A rundll32 problem

Question

Merordith 0 Newbie Poster

13 Years Ago

Hi, another newbie here, I have the technical expertise of a goat so bear with me. Running windows xp with sp3 and VERY recently have had an issue in control panel where I can't access any screensaver files. I know this sounds like a nothing problem but I get a message saying 'rundll32.exe not responding'. I checked a few forums and see that this message is normally associated with virus/trojan or other nastiness so I downloaded HJT and I'll post the log and hope someone can help.
Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:11:11, on 07/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Media\Security\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
C:\Program Files\Virgin Media\HUB\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virgin Media\Security\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VirginMediaHUB.exe] "C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Virgin Media Security (Radialpoint Security Services) - Virgin Media - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: Virgin Media Security Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Media\Security\Fws.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\HUB\ServicepointService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 10063 bytes

windows-virus

2 Contributors
24 Replies
264 Views
5 Days Discussion Span
Latest Post 13 Years Ago Latest Post by Merordith

All 24 Replies

crunchie 990 Most Valuable Poster

13 Years Ago

Hi and welcome to the Daniweb forums :).

==========

Read me before posting a request for assistance

crunchie 990 Most Valuable Poster

13 Years Ago

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

=================

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

============

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

crunchie 990 Most Valuable Poster

13 Years Ago

OTL should have no problems running. Haven't seen this behaviour before.
Please update your adobe reader.

Unless you have reason, you should update Internet Exploder too.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
D:\Documents and Settings\All Users\Application Data\drctchbl.xvi
D:\Documents and Settings\All Users\Application Data\xqkcebzs.dik

:Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

================

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

crunchie 990 Most Valuable Poster

13 Years Ago

Try this one;

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

You will need to use Internet Explorer to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

crunchie 990 Most Valuable Poster

13 Years Ago

Try the fix here; http://www.ehow.com/how_6834853_fix-rundll32_exe-application-error.html

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Merordith 0 Newbie Poster · Answer 1 · 2010-08-08T18:01:15+00:00

Thanks for the quick response, I'll follow the instructions on the above link:)

Merordith 0 Newbie Poster · Answer 2 · 2010-08-09T04:02:46+00:00

God, I hope I got everything so here goes:

GMER ONE:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-08 17:27:29
Windows 5.1.2600 Service Pack 3
Running: 49r4l8zs.exe; Driver: D:\DOCUME~1\GARETH~1.001\LOCALS~1\Temp\kflcaaoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)
AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

---- EOF - GMER 1.0.15 ----
When I ran the full scan, the programme hung on a file but I got the following from it:

GMER TWO:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-08 18:30:12
Windows 5.1.2600 Service Pack 3
Running: 49r4l8zs.exe; Driver: D:\DOCUME~1\GARETH~1.001\LOCALS~1\Temp\kflcaaoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xB902B470]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xB902B520]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xB902B5C0]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xB902B660]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)
AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort2 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 dvd43llh.sys (dvd43llh.sys/RIF)

AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

---- EOF - GMER 1.0.15 ----
and now the MBAM LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4407

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

08/08/2010 22:42:12
mbam-log-2010-08-08 (22-42-12).txt

Scan type: Full scan (C:\|D:\|K:\|)
Objects scanned: 221556
Time elapsed: 3 hour(s), 37 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP101\A0017334.exe (PUP.PerfectOptimizer) -> No action taken.

now I hope I post the next files ok,
DDS TEXT:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Gareth at 22:50:06.28 on 08/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1248 [GMT 1:00]

