WMI has issues outside of safe mode

Well that is good to see but for Deckard (DSS) see post 31 and 32.

So as I study the HJT log get me a Deckard.

Mike

 

Deckard's System Scanner v20071014.68
Run by Dwayne on 2008-02-17 17:43:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dwayne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:32 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dwayne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dwayne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "
O4 - HKLM\..\RunOnce: [SpybotDeletingA8212] command /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKLM\..\RunOnce: [SpybotDeletingC7300] cmd /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5262] command /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKCU\..\RunOnce: [SpybotDeletingD2837] cmd /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\RunOnce: [SpybotDeletingB5262] command /c del "C:\WINDOWS\wt\webdriver.dll" (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {4C563F3F-5621-4F23-BAC8-6B84DCA61AB2} (GoonzuGlobal_downloader Control) - http://cdn.goonzu.com/gscdnSkins/GoonzuGlobal_downloader0713.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139030516237
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/VisitorchatEnu/TLIEFlash.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.custhelp.com/7540-b358h/rnl/java/RntX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS3\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 13660 bytes

-- Files created between 2008-01-17 and 2008-02-17 -----------------------------

2008-02-17 11:44:32 0 d-------- C:\Documents and Settings\Dwayne\Application Data\PrevxCSI
2008-02-16 21:35:33 0 d-------- C:\Program Files\Lavasoft
2008-02-16 21:35:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 21:26:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 21:19:06 0 d-------- C:\Program Files\X-Cleaner
2008-02-15 20:51:58 0 d-------- C:\Program Files\Trend Micro
2008-02-15 15:52:19 0 d-------- C:\Program Files\obj
2008-02-15 15:52:16 0 d-------- C:\WINDOWS\GBD
2008-02-15 15:33:54 0 d-------- C:\WINDOWS\system32\M5455
2008-02-15 15:31:26 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-02-15 14:48:24 0 d-------- C:\Documents and Settings\asdf\Application Data\Identities
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\Templates
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\Start Menu
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\SendTo
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\Recent
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\PrintHood
2008-02-15 14:48:16 2097152 --ah----- C:\Documents and Settings\asdf\NTUSER.DAT
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\NetHood
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\My Documents
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\Local Settings
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\Favorites
2008-02-15 14:48:16 0 d-------- C:\Documents and Settings\asdf\Desktop
2008-02-15 14:48:16 0 d--hs---- C:\Documents and Settings\asdf\Cookies
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\Application Data
2008-02-15 14:48:16 0 d---s---- C:\Documents and Settings\asdf\Application Data\Microsoft
2008-02-14 18:21:01 0 d-------- C:\Dial-a-fix-v0.60.0.24 <DIAL-A~1.24>
2008-02-14 15:33:33 145047 --a------ C:\WINDOWS\system32\secedit.exe
2008-02-14 15:31:01 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-02-13 19:16:59 0 d-------- C:\Program Files\Realtek AC97
2008-02-13 18:39:49 0 d-------- C:\WINDOWS\Prefetch
2008-02-13 18:32:29 0 d-------- C:\Program Files\msn gaming zone
2008-02-13 13:49:28 0 d-------- C:\tempinf
2008-02-13 12:58:19 0 d-------- C:\WINDOWS\NV7361916.TMP
2008-02-13 12:38:32 0 d-------- C:\WINDOWS\NV7361920.TMP
2008-02-12 23:19:02 0 d-------- C:\WINDOWS\NV736252.TMP
2008-02-12 22:26:39 0 d-------- C:\WINDOWS\setup.pss
2008-02-07 18:26:14 642 --a------ C:\FIXWMI.CMD
2008-02-02 19:15:13 0 d-------- C:\WINDOWS\Cache
2008-02-02 19:15:09 0 d-------- C:\Program Files\Coupons
2008-01-31 13:09:28 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-01-31 13:09:28 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-01-31 13:04:45 0 d-------- C:\Program Files\Common Files\HP
2008-01-31 10:32:22 38771 --a------ C:\WINDOWS\hpomdl03.dat
2008-01-31 10:32:22 29364 --a------ C:\WINDOWS\hpoins03.dat
2008-01-30 02:11:09 0 d-------- C:\WINDOWS\Registration
2008-01-29 19:20:16 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-28 17:16:58 0 --a------ C:\Documents and Settings\Dwayne\net
2008-01-28 17:16:00 0 --a------ C:\Documents and Settings\Dwayne\for
2008-01-27 22:17:01 0 d-------- C:\Program Files\WON
2008-01-26 15:25:24 0 d-------- C:\divx
2008-01-25 00:59:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\InstallShield
2008-01-20 22:38:19 0 d-------- C:\WINDOWS\Family Feud II
2008-01-20 22:14:52 0 d-------- C:\Program Files\Yahoo! Games
2008-01-17 00:20:54 0 d-------- C:\WINDOWS\Kudos Rock Legend DeLEGiON


