exe:*:Enabled:quake3 "
    "C:\\Games\\Doom3\\doom3.exe "= "C:\\Games\\Doom3\\doom3.exe:*:Enabled:DOOM 3 "
    "C:\\Documents and Settings\\Blah\\Local Settings\\Temp\\WoWSneakPeekDownloader\\WoWSneakPeekDownloader.exe "= "C:\\Documents and Settings\\Blah\\Local Settings\\Temp\\WoWSneakPeekDownloader\\WoWSneakPeekDownloader.exe:*:Enabled:WoWSneakPeekDownloader "
    "C:\\Games\\FarCry\\Bin32\\FarCry.exe "= "C:\\Games\\FarCry\\Bin32\\FarCry.exe:*:Enabled:Far Cry "
    "C:\\Games\\HalfLife2\\Steam.exe "= "C:\\Games\\HalfLife2\\Steam.exe:*:Enabled:Steam "
    "C:\\Games\\World of Warcraft\\WoW-1.2.1-patch-enUS-Downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\HalfLife2\\SteamApps\\tino9999\\half-life 2 deathmatch\\hl2.exe "= "C:\\Games\\HalfLife2\\SteamApps\\tino9999\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2 "
    "C:\\Games\\HalfLife2\\SteamApps\\tino9999\\counter-strike source\\hl2.exe "= "C:\\Games\\HalfLife2\\SteamApps\\tino9999\\counter-strike source\\hl2.exe:*:Enabled:hl2 "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 "
    "C:\\Games\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
    "C:\\Games\\World of Warcraft\\WoW-1.4.0-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\WINDOWS\\system32\\dpnsvr.exe "= "C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server "
    "C:\\WINDOWS\\system32\\dxdiag.exe "= "C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool "
    "C:\\Games\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\Quake4\\Quake4.exe "= "C:\\Games\\Quake4\\Quake4.exe:*:Enabled:Quake 4 "
    "C:\\Games\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\FEAR\\FEAR.exe "= "C:\\Games\\FEAR\\FEAR.exe:*:Enabled:FEAR "
    "C:\\Games\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\WINDOWS\\system32\\mmc.exe "= "C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console "
    "C:\\Games\\eQuake\\fuhquake.exe "= "C:\\Games\\eQuake\\fuhquake.exe:*:Enabled:fuhquake "
    "C:\\Games\\eQuake\\fuhquake-gl.exe "= "C:\\Games\\eQuake\\fuhquake-gl.exe:*:Enabled:fuhquake-gl "
    "C:\\Games\\World of Warcraft\\BackgroundDownloader.exe "= "C:\\Games\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe "= "C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe:*:Enabled:Bejeweled2 "
    "C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Games\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe "= "C:\\Games\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
    "C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE "= "C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE:*:Disabled:Microsoft Word "
    "C:\\WINDOWS\\system32\\lxcfcoms.exe "= "C:\\WINDOWS\\system32\\lxcfcoms.exe:*:Enabled:730 Series Server "
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcfpswx.exe "= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcfpswx.exe:*:Enabled:730 Series Printer Status "


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Blah\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=MURPH
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Blah
    LOGONSERVER=\\MURPH
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0a00
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Blah\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Blah\LOCALS~1\Temp
    USERDOMAIN=MURPH
    USERNAME=Blah
    USERPROFILE=C:\Documents and Settings\Blah
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Blah (admin)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    AcadDemo --> MsiExec.exe /I{574D991A-BD5E-4158-ABE3-F98A9A9E73C8}
    Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    AsusUpdate --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\ASUS\AsusUpdate\Uninst.isu "
    AutoCAD R14.0 --> C:\WINDOWS\uninst.exe -f "C:\Program Files\AutoCAD R14\DeIsL1.isu "
    avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
    Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{584267B8-0BB0-4D18-9FFA-726576619E9A} /l1033 /x
    DOOM 3: Resurrection of Evil --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{04347DFD-87B6-4E30-B14D-5DF2888AD8F5} /l1033
    Driver Cleaner 3 --> C:\Program Files\Driver Cleaner\Uninst.exe
    Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
    FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
    Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
    HijackThis 1.99.1 --> C:\Documents and Settings\Blah\Desktop\HijackThis.exe /uninstall
    hp deskjet 5550 series --> rundll32 hpzcon07.dll,VendorJettison hp deskjet 5550 series
    hp deskjet 5550 series (Remove only) --> C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport= -vproduct=5550 -huninstall
    Lexmark 730 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcfUNST.EXE -NOLICENSE
    Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
    Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
    Microsoft Money 99 --> C:\Program Files\Microsoft Money\setup\setup.exe
    Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
    Microsoft Works Setup Launcher --> C:\Program Files\Microsoft Works Suite 99\Setup\Launcher.exe D:\
    mIRC --> "C:\Games\mIRC\mirc.exe" -uninstall
    Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN Messenger 6.2 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}
    MusicVixen Music Manager --> MsiExec.exe /I{5E0A11EA-281C-468A-898C-DF4959B6160A}
    MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
    NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
    Quake 4(TM) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}
    Quake III Arena --> C:\WINDOWS\IsUninst.exe -fc:\games\quake3\QIII.isu
    Quake III Arena Point Release 1.32 --> C:\WINDOWS\unvise32.exe c:\games\quake3\uninstal5.log
    Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe "
    Simpson AutoCAD Menu --> c:\Program Files\Simpson\Uninstal.exe
    SiSoftware Sandra Lite 2005 (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\unins000.exe "
    Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
    Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
    SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe "
    Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Steel-Link.com Suite --> rundll32.exe dfshim.dll,ShArpMaintain Steel-Link.com Suite.application, Culture=en-US, PublicKeyToken=86992200e0c6e885, processorArchitecture=msil
    TakeoffE --> C:\WINDOWS\uninst.exe -f "C:\Program Files\Rock Street\DeIsL1.isu" -c "C:\Program Files\Rock Street\_ISREG32.DLL "
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Virtual Earth 3D (Beta) --> MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
    Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type2418 / Error
    Event Submitted/Written: 09/15/2007 09:56:24 PM
    Event ID/Source: 1013 / MsiInstaller
    Event Description:
    Product: Prevx 2.0 Agent -- At least one component of the product is still running.
    Please shutdown all Prevx processes under all user accounts and try again.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type5775 / Error
    Event Submitted/Written: 09/16/2007 01:31:32 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service lxcf_device with arguments " "
    in order to run the server:
    {323CE21C-A448-40AA-BA74-7FCF1E44106F}