AV: Virgin Media Security Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Virgin Media Security Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Virgin Media\Security\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
C:\Program Files\Virgin Media\HUB\ServicepointService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virgin Media\Security\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Documents and Settings\Gareth.SN049924820337.001\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = Packard Bell
uSearch Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
mDefault_Page_URL = file://c:\apps\ie\offline\uk.htm
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [Vade Retro Outlook Express] "c:\progra~1\gotoso~1\vadere~1\Vaderetro_oe.exe"
mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe
mRun: [OmniPass] c:\apps\softex\omnipass\scureapp.exe
mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe
mRun: [VirginMediaHUB.exe] "c:\program files\virgin media\hub\VirginMediaHUB.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 5.0\SetHook.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: OPXPGina - c:\apps\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\gareth~1.001\applic~1\mozilla\firefox\profiles\us9t206l.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virgin media\hub\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\documents and settings\gareth.sn049924820337.001\application data\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-6-11 25608]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2010-6-13 46080]
R2 Radialpoint Security Services;Virgin Media Security;c:\program files\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\virgin media\security\avg\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-11 5832712]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\hub\ServicepointService.exe [2010-6-11 668912]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-6-11 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-6-11 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-6-11 25736]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-13 136176]
S3 cpuz132;cpuz132;\??\d:\docume~1\gareth~1.001\locals~1\temp\cpuz132\cpuz132_x32.sys --> d:\docume~1\gareth~1.001\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

=============== Created Last 30 ================

2010-08-08 17:58:29 0 d-----w- d:\docume~1\gareth~1.001\applic~1\Malwarebytes
2010-08-08 17:58:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 17:58:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 17:58:21 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-08 17:58:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 20:23:48 0 d-----w- c:\windows\system32\Registry Patrol
2010-08-07 20:23:37 0 d-----w- c:\program files\Registry Patrol
2010-08-07 20:10:48 0 d-----w- c:\program files\Trend Micro
2010-08-07 19:57:38 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-08-07 10:43:31 0 d-----w- c:\program files\CCleaner
2010-08-07 09:58:50 0 d-----w- d:\docume~1\alluse~1\applic~1\RegCure
2010-08-07 09:17:52 0 d-----w- c:\windows\system32\scripting
2010-08-07 09:17:52 0 d-----w- c:\windows\system32\en
2010-08-07 09:17:52 0 d-----w- c:\windows\system32\bits
2010-08-07 09:13:55 0 d-----w- c:\windows\network diagnostic
2010-08-03 17:35:12 364 ----a-w- d:\docume~1\gareth~1.001\applic~1\wklnhst.dat
2010-08-01 06:10:03 0 d-----w- c:\program files\Overland