-- Find3M Report ---------------------------------------------------------------

2008-02-17 17:32:28 0 d-------- C:\Program Files\Google
2008-02-16 21:57:45 0 d-------- C:\Program Files\reconserver
2008-02-16 21:33:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 21:07:36 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Viewpoint
2008-02-16 21:07:33 0 d-------- C:\Program Files\Viewpoint
2008-02-16 21:06:52 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Lavasoft
2008-02-16 21:06:23 0 d-------- C:\Program Files\Java
2008-02-16 15:14:04 0 d-------- C:\Program Files\Winzy
2008-02-16 15:13:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-16 15:12:32 0 d-------- C:\Program Files\mIRC
2008-02-16 15:12:19 0 d-------- C:\Program Files\Magic Set Editor 2
2008-02-16 15:10:54 0 d-------- C:\Program Files\Fx Video Converter
2008-02-13 18:30:25 22704 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-02-11 22:40:46 4 --a------ C:\WINDOWS\system32\EE724F
2008-02-03 15:59:07 36 --ah----- C:\WINDOWS\system32\f9t.dat
2008-02-02 11:47:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-31 13:09:26 0 d-------- C:\Program Files\HP
2008-01-31 13:04:45 0 d-------- C:\Program Files\Common Files
2008-01-30 02:10:38 0 d-------- C:\Program Files\Online Services
2008-01-30 02:10:12 0 d-------- C:\Program Files\Windows NT
2008-01-26 15:24:19 0 d-------- C:\Program Files\DivX
2008-01-14 22:18:59 3532 --a------ C:\drmHeader.bin
2008-01-13 21:00:50 0 d-------- C:\Program Files\NetBeans 6.0
2008-01-13 20:58:16 0 d-------- C:\Program Files\Sun
2008-01-10 21:11:28 0 d-------- C:\Program Files\PayPal
2008-01-07 22:16:02 36 --a------ C:\WINDOWS\popcinfo.dat
2008-01-07 21:47:20 0 d-------- C:\Program Files\PopCap Games
2008-01-06 00:40:53 0 d-------- C:\Program Files\LucasArts
2008-01-04 16:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 16:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 16:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 16:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 16:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 13:18:59 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-04 13:18:58 0 d-------- C:\Program Files\AlienGUIse
2008-01-03 23:47:56 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Stamps.com Internet Postage
2008-01-01 11:42:26 0 d-------- C:\Program Files\PokerStars
2007-12-23 02:39:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Adobe
2007-12-19 18:22:25 0 d-------- C:\Program Files\Zune
2007-12-13 03:20:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-12-04 14:12:10 7228 --a------ C:\Documents and Settings\Dwayne\Application Data\Replay Music 3 Setup Log.txt
2007-12-04 14:11:49 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA "= "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/04/2004 07:00 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [03/30/2006 06:51 PM]
"nwiz "= "nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NVRTCLK "= "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [12/30/2003 04:44 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"ALi5289 "= "C:\Program Files\ULI5289\ALi5289.exe" [03/10/2005 01:56 AM]
"Zune Launcher "= "C:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 09:51 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 05:28 PM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"DXDllRegExe "= "dxdllreg.exe" []
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"SoundMan "= "SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"X-Cleaner Deluxe "= "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" [05/22/2007 06:31 PM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB5262 "=command /c del "C:\WINDOWS\wt\webdriver.dll "
"SpybotDeletingD2837 "=cmd /c del "C:\WINDOWS\wt\webdriver.dll "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA8212 "=command /c del "C:\WINDOWS\wt\webdriver.dll "
"SpybotDeletingC7300 "=cmd /c del "C:\WINDOWS\wt\webdriver.dll "
"SpybotSnD "= "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 5:19:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
ASWLNDLL.dll 05/13/2007 09:45 PM 6656 C:\WINDOWS\system32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aff355d-93da-11da-a362-806d6172696f}]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d1a3ce-f4e6-11da-ba15-001485e6ee9e}]
AutoRun\command- F:\AutoRun.exe

*Newly Created Service* - I2OMGMT



-- End of Deckard's System Scanner: finished at 2008-02-17 17:44:20 ------------

 

I have not forgotten your original problem with WMI, but these issues should have been resolved first. My mistake for not asking for the DSS earlier.

This cleanup process may/may not resolve that issue but needs to be handled. At the very least it should improve general performance and stability.

OK have you not rebooted since the SpyBot cleanup?

Spybot has some issues it needs to finish cleaning that require a reboot.

But before the reboot

D/L and run http://www.pchell.com/downloads/WTRemover.exe

Some other things have changed! Did you just install the full Xcleaner?

Your Sata driverers also appear to be back, is your SATA drive working again.

Do you know about these?
C:\Program Files\Winzy
C:\Program Files\WON
If in add/remove and you don't know what they are then uninstall. If not in add/remove then browse to them and delete them.

Do you know about these? Use HJT to remove them if possible. Typically these will be reinstalled when you use the program that needs them. So lets get rid of them for the time being!