    Event Record #/Type5774 / Error
    Event Submitted/Written: 09/16/2007 01:31:30 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service lxcf_device with arguments " "
    in order to run the server:
    {323CE21C-A448-40AA-BA74-7FCF1E44106F}

    Event Record #/Type5753 / Error
    Event Submitted/Written: 09/16/2007 01:09:31 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1053" attempting to start the service lxcf_device with arguments " "
    in order to run the server:
    {323CE21C-A448-40AA-BA74-7FCF1E44106F}

    Event Record #/Type5752 / Error
    Event Submitted/Written: 09/16/2007 01:09:26 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The lxcf_device service failed to start due to the following error:
    %%1053

    Event Record #/Type5751 / Error
    Event Submitted/Written: 09/16/2007 01:09:26 PM
    Event ID/Source: 7009 / Service Control Manager
    Event Description:
    Timeout (30000 milliseconds) waiting for the lxcf_device service to connect.



    -- End of Deckard's System Scanner: finished at 2007-09-16 19:21:48 ------------
     
  8. 2007/09/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    While I study those logs, please download SafeBootKeyRepair
    Save it to your desktop.
    Double click to run it then post the log it produces.
     
  9. 2007/09/16
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    Safeboot repair log

    Reg export of SafeBoot key after repair:
    ========================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
    "AlternateShell "= "cmd.exe "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @= "Net "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @= "NetClient "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @= "NetService "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @= "NetTrans "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\AFD]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Browser]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Dhcp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\DnsCache]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\ip6fw.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\ipnat.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\LanmanServer]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\LanmanWorkstation]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\LmHosts]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Messenger]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NDIS]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NDIS Wrapper]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Ndisuio]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetBIOS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetBIOSGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetBT]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetDDEGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetMan]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Network]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetworkProvider]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\nm]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\nm.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NtLmSsp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\PNP_TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\rdpcdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\rdpdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\rdpwd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\rdsessmgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\sharedaccess]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Streams Drivers]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Tcpip]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\tdpipe.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\tdtcp.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\termservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\UploadMgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\WZCSVC]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @= "Net "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @= "NetClient "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @= "NetService "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @= "NetTrans "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    ========================

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
     
  10. 2007/09/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Reboot and see if you can get to safe mode. Delete that Spyware Detector file while there if you can.

    When back in normal mode, click Start>Run and type services.msc then hit enter to open the Services console. Locate System Restore Service and double click the entry. Make sure it is set to Automatic startup and then Start the service. If you get any error message, please make note of it and let me know what it is.
     
  11. 2007/09/16
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    No system restore

    Well, the file would not delete, and there was no system restore service in the list of services. It's like its gone. At least I could get into safe mode, I don't understand why getting some log files allowed me to get into safe mode!
     
  12. 2007/09/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    That last download wasn't just producing a log. It rebuilt your safeboot key in the registry from backups. ;)

    Click Start>Run and type regedit then hit enter. Click the + signs to navigate to the following location and tell me if the srservice key (folder) is present.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice

    If it's there, right click on the srservice key and select export. Give it a name and change the Save As Type to Text Files (*.txt), then save it to your desktop. Open the text file and post it's contents here please.
     
  13. 2007/09/16
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    srservices

    Srservices is not in the path you showed me. Only ones close are sr, srv, and SSDPSRV.
     
  14. 2007/09/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    That explains why you don't see the service listed in the Services console, and why it's not running.

    Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

    Filename: fix.reg
    Save as type: All Files (*.*)

    Double click fix.reg and allow it to merge with the registry.