2010-07-30 18:15:11 0 d-----w- d:\docume~1\alluse~1\applic~1\Fellowes
2010-07-30 18:14:56 0 d-----w- c:\program files\Fellowes
2010-07-30 18:14:16 0 d-----w- d:\docume~1\alluse~1\applic~1\Downloaded Installations
2010-07-30 17:47:33 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-07-30 17:47:33 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-07-30 17:47:33 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-07-30 17:47:33 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-07-30 17:47:06 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-07-30 17:47:06 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-07-30 17:47:06 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-07-30 17:47:06 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-07-30 17:47:06 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-07-30 17:47:06 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-07-30 17:47:06 0 d-----w- c:\program files\HP
2010-07-30 17:45:25 4284 ------w- c:\windows\hphmdl02.dat
2010-07-30 17:45:25 19817 ----a-w- c:\windows\HPHins02.dat
2010-07-30 17:45:22 51088 ----a-w- c:\windows\system32\drivers\hpzid412.sys
2010-07-30 17:45:22 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-07-30 17:45:22 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-07-30 17:45:03 491520 ----a-w- c:\windows\system32\hphmon05.exe
2010-07-30 17:45:02 364544 ----a-w- c:\windows\system32\hphped05.exe
2010-07-30 17:44:58 270336 ----a-w- c:\windows\system32\HPZc3212.dll
2010-07-30 17:44:53 6478 ----a-w- c:\windows\system32\hphmon05.dat
2010-07-30 17:44:53 258048 ----a-w- c:\windows\system32\hpzcon09.dll
2010-07-30 17:44:53 192512 ----a-w- c:\windows\system32\hpzcoi09.dll
2010-07-30 17:44:53 135224 ----a-w- c:\windows\system32\hpzlnt09.dll
2010-07-30 17:39:23 0 d-----w- d:\docume~1\alluse~1\applic~1\UAB
2010-07-30 17:39:16 0 d-----w- d:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-07-30 17:38:38 0 d-----w- c:\program files\PC Drivers HeadQuarters
2010-07-30 17:30:21 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-25 16:17:10 0 d-----w- d:\docume~1\gareth~1.001\applic~1\FreeAudioPack
2010-07-25 16:17:10 0 d-----w- c:\program files\Free Audio Pack
2010-07-25 16:03:48 0 d-----w- c:\program files\Windows Installer Clean Up
2010-07-25 16:03:38 0 d-----w- c:\program files\MSECACHE
2010-07-25 16:03:18 522 ----a-w- C:\Config.eso
2010-07-25 16:03:18 50 ----a-w- C:\MoreInfo.dat
2010-07-25 16:03:18 45 ----a-w- C:\Scope.rn
2010-07-25 16:03:18 40 ----a-w- C:\AACConfig.dat
2010-07-25 16:03:18 231 ----a-w- C:\MConfig.dat
2010-07-25 16:03:18 2 ----a-w- C:\Last100Def.lst
2010-07-25 16:03:18 2 ----a-w- C:\Last100.lst
2010-07-25 16:03:18 100 ----a-w- C:\EQConfig.dat
2010-07-25 15:44:05 614992 ------w- c:\windows\system32\comctl32.Ocx._tm
2010-07-25 15:43:56 1384479 ------w- c:\windows\system32\msvbvm60.dll._tm
2010-07-25 15:39:17 0 d-----w- d:\docume~1\gareth~1.001\applic~1\AVS4YOU
2010-07-25 15:38:27 0 d-----w- c:\program files\common files\AVSMedia
2010-07-25 15:38:26 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-25 15:35:10 0 d-----w- c:\program files\AVS4YOU
2010-07-24 14:10:08 311 ----a-w- c:\windows\Property.INI
2010-07-23 21:22:58 28 ----a-w- c:\windows\v2d.INI
2010-07-14 17:32:05 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 14:36:48 0 d-----w- d:\docume~1\gareth~1.001\applic~1\VadeRetro
2010-07-10 14:11:55 0 d-----w- c:\program files\FreeDVDPhotoSlideshow
2010-07-10 13:26:54 0 d-----w- c:\program files\Smilebox