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.0.84.cab

O16 - DPF: {4C563F3F-5621-4F23-BAC8-6B84DCA61AB2} (GoonzuGlobal_downloader Control) - http://cdn.goonzu.com/gscdnSkins/Goo...loader0713.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/VisitorchatEnu/TLIEFlash.CAB

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41...an/hangman.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

Are you on a Local network that has Novell netware requirements if not
rt click Local Area Connection and uncheck anything that begins with NW (netware), then use HJT to remove the following.

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

Please reboot into safe mode run ATF-Cleaner and CCleaner as directed earlier in this thread.

Reboot back to normal and before running any other programs post a new HJT and DSS after the reboot.

Mike

 

Deckard's System Scanner v20071014.68
Run by Dwayne on 2008-02-18 19:50:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dwayne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:05 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Documents and Settings\Dwayne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dwayne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139030516237
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.custhelp.com/7540-b358h/rnl/java/RntX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS3\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 12114 bytes

-- Files created between 2008-01-18 and 2008-02-18 -----------------------------

2008-02-17 11:44:32 0 d-------- C:\Documents and Settings\Dwayne\Application Data\PrevxCSI
2008-02-16 21:35:33 0 d-------- C:\Program Files\Lavasoft
2008-02-16 21:35:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 21:26:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 21:19:06 0 d-------- C:\Program Files\X-Cleaner
2008-02-15 20:51:58 0 d-------- C:\Program Files\Trend Micro
2008-02-15 15:52:19 0 d-------- C:\Program Files\obj
2008-02-15 15:52:16 0 d-------- C:\WINDOWS\GBD
2008-02-15 15:33:54 0 d-------- C:\WINDOWS\system32\M5455
2008-02-15 15:31:26 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-02-15 14:48:24 0 d-------- C:\Documents and Settings\asdf\Application Data\Identities
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\Templates
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\Start Menu
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\SendTo
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\Recent
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\PrintHood
2008-02-15 14:48:16 2097152 --ah----- C:\Documents and Settings\asdf\NTUSER.DAT
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\NetHood
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\My Documents
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\Local Settings
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\Favorites
2008-02-15 14:48:16 0 d-------- C:\Documents and Settings\asdf\Desktop
2008-02-15 14:48:16 0 d--hs---- C:\Documents and Settings\asdf\Cookies
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\Application Data
2008-02-15 14:48:16 0 d---s---- C:\Documents and Settings\asdf\Application Data\Microsoft
2008-02-14 18:21:01 0 d-------- C:\Dial-a-fix-v0.60.0.24 <DIAL-A~1.24>
2008-02-14 15:33:33 145047 --a------ C:\WINDOWS\system32\secedit.exe
2008-02-14 15:31:01 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-02-13 19:16:59 0 d-------- C:\Program Files\Realtek AC97
2008-02-13 18:39:49 0 d-------- C:\WINDOWS\Prefetch
2008-02-13 18:32:29 0 d-------- C:\Program Files\msn gaming zone
2008-02-13 13:49:28 0 d-------- C:\tempinf
2008-02-13 12:58:19 0 d-------- C:\WINDOWS\NV7361916.TMP
2008-02-13 12:38:32 0 d-------- C:\WINDOWS\NV7361920.TMP
2008-02-12 23:19:02 0 d-------- C:\WINDOWS\NV736252.TMP
2008-02-12 22:26:39 0 d-------- C:\WINDOWS\setup.pss
2008-02-07 18:26:14 642 --a------ C:\FIXWMI.CMD
2008-02-02 19:15:13 0 d-------- C:\WINDOWS\Cache
2008-02-02 19:15:09 0 d-------- C:\Program Files\Coupons
2008-01-31 13:09:28 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-01-31 13:09:28 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-01-31 13:04:45 0 d-------- C:\Program Files\Common Files\HP
2008-01-31 10:32:22 38771 --a------ C:\WINDOWS\hpomdl03.dat
2008-01-31 10:32:22 29364 --a------ C:\WINDOWS\hpoins03.dat
2008-01-30 02:11:09 0 d-------- C:\WINDOWS\Registration
2008-01-29 19:20:16 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-28 17:16:58 0 --a------ C:\Documents and Settings\Dwayne\net
2008-01-28 17:16:00 0 --a------ C:\Documents and Settings\Dwayne\for
2008-01-27 22:17:01 0 d-------- C:\Program Files\WON
2008-01-26 15:25:24 0 d-------- C:\divx
2008-01-25 00:59:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\InstallShield
2008-01-20 22:38:19 0 d-------- C:\WINDOWS\Family Feud II
2008-01-20 22:14:52 0 d-------- C:\Program Files\Yahoo! Games