    Reboot. Go back to the Services console (services.msc) and see if the System Restore Service is listed, set to Automatic and running.
     
  15. 2007/09/17
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    Services.msc

    Finally, I can boot into safe mode and I can run system restore. Thank you very much. At the risk of sounding like a whiner there is no restore points. This all started when I wanted to restore my system to get rid of that stupid spywaredetectorb.exe file on my desktop. It still will not go away. Do you think I may be able to delete it in safe mode command prompt? I'm gonna give it a try. Once again I really appreciate the help. It must be getting late in Ohio, its 10:00 here in Sonoma. Let me know if you have any ideas that will delete that stupid file. I owe you one.
     
  16. 2007/09/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Glad it's working again. I was hoping there would be restore points available too, since the Deckards scan showed some available. :(

    Download and install EMCO MoveOnBoot
    Start the program, then drag that file onto the lower right corner of MoveOnBoot and drop it where it says Drag/Drop File(s) or Folder(s) here. A window will pop up. Select 'Delete File(s)' and click OK. Close MoveOnBoot and restart the computer.
     
  17. 2007/09/17
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    You Da Man!

    I booted to safe mode command prompt and was able to delete the problem file. Like the title says you da man! Where'd you learn all that stuff? Must have taken some time. Thank you again, it looks like I'm okay now. Do you think I should format and reinstall after all of this or do you think eveything is in good order now (not all scrambled up)? I'm kind of anal about my computer being proper :eek:
     
  18. 2007/09/17
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    Pesky file

    I was able to remove that file in safe mode with command prompt. I am still going to download Moveonboot in case I get any more of those types of files.
    Thanks Again.
     
  19. 2007/09/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Glad it went quietly. ;)

    I don't see any reason to re-install or format if things are working properly. Check periodically over the next couple of weeks that System Restore points are being created as they should.

    Please go to jotti and submit the following file for analysis.

    C:\WINDOWS\system\SysSD.dll

    Wait for the results, then copy and post here.


    I also noticed a scheduled task;

    C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job

    You should delete that file, then uninstall SpywareBot via Add/Remove Programs. SpywareBot is a less than desirable program that earned a spot on the Rogue Anti-spyware List
     
  20. 2007/09/17
    flanders

    flanders Inactive Thread Starter

    Joined:
    2007/09/16
    Messages:
    12
    Likes Received:
    0
    Jotti's

    Here is the Jotti log. I will get rid of Spybot Search and Destroy. It was recommended on another site. What is a good software to use for spyware. Do you think Avast can handle it all? I tried PC-Cillin, what a hog! That program slowed my computer so bad (Real bloatware). Avast seems to be okay. I also have the following programs I used to try to protect my computer: SpywareBlaster, Registry Mechanic, and Ad Watch 2007. There isn't even a uninstall option for the SpywareBlaster (uh oh).

    Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
    File to upload & scan: Virus

    Service
    Service load:
    0% 100%
    File: SysSD.dll
    Status:
    OK
    MD5: e8315aca2cb5ea5c5375cf909a15050e
    Packers detected: -
    Bit9 reports: File not found

    Scanner results
    Scan taken on 18 Sep 2007 02:55:19 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    Statistics
    Last file scanned at least one scanner reported something about: server.exe (MD5: e6a9ce4187d1b84c201814e420e24c82, size: 405040 bytes), detected by:

    Scanner Malware name
    A-Squared Backdoor.Win32.Delf.azb
    AntiVir BDS/Delf.azb.3
    ArcaVir Trojan.Delf.Azb
    Avast Win32:Delf-FLI
    AVG Antivirus Delf.ZJ
    BitDefender Backdoor.Delf.AZB
    ClamAV Trojan.Delf-1269
    CPsecure BackDoor.W32.Delf.azb
    Dr.Web DLOADER.Trojan
    F-Prot Antivirus W32/Backdoor.BJHX
    F-Secure Anti-Virus Backdoor.Win32.Delf.azb
    Fortinet X
    Kaspersky Anti-Virus Backdoor.Win32.Delf.azb
    NOD32 a variant of Win32/Delf.NFE
    Norman Virus Control W32/Malware.ABIZ
    Panda Antivirus X
    Rising Antivirus Trojan.Win32.Agent.vgh
    Sophos Antivirus X
    VirusBuster Backdoor.Delf.YNF
    VBA32 Trojan.DownLoader.14124


    You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
    We are not affiliated with any third parties that conduct tests using this service.
     
    Last edited: 2007/09/17
  21. 2007/09/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Spybot S&D is a good program. Don't get rid of it. The one I mentioned was SpywareBot. looking back through your logs, I don't see it in your installed programs list, so I have to assume it was already removed and the task is just a leftover. Just delete the task.

    Many people seem happy with Avast. I don't have any personal experience with it however, so I can't give much of a recommendation for or against it.

    Everything else looks fine. Are you having any other issues? You might want to run an online scan with Kaspersky just to make sure something hasn't been overlooked. My standard speech for it follows.

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log and one more fresh HijackThis log.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.