==================== Find3M ====================

2010-08-01 21:34:13 6388 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-18 16:49:42 60296 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-12 19:21:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-06-12 19:21:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-12 08:42:29 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-06-11 21:34:21 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-11 20:15:56 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2010-06-11 20:15:52 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2010-06-11 19:24:59 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 22:50:46.68 ===============
DDS ATTACH:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/06/2010 20:54:00
System Uptime: 08/08/2010 22:44:02 (0 hours ago)

Motherboard: Packard Bell BV | | Cuba MS-7301
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1862/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 30 GiB total, 15.321 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 104.287 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 932 GiB total, 708.364 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP65: 13/07/2010 20:57:24 - System Checkpoint
RP66: 13/07/2010 21:15:34 - Software Distribution Service 3.0
RP67: 14/07/2010 20:56:49 - Software Distribution Service 3.0
RP68: 15/07/2010 20:45:10 - Software Distribution Service 3.0
RP69: 16/07/2010 19:51:27 - Software Distribution Service 3.0
RP70: 17/07/2010 08:27:12 - Software Distribution Service 3.0
RP71: 17/07/2010 22:38:51 - Software Distribution Service 3.0
RP72: 18/07/2010 19:51:59 - Software Distribution Service 3.0
RP73: 19/07/2010 19:24:44 - Software Distribution Service 3.0
RP74: 19/07/2010 21:16:38 - Software Distribution Service 3.0
RP75: 20/07/2010 19:44:27 - Software Distribution Service 3.0
RP76: 21/07/2010 19:57:36 - Software Distribution Service 3.0
RP77: 22/07/2010 19:54:27 - Software Distribution Service 3.0
RP78: 24/07/2010 10:39:46 - Software Distribution Service 3.0
RP79: 25/07/2010 12:39:25 - System Checkpoint
RP80: 25/07/2010 16:35:22 - Removed Microsoft Visual C++ 2005 Redistributable
RP81: 25/07/2010 16:36:09 - Installed Windows Media Format Runtime
RP82: 25/07/2010 17:03:47 - Installed Windows Installer Clean Up
RP83: 25/07/2010 19:56:21 - Software Distribution Service 3.0
RP84: 26/07/2010 20:56:22 - Software Distribution Service 3.0
RP85: 27/07/2010 19:28:06 - Software Distribution Service 3.0
RP86: 28/07/2010 20:29:46 - Software Distribution Service 3.0
RP87: 29/07/2010 05:46:10 - Software Distribution Service 3.0
RP88: 29/07/2010 20:29:08 - Software Distribution Service 3.0
RP89: 30/07/2010 18:38:38 - Installed Driver Detective.
RP90: 30/07/2010 19:14:25 - Installed MediaFACE
RP91: 30/07/2010 21:34:43 - Software Distribution Service 3.0
RP92: 31/07/2010 08:50:13 - Software Distribution Service 3.0
RP93: 31/07/2010 23:41:12 - Software Distribution Service 3.0
RP94: 01/08/2010 22:37:23 - Software Distribution Service 3.0
RP95: 02/08/2010 21:19:02 - Software Distribution Service 3.0
RP96: 03/08/2010 19:27:33 - Software Distribution Service 3.0
RP97: 04/08/2010 22:40:30 - Software Distribution Service 3.0
RP98: 05/08/2010 18:08:16 - Software Distribution Service 3.0
RP99: 06/08/2010 23:45:03 - Software Distribution Service 3.0
RP100: 07/08/2010 10:05:14 - Software Distribution Service 3.0
RP101: 07/08/2010 10:06:58 - Software Distribution Service 3.0
RP102: 07/08/2010 11:51:22 - Software Distribution Service 3.0
RP103: 07/08/2010 15:09:03 - Software Distribution Service 3.0
RP104: 07/08/2010 21:10:47 - Installed HiJackThis
RP105: 07/08/2010 22:49:14 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Burn4Free CD & DVD 4.9.0.0
CCleaner
Driver Detective
DVD43 v4.6.0
E.M. Free DVD Photo Slideshow 2.3
Facebook Plug-In
Free Mp3 Wma Converter V 1.91
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HP Software Update
iTunes
J2SE Runtime Environment 5.0 Update 4
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MediaFACE
MediaImpression 2.0 for PENTAX
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Drivers
overland
PerfectDisk 10 Professional
Photosmart 140,240,7200,7600,7700,7900 Series
PowerDVD
PS7700
PSShortcutsP
PSUsage
QFolder
QuickTime
Realtek High Definition Audio Driver
RegCure
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Segoe UI
SM56Tester
SmartSound Quicktracks Plugin
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Spotify
Ulead DVD DiskRecorder 2.1.1
Ulead PhotoImpact 10 SE
Ulead VideoStudio 9.0 SE DVD
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB2.0 PC Camera (SN9C201&202)
VIA Rhine-Family Fast Ethernet Adapter
Virgin Media HUB 3.5.12
Virgin Media Security
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB914548
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

07/08/2010 21:23:44, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mshtml.tlb. This file was restored to the original version to maintain system stability. The file version of the bad file is 7.0.5730.13, the version of the system file is 6.0.2900.5512.
07/08/2010 13:12:24, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
07/08/2010 13:12:24, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/08/2010 13:12:19, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
07/08/2010 10:51:45, error: Service Control Manager [7022] - The RadialpointIDSAgent service hung on starting.
05/08/2010 16:15:23, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
05/08/2010 16:15:23, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001617CFE771 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
04/08/2010 19:18:09, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001617CFE771 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/08/2010 22:34:06, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 001617CFE771 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/08/2010 07:00:50, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
01/08/2010 07:00:00, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

Ok, that's all of it ( I hope ) I followed the instructions as best I could and again, thanks to anyone who provides assistance with this, the malware scan showed 1 infection, just 1!! It's driving me nuts!