-- Find3M Report ---------------------------------------------------------------

2008-02-18 18:06:53 0 d-------- C:\Program Files\Google
2008-02-18 18:00:16 0 d-------- C:\Program Files\Common Files\SystemRequirementsLab
2008-02-16 21:57:45 0 d-------- C:\Program Files\reconserver
2008-02-16 21:33:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 21:07:36 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Viewpoint
2008-02-16 21:07:33 0 d-------- C:\Program Files\Viewpoint
2008-02-16 21:06:52 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Lavasoft
2008-02-16 21:06:23 0 d-------- C:\Program Files\Java
2008-02-16 15:14:04 0 d-------- C:\Program Files\Winzy
2008-02-16 15:13:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-16 15:12:32 0 d-------- C:\Program Files\mIRC
2008-02-16 15:12:19 0 d-------- C:\Program Files\Magic Set Editor 2
2008-02-16 15:10:54 0 d-------- C:\Program Files\Fx Video Converter
2008-02-13 18:30:25 22704 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-02-11 22:40:46 4 --a------ C:\WINDOWS\system32\EE724F
2008-02-03 15:59:07 36 --ah----- C:\WINDOWS\system32\f9t.dat
2008-02-02 11:47:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-31 13:09:26 0 d-------- C:\Program Files\HP
2008-01-31 13:04:45 0 d-------- C:\Program Files\Common Files
2008-01-30 02:10:38 0 d-------- C:\Program Files\Online Services
2008-01-30 02:10:12 0 d-------- C:\Program Files\Windows NT
2008-01-26 15:24:19 0 d-------- C:\Program Files\DivX
2008-01-14 22:18:59 3532 --a------ C:\drmHeader.bin
2008-01-13 21:00:50 0 d-------- C:\Program Files\NetBeans 6.0
2008-01-13 20:58:16 0 d-------- C:\Program Files\Sun
2008-01-10 21:11:28 0 d-------- C:\Program Files\PayPal
2008-01-07 22:16:02 36 --a------ C:\WINDOWS\popcinfo.dat
2008-01-07 21:47:20 0 d-------- C:\Program Files\PopCap Games
2008-01-06 00:40:53 0 d-------- C:\Program Files\LucasArts
2008-01-04 16:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 16:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 16:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 16:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 16:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 13:18:59 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-04 13:18:58 0 d-------- C:\Program Files\AlienGUIse
2008-01-03 23:47:56 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Stamps.com Internet Postage
2008-01-01 11:42:26 0 d-------- C:\Program Files\PokerStars
2007-12-23 02:39:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Adobe
2007-12-19 18:22:25 0 d-------- C:\Program Files\Zune
2007-12-13 03:20:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-04 14:12:10 7228 --a------ C:\Documents and Settings\Dwayne\Application Data\Replay Music 3 Setup Log.txt
2007-12-04 14:11:49 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA "= "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/04/2004 07:00 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [03/30/2006 06:51 PM]
"nwiz "= "nwiz.exe" [08/11/2006 08:43 PM C:\WINDOWS\system32\nwiz.exe]
"NVRTCLK "= "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [12/30/2003 04:44 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 08:43 PM]
"ALi5289 "= "C:\Program Files\ULI5289\ALi5289.exe" [03/10/2005 01:56 AM]
"Zune Launcher "= "C:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 09:51 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 05:28 PM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"DXDllRegExe "= "dxdllreg.exe" []
"SoundMan "= "SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [08/11/2006 08:43 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"X-Cleaner Deluxe "= "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" [05/22/2007 06:31 PM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 5:19:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
ASWLNDLL.dll 05/13/2007 09:45 PM 6656 C:\WINDOWS\system32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d1a3ce-f4e6-11da-ba15-001485e6ee9e}]
AutoRun\command- F:\AutoRun.exe




-- End of Deckard's System Scanner: finished at 2008-02-18 19:51:09 ------------

 

Also:

I couldn't find where to disable the NW stuff, and I don't know whether my home network uses it or not. It wasn't able to remove it the way it was though.

I installed the SATA drivers listed on the mobo's website but it didn't seem to do anything for me on that front. I have the CD that came with the mobo and I'm going to try to install off that either tonight or in the morning.

 

Morning Spider

Your Internet provider is Charter but the below is only needed if AOL is your ISP. Was AOL your ISP in the past? This is not needed by other programs like aol mail or messenger. Use HJT and delete it if not used.

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

The following 3 programs need to be GONE! Check add/remove again and uninstall. If no uninstall entry then browse with Explorer to program files and delete manually.

C:\Program Files\Coupons

C:\Program Files\WON

C:\Program Files\Winzy

or paste the following 6 lines to the cmd prompt to remove them, hit enter twice before exiting cmd prompt

attrib -h -s -r C:\ "Program Files\Coupons "\*.* /s /d
attrib -h -s -r C:\ "Program Files\WON "\*.* /s /d
attrib -h -s -r C:\ "Program Files\Winzy "\*.* /s /d
rd /s /q C:\ "Program Files\Coupons "
rd /s /q C:\ "Program Files\WON "
rd /s /q C:\ "Program Files\Winzy "


Check add/remove for the following

C:\Program Files\Viewpoint

if not there d/l below and cleanup
http://prm753.bchea.org/click/click.php?id=1

As for the Netware, if you have a home network you would know if you had netware as it would have costed you several Ben Franklins.

go to Control Panel then Network Connections then rt click Local Area Connection, look under

"This connection uses the following items "

uncheck any items that begin with nw (netware).

Reboot after all above.

Mike

OK handle the above then lets get your Sata drive workng and then recheck WMI!