Merordith 0 Newbie Poster · Answer 3 · 2010-08-09T20:05:51+00:00

JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Mon Aug 09 14:05:29 2010

Found and removed: C:\Program Files\Java\jre1.5.0_04Found and removed: Software\JavaSoft\Java2D\1.5.0_04Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004Found and removed: SOFTWARE\Classes\JavaPlugin.150_04Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\JavaPlugin.160_20Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_20Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_20Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04Found and removed: Software\Classes\JavaPlugin.160_20Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_20Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_20Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zipFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zipFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip------------------------------------Finished reporting.

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

2 of 4 logs

Merordith 0 Newbie Poster · Answer 4 · 2010-08-09T20:45:37+00:00

Problem with OTL, when I ran it there were 2 logs delivered, tried to upload them uncompressed and the second one has disappeared so I've zipped the one I have and will attach, ran OTL again and only one log generated, is this normal?

Merordith 0 Newbie Poster · Answer 5 · 2010-08-10T13:36:16+00:00

I had to zip the new OTL log as the server times out when I upload and Kaspersky's online scanner is currently unavailable, I feel a little guilty about monopolising your time but I still have this damn parasite somewhere.

Merordith 0 Newbie Poster · Answer 6 · 2010-08-10T17:56:21+00:00

tried kaspersky just after last post and up it came. Here's the log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 10, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 10, 2010 05:34:26
Records in database: 4131978
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 102386
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:26:39

No threats found. Scanned area is clean.

Selected area has been scanned.

So does this mean the system is clear? As I still get the rundll32 message if I try to alter my appearances and themes in Control Panel

Merordith 0 Newbie Poster · Answer 7 · 2010-08-10T21:42:35+00:00

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 10, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 10, 2010 05:34:26
Records in database: 4131978
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 102386
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:26:39

No threats found. Scanned area is clean.

Selected area has been scanned.

got the kaspersky to run

Merordith 0 Newbie Poster · Answer 8 · 2010-08-10T21:44:30+00:00

re above post:
The kaspersky says the system is clean? I still have some instability. I still get the rundll32 .exe message if I try to use a screensaver.

Merordith 0 Newbie Poster · Answer 9 · 2010-08-11T00:17:01+00:00

I ran the suggested fix from my recovery disc, no effect. Still can't access display properties. I'll try it again.

Merordith 0 Newbie Poster · Answer 10 · 2010-08-11T00:32:30+00:00

Nope, still get the rundll32 exe message when I try to change the display properties :( feel like throwing the thing out the window, I know it's not a big deal but god it's annoying....

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 11 · 2010-08-11T02:38:13+00:00

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Merordith 0 Newbie Poster · Answer 12 · 2010-08-11T12:07:38+00:00

I'll do that, but I got another error message, media~sci I think it said

Merordith 0 Newbie Poster · Answer 13 · 2010-08-11T12:34:11+00:00

Here's the CF log:
ComboFix 10-08-10.04 - Gareth 11/08/2010 7:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1604 [GMT 1:00]
Running from: d:\documents and settings\Gareth.SN049924820337.001\Desktop\ComboFix.exe
AV: Virgin Media Security Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Virgin Media Security Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db
d:\documents and settings\All Users\Application Data\hpe86.dll
d:\documents and settings\All Users\Application Data\hpeA8.dll
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-11 06:03 . 2010-08-11 06:03 -------- d-----w- c:\windows\LastGood
2010-08-10 11:53 . 2010-08-10 11:53 -------- d-----w- c:\program files\ESET
2010-08-09 21:28 . 2010-08-09 21:28 -------- d-sh--w- d:\documents and settings\Gareth.SN049924820337.001\IETldCache
2010-08-09 21:26 . 2010-08-09 21:26 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-08-09 21:22 . 2010-08-09 21:33 -------- d-----w- c:\windows\ie8updates
2010-08-09 21:19 . 2010-08-09 21:21 -------- dc-h--w- c:\windows\ie8
2010-08-09 21:17 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-08-09 21:17 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-09 21:17 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-09 21:17 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-09 21:17 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-09 21:17 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-08-09 21:17 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-08-09 21:17 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-08-09 21:04 . 2010-08-09 21:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-09 21:02 . 2010-08-09 21:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-09 21:02 . 2010-08-09 21:02 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-08 17:58 . 2010-08-08 17:58 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\Malwarebytes
2010-08-08 17:58 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 17:58 . 2010-08-08 17:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 17:58 . 2010-08-08 17:58 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-08 17:58 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 20:23 . 2010-08-07 20:23 -------- d-----w- c:\windows\system32\Registry Patrol
2010-08-07 20:23 . 2010-08-07 20:26 -------- d-----w- c:\program files\Registry Patrol
2010-08-07 20:10 . 2010-08-07 20:10 -------- d-----w- c:\program files\Trend Micro
2010-08-07 19:57 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-08-07 10:43 . 2010-08-07 10:43 -------- d-----w- c:\program files\CCleaner
2010-08-07 09:58 . 2010-08-07 10:00 -------- d-----w- d:\documents and settings\All Users\Application Data\RegCure
2010-08-07 09:58 . 2010-08-07 10:00 -------- d-----w- c:\program files\RegCure
2010-08-07 09:17 . 2010-08-07 09:17 -------- d-----w- c:\windows\system32\scripting
2010-08-07 09:17 . 2010-08-07 09:17 -------- d-----w- c:\windows\system32\en
2010-08-07 09:17 . 2010-08-07 09:17 -------- d-----w- c:\windows\system32\bits
2010-08-03 17:35 . 2010-08-03 17:35 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\Template
2010-08-01 06:10 . 2010-08-01 06:10 -------- d-----w- c:\program files\Overland
2010-07-30 18:15 . 2010-07-30 18:15 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\InstallShield Installation Information
2010-07-30 18:15 . 2010-07-30 18:15 -------- d-----w- d:\documents and settings\All Users\Application Data\Fellowes
2010-07-30 18:14 . 2010-07-30 18:14 -------- d-----w- c:\program files\Fellowes
2010-07-30 18:14 . 2010-07-30 18:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Downloaded Installations
2010-07-30 17:45 . 2005-07-08 04:55 4284 ------w- c:\windows\hphmdl02.dat
2010-07-30 17:45 . 2005-07-08 04:55 51088 ----a-w- c:\windows\system32\drivers\hpzid412.sys
2010-07-30 17:45 . 2005-07-08 04:55 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-07-30 17:45 . 2005-07-08 04:55 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-07-30 17:45 . 2005-07-08 04:55 491520 ----a-w- c:\windows\system32\hphmon05.exe
2010-07-30 17:45 . 2005-07-08 04:55 364544 ----a-w- c:\windows\system32\hphped05.exe