 

hi
i just recently had almost the same problems with WMI. for me the problem was definitely with the Repository folder. i tried the rebuilding method which did not work. i did not want to use system restore but i was able to find a copy of the Repository folder in the system volume information folder. i then replaced the Repository folder in C:\WINDOWS\system\wbem with the one i found in the system volume information and all my WMI problems were gone.

 

The earliest repository in my system restore information was from three days ago and replacing it didn't work.

The set of three programs weren't in my add/remove programs list (I had deleted them from there before I believe) but the command line thing worked fine.

Viewpoint Killer downloaded and ran fine.

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe has been removed by HJT.

There is nothing beginning with NW anywhere under my Local Area Network, just the set of normal stuff that is also on my fiance's computer.

 

OK lets get 1 more DSS to see if they did in fact remove, and that removing these last items uncovered any others.

Create a new System Restore point.

Also check the WMI issue.

If it still exists (since we have cleaned these other issues) then lets do another repair install.

This way.

With Windows running insert the Windows XP SP2 CD into the drive. If it autoruns tell it to start an installation of windows.

It should detect that windows is currently installed and Recomend to "Upgrade" if so select "upgrade" and let it finish it will reboot and continue installing.

If it does not autorun on insertion then browse to the drive and run Setup.

IF IT DOES NOT OFFER TO UPGRADE DO NOT CONTINUE!!!!!

Once it returns to the Desktop check Windows update and install any required updates.

Check WMI and get back!

Mike

 

I'm getting the same provider load failure on WMI's properties that I had before and system32 is doing the same thing.

I successfully created a system restore point using Windows's built-in System Restore.

Deckard's System Scanner v20071014.68
Run by Dwayne on 2008-02-20 12:35:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dwayne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:36 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Documents and Settings\Dwayne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dwayne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139030516237
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.custhelp.com/7540-b358h/rnl/java/RntX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS3\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 12082 bytes

-- Files created between 2008-01-20 and 2008-02-20 -----------------------------

2008-02-19 19:26:59 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-02-19 19:24:00 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Tunebite
2008-02-19 19:23:10 0 d-------- C:\Program Files\RapidSolution
2008-02-19 19:23:10 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-02-17 11:44:32 0 d-------- C:\Documents and Settings\Dwayne\Application Data\PrevxCSI
2008-02-16 21:35:33 0 d-------- C:\Program Files\Lavasoft
2008-02-16 21:35:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 21:26:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 21:19:06 0 d-------- C:\Program Files\X-Cleaner
2008-02-15 20:51:58 0 d-------- C:\Program Files\Trend Micro
2008-02-15 15:52:19 0 d-------- C:\Program Files\obj
2008-02-15 15:52:16 0 d-------- C:\WINDOWS\GBD
2008-02-15 15:33:54 0 d-------- C:\WINDOWS\system32\M5455
2008-02-15 15:31:26 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-02-15 14:48:24 0 d-------- C:\Documents and Settings\asdf\Application Data\Identities
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\Templates
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\Start Menu
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\SendTo
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\Recent
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\PrintHood
2008-02-15 14:48:16 2097152 --ah----- C:\Documents and Settings\asdf\NTUSER.DAT
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\NetHood
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\My Documents
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\Local Settings
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\Favorites
2008-02-15 14:48:16 0 d-------- C:\Documents and Settings\asdf\Desktop
2008-02-15 14:48:16 0 d--hs---- C:\Documents and Settings\asdf\Cookies
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\Application Data
2008-02-15 14:48:16 0 d---s---- C:\Documents and Settings\asdf\Application Data\Microsoft
2008-02-14 18:21:01 0 d-------- C:\Dial-a-fix-v0.60.0.24 <DIAL-A~1.24>
2008-02-14 15:33:33 145047 --a------ C:\WINDOWS\system32\secedit.exe
2008-02-14 15:31:01 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-02-13 19:16:59 0 d-------- C:\Program Files\Realtek AC97
2008-02-13 18:39:49 0 d-------- C:\WINDOWS\Prefetch
2008-02-13 18:32:29 0 d-------- C:\Program Files\msn gaming zone
2008-02-13 13:49:28 0 d-------- C:\tempinf
2008-02-13 12:58:19 0 d-------- C:\WINDOWS\NV7361916.TMP
2008-02-13 12:38:32 0 d-------- C:\WINDOWS\NV7361920.TMP
2008-02-12 23:19:02 0 d-------- C:\WINDOWS\NV736252.TMP
2008-02-12 22:26:39 0 d-------- C:\WINDOWS\setup.pss
2008-02-07 18:26:14 642 --a------ C:\FIXWMI.CMD
2008-02-02 19:15:13 0 d-------- C:\WINDOWS\Cache
2008-01-31 13:09:28 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-01-31 13:09:28 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-01-31 13:04:45 0 d-------- C:\Program Files\Common Files\HP
2008-01-31 10:32:22 38771 --a------ C:\WINDOWS\hpomdl03.dat
2008-01-31 10:32:22 29364 --a------ C:\WINDOWS\hpoins03.dat
2008-01-30 02:11:09 0 d-------- C:\WINDOWS\Registration
2008-01-29 19:20:16 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-28 17:16:58 0 --a------ C:\Documents and Settings\Dwayne\net
2008-01-28 17:16:00 0 --a------ C:\Documents and Settings\Dwayne\for
2008-01-26 15:25:24 0 d-------- C:\divx
2008-01-25 00:59:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\InstallShield
2008-01-20 22:38:19 0 d-------- C:\WINDOWS\Family Feud II
2008-01-20 22:14:52 0 d-------- C:\Program Files\Yahoo! Games


-- Find3M Report ---------------------------------------------------------------

2008-02-19 19:39:13 0 d-------- C:\Program Files\AOL 9.0
2008-02-19 19:39:10 0 d-------- C:\Program Files\AIM
2008-02-18 18:06:53 0 d-------- C:\Program Files\Google
2008-02-18 18:00:16 0 d-------- C:\Program Files\Common Files\SystemRequirementsLab
2008-02-16 21:57:45 0 d-------- C:\Program Files\reconserver
2008-02-16 21:33:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 21:07:36 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Viewpoint
2008-02-16 21:06:52 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Lavasoft
2008-02-16 21:06:23 0 d-------- C:\Program Files\Java
2008-02-16 15:13:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-16 15:12:32 0 d-------- C:\Program Files\mIRC
2008-02-16 15:12:19 0 d-------- C:\Program Files\Magic Set Editor 2
2008-02-16 15:10:54 0 d-------- C:\Program Files\Fx Video Converter
2008-02-13 18:30:25 22704 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-02-11 22:40:46 4 --a------ C:\WINDOWS\system32\EE724F
2008-02-03 15:59:07 36 --ah----- C:\WINDOWS\system32\f9t.dat
2008-02-02 11:47:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-31 13:09:26 0 d-------- C:\Program Files\HP
2008-01-31 13:04:45 0 d-------- C:\Program Files\Common Files
2008-01-30 02:10:38 0 d-------- C:\Program Files\Online Services
2008-01-30 02:10:12 0 d-------- C:\Program Files\Windows NT
2008-01-26 15:24:19 0 d-------- C:\Program Files\DivX
2008-01-14 22:18:59 3532 --a------ C:\drmHeader.bin
2008-01-13 21:00:50 0 d-------- C:\Program Files\NetBeans 6.0
2008-01-13 20:58:16 0 d-------- C:\Program Files\Sun
2008-01-10 21:11:28 0 d-------- C:\Program Files\PayPal
2008-01-07 22:16:02 36 --a------ C:\WINDOWS\popcinfo.dat
2008-01-07 21:47:20 0 d-------- C:\Program Files\PopCap Games
2008-01-06 00:40:53 0 d-------- C:\Program Files\LucasArts
2008-01-04 16:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 16:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 16:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 16:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 16:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 13:18:59 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-04 13:18:58 0 d-------- C:\Program Files\AlienGUIse
2008-01-03 23:47:56 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Stamps.com Internet Postage
2008-01-01 11:42:26 0 d-------- C:\Program Files\PokerStars
2007-12-23 02:39:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Adobe
2007-12-13 03:20:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-04 14:12:10 7228 --a------ C:\Documents and Settings\Dwayne\Application Data\Replay Music 3 Setup Log.txt
2007-12-04 14:11:49 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA "= "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/04/2004 07:00 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [03/30/2006 06:51 PM]
"nwiz "= "nwiz.exe" [08/11/2006 08:43 PM C:\WINDOWS\system32\nwiz.exe]
"NVRTCLK "= "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [12/30/2003 04:44 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 08:43 PM]
"ALi5289 "= "C:\Program Files\ULI5289\ALi5289.exe" [03/10/2005 01:56 AM]
"Zune Launcher "= "C:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 09:51 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 05:28 PM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"DXDllRegExe "= "dxdllreg.exe" []
"SoundMan "= "SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [08/11/2006 08:43 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"X-Cleaner Deluxe "= "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" [05/22/2007 06:31 PM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 5:19:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
ASWLNDLL.dll 05/13/2007 09:45 PM 6656 C:\WINDOWS\system32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d1a3ce-f4e6-11da-ba15-001485e6ee9e}]
AutoRun\command- F:\AutoRun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- End of Deckard's System Scanner: finished at 2008-02-20 12:36:38 ------------

 

OK I can't keep up with you!

QUESTION! Is not Charter your ISP??????

Mike

 

I am doing the repair install right now, I am on my fiance's computer for the moment. It is on the installing hardware portion and is kinda pokey, but making progress. I'll report back if it stops going.

UPDATE: 3 minutes left, looks like the repair is going fine. I'll report when I reboot and find the changes.

Charter was my ISP when I lived with my parents, Comcast is now, so there may be Charter stuff left behind. Did the AOL stuff not clean up or something?

 

No change on the WMI or SATA front post-repair.

 

Well the DNS servers in the DSS identify as Charter! This just may have prevalace in our WMI issue!

Hmmm!