2010-07-30 17:44 . 2005-07-08 04:55 270336 ----a-w- c:\windows\system32\HPZc3212.dll
2010-07-30 17:44 . 2005-07-08 04:55 6478 ----a-w- c:\windows\system32\hphmon05.dat
2010-07-30 17:44 . 2005-07-08 04:55 192512 ----a-w- c:\windows\system32\hpzcoi09.dll
2010-07-30 17:44 . 2005-07-08 04:55 135224 ----a-w- c:\windows\system32\hpzlnt09.dll
2010-07-30 17:44 . 2005-07-08 04:55 258048 ----a-w- c:\windows\system32\hpzcon09.dll
2010-07-30 17:39 . 2010-07-30 17:39 -------- d-----w- d:\documents and settings\All Users\Application Data\UAB
2010-07-30 17:39 . 2010-07-30 17:39 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Local Settings\Application Data\PC_Drivers_Headquarters
2010-07-30 17:39 . 2010-07-30 17:39 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-07-30 17:38 . 2010-07-30 17:38 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-07-30 17:30 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-25 16:03 . 2010-07-25 16:03 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-07-25 16:03 . 2010-07-25 16:03 -------- d-----w- c:\program files\MSECACHE
2010-07-25 16:03 . 2010-07-25 16:03 50 ----a-w- C:\MoreInfo.dat
2010-07-25 16:03 . 2010-07-25 16:03 40 ----a-w- C:\AACConfig.dat
2010-07-25 16:03 . 2010-07-25 16:03 231 ----a-w- C:\MConfig.dat
2010-07-25 16:03 . 2010-07-25 16:03 100 ----a-w- C:\EQConfig.dat
2010-07-25 15:39 . 2010-07-25 15:39 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\AVS4YOU
2010-07-25 15:38 . 2010-07-25 15:41 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-25 15:38 . 2008-07-03 13:27 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-25 15:37 . 2010-07-25 15:37 -------- d-----w- c:\windows\system32\drivers\umdf
2010-07-25 15:35 . 2010-07-25 15:41 -------- d-----w- c:\program files\AVS4YOU
2010-07-14 17:32 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 14:36 . 2010-07-13 14:36 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\VadeRetro
2010-07-13 14:36 . 2010-07-13 14:36 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 21:10 . 2010-02-14 17:36 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS
2010-08-09 13:18 . 2010-06-11 19:20 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 13:17 . 2010-06-11 21:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 13:05 . 2010-06-11 19:20 -------- d-----w- c:\program files\Java
2010-08-07 10:49 . 2009-12-12 01:30 73088 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-07 09:21 . 2004-09-10 14:36 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-06 22:09 . 2010-06-12 10:41 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\Spotify
2010-08-03 18:18 . 2010-08-03 17:35 364 ----a-w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\wklnhst.dat
2010-08-01 21:34 . 2010-06-20 18:56 6388 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-30 17:47 . 2010-07-30 17:45 19817 ----a-w- c:\windows\HPHins02.dat
2010-07-30 17:47 . 2010-07-30 17:45 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-30 17:47 . 2010-07-30 17:47 -------- d-----w- c:\program files\HP
2010-07-25 18:54 . 2010-07-10 14:11 -------- d-----w- c:\program files\FreeDVDPhotoSlideshow
2010-07-25 16:17 . 2010-07-25 16:17 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\FreeAudioPack
2010-07-25 16:17 . 2010-07-25 16:17 -------- d-----w- c:\program files\Free Audio Pack
2010-07-25 16:05 . 2010-06-11 19:35 -------- d-----w- c:\program files\SmartSound Software
2010-07-10 13:26 . 2010-07-10 13:26 -------- d-----w- c:\program files\Smilebox
2010-07-09 18:47 . 2010-06-21 17:22 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\NCH Swift Sound
2010-07-09 18:47 . 2010-06-21 17:22 -------- d-----w- d:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-07-09 18:47 . 2010-06-21 17:24 -------- d-----w- c:\program files\NCH Software
2010-07-09 18:32 . 2010-07-09 18:32 -------- d-----w- d:\documents and settings\All Users\Application Data\NCH Software
2010-07-09 18:32 . 2010-07-09 18:32 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\NCH Software
2010-07-09 17:14 . 2010-07-09 17:14 148 ----a-w- d:\documents and settings\Gareth.SN049924820337.001\Local Settings\Application Data\fusioncache.dat
2010-06-24 16:57 . 2010-06-11 19:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 17:22 . 2010-06-21 13:02 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-23 17:22 . 2