Then there is the AOL ver 9 that just showed up on the last DSS!!!

Did you install that or or did something else we removed uncover it to make it visable????????

You do not need the full AOL software ?rap just to run AOL messenger!

What is going on??

OK for the DNS issues do the below.

Paste the following line to the CMD prompt and hit enter twice

%SystemRoot%\system32\cmd.exe /c %windir%\system32\ipconfig.exe /all > "%USERPROFILE% "\Desktop\Ipcfg.txt

A file will apear on the desktop ipconfig.txt. Edit this file and put ?? in the IP address only as 1??.???.1.1 etc do not obsure the very first digit. As in this example.

Post edited file!

Mike

 

I had AOL 9 installed to play a game with my fiance when I lived with my parents before I figured out how to get to it via browser. I have AIM installed separately. I will go ahead and uninstall AOL completely if I haven't already.

I'm gonna go ahead and do the stuff you listed in this post and report back.

 

Windows IP Configuration



Host Name . . . . . . . . . . . . : JORDAN

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-14-85-E6-EE-9E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 1??.???.10.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.10.1

DHCP Server . . . . . . . . . . . : 192.168.10.1

DNS Servers . . . . . . . . . . . : 192.168.10.1

Lease Obtained. . . . . . . . . . : Wednesday, February 20, 2008 1:42:20 PM

Lease Expires . . . . . . . . . . : Thursday, February 21, 2008 1:42:20 PM

 

OH Boy!

But at least we have something really bad to fix.

Your true DNS servers are being hidden by your router (Default Gateway .: 192.168.10.1)

It is possible to use the Charter DNS servers while using another ISP so we will need to look into the router shortly.

We will get them later by another method!

After AOL 9 is removed

run HJT Scan only and mark the following and delete if they still exist

O17 - HKLM\System\CS1\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS3\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

Now before proceeding to below reboot and run HJT and check that they are all gone

After above is complete do below

OK we will now give your TCP and Winsock a Laxitive
Paste the following to the command prompt:

netsh interface ip delete arpcache
ipconfig /flushdns
ipconfig /release *
ipconfig /renew *
ipconfig /registerdns
nbtstat -RR

hit enter twice and reboot

do not be concerned if all do not run or give errors

Now test WMI and if not working post another DSS!

Mike

 

The O17 stuff is gone, as is the AOL. I ran the command prompt stuff but it still isn't working.

Deckard's System Scanner v20071014.68
Run by Dwayne on 2008-02-20 16:32:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dwayne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:10 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Documents and Settings\Dwayne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dwayne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139030516237
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.custhelp.com/7540-b358h/rnl/java/RntX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 11709 bytes

-- Files created between 2008-01-20 and 2008-02-20 -----------------------------

2008-02-20 13:26:43 0 d-------- C:\WINDOWS\Prefetch
2008-02-20 13:19:08 0 d-------- C:\Program Files\msn gaming zone
2008-02-20 13:14:00 0 d-------- C:\WINDOWS\NV6762020.TMP
2008-02-19 19:26:59 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-02-19 19:24:00 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Tunebite
2008-02-19 19:23:10 0 d-------- C:\Program Files\RapidSolution
2008-02-19 19:23:10 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-02-17 11:44:32 0 d-------- C:\Documents and Settings\Dwayne\Application Data\PrevxCSI
2008-02-16 21:35:33 0 d-------- C:\Program Files\Lavasoft
2008-02-16 21:35:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 21:26:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 21:19:06 0 d-------- C:\Program Files\X-Cleaner
2008-02-15 20:51:58 0 d-------- C:\Program Files\Trend Micro
2008-02-15 15:52:19 0 d-------- C:\Program Files\obj
2008-02-15 15:52:16 0 d-------- C:\WINDOWS\GBD
2008-02-15 15:33:54 0 d-------- C:\WINDOWS\system32\M5455
2008-02-15 15:31:26 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-02-14 18:21:01 0 d-------- C:\Dial-a-fix-v0.60.0.24 <DIAL-A~1.24>
2008-02-14 15:31:01 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-02-13 19:16:59 0 d-------- C:\Program Files\Realtek AC97
2008-02-13 13:49:28 0 d-------- C:\tempinf
2008-02-13 12:58:19 0 d-------- C:\WINDOWS\NV7361916.TMP
2008-02-13 12:38:32 0 d-------- C:\WINDOWS\NV7361920.TMP
2008-02-12 23:19:02 0 d-------- C:\WINDOWS\NV736252.TMP
2008-02-12 22:26:39 0 d-------- C:\WINDOWS\setup.pss
2008-02-07 18:26:14 642 --a------ C:\FIXWMI.CMD
2008-02-02 19:15:13 0 d-------- C:\WINDOWS\Cache
2008-01-31 13:09:28 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-01-31 13:09:28 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-01-31 13:04:45 0 d-------- C:\Program Files\Common Files\HP
2008-01-31 10:32:22 38771 --a------ C:\WINDOWS\hpomdl03.dat
2008-01-31 10:32:22 29364 --a------ C:\WINDOWS\hpoins03.dat
2008-01-30 02:11:09 0 d-------- C:\WINDOWS\Registration
2008-01-29 19:20:16 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-28 17:16:58 0 --a------ C:\Documents and Settings\Dwayne\net
2008-01-28 17:16:00 0 --a------ C:\Documents and Settings\Dwayne\for
2008-01-26 15:25:24 0 d-------- C:\divx
2008-01-25 00:59:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\InstallShield
2008-01-20 22:38:19 0 d-------- C:\WINDOWS\Family Feud II
2008-01-20 22:14:52 0 d-------- C:\Program Files\Yahoo! Games


-- Find3M Report ---------------------------------------------------------------

2008-02-20 15:56:20 0 d-------- C:\Program Files\Common Files\AOL
2008-02-20 15:54:44 0 d-------- C:\Program Files\Common Files
2008-02-20 15:52:19 0 d-------- C:\Documents and Settings\Dwayne\Application Data\AOL
2008-02-20 15:46:30 0 d-------- C:\Program Files\Zune
2008-02-20 13:16:44 22780 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-02-19 19:39:10 0 d-------- C:\Program Files\AIM
2008-02-18 18:06:53 0 d-------- C:\Program Files\Google
2008-02-18 18:00:16 0 d-------- C:\Program Files\Common Files\SystemRequirementsLab
2008-02-16 21:57:45 0 d-------- C:\Program Files\reconserver
2008-02-16 21:33:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 21:07:36 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Viewpoint
2008-02-16 21:06:52 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Lavasoft
2008-02-16 21:06:23 0 d-------- C:\Program Files\Java
2008-02-16 15:13:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-16 15:12:32 0 d-------- C:\Program Files\mIRC
2008-02-16 15:12:19 0 d-------- C:\Program Files\Magic Set Editor 2
2008-02-16 15:10:54 0 d-------- C:\Program Files\Fx Video Converter
2008-02-11 22:40:46 4 --a------ C:\WINDOWS\system32\EE724F
2008-02-03 15:59:07 36 --ah----- C:\WINDOWS\system32\f9t.dat
2008-02-02 11:47:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-31 13:09:26 0 d-------- C:\Program Files\HP
2008-01-30 02:10:38 0 d-------- C:\Program Files\Online Services
2008-01-30 02:10:12 0 d-------- C:\Program Files\Windows NT
2008-01-26 15:24:19 0 d-------- C:\Program Files\DivX
2008-01-14 22:18:59 3532 --a------ C:\drmHeader.bin
2008-01-13 21:00:50 0 d-------- C:\Program Files\NetBeans 6.0
2008-01-13 20:58:16 0 d-------- C:\Program Files\Sun
2008-01-10 21:11:28 0 d-------- C:\Program Files\PayPal
2008-01-07 22:16:02 36 --a------ C:\WINDOWS\popcinfo.dat
2008-01-07 21:47:20 0 d-------- C:\Program Files\PopCap Games
2008-01-06 00:40:53 0 d-------- C:\Program Files\LucasArts
2008-01-04 16:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 16:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 16:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 16:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 16:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 13:18:59 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-04 13:18:58 0 d-------- C:\Program Files\AlienGUIse
2008-01-03 23:47:56 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Stamps.com Internet Postage
2008-01-01 11:42:26 0 d-------- C:\Program Files\PokerStars
2007-12-23 02:39:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Adobe
2007-12-13 03:20:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-12-04 14:12:10 7228 --a------ C:\Documents and Settings\Dwayne\Application Data\Replay Music 3 Setup Log.txt
2007-12-04 14:11:49 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA "= "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/04/2004 07:00 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [03/30/2006 06:51 PM]
"nwiz "= "nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NVRTCLK "= "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [12/30/2003 04:44 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"ALi5289 "= "C:\Program Files\ULI5289\ALi5289.exe" [03/10/2005 01:56 AM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 05:28 PM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"DXDllRegExe "= "dxdllreg.exe" []
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"SoundMan "= "SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"X-Cleaner Deluxe "= "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" [05/22/2007 06:31 PM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 5:19:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
ASWLNDLL.dll 05/13/2007 09:45 PM 6656 C:\WINDOWS\system32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d1a3ce-f4e6-11da-ba15-001485e6ee9e}]
AutoRun\command- F:\AutoRun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- End of Deckard's System Scanner: finished at 2008-02-20 16:33:04 ------------

 

Which cmd prompt stuff?

The below should work, drag mouse and hilite all 6 lines below then rt click and copy

netsh interface ip delete arpcache
ipconfig /flushdns
ipconfig /release *
ipconfig /renew *
ipconfig /registerdns
nbtstat -RR

Start-Run
type
cmd

now paste into command screen.
answer any prompts needed to allow to complete
hit enter twice after all lines have executed ,and reboot

Now if you know how to access the router setup look and see what the DNS servers are. Run IE and type 192.168.10.1 into address line.

Hope you either have no password or you know it!

Mike

 

I mean I ran the command prompt stuff, and the WMI still isn't working, not that the command prompt stuff isn't working

I'll check the router info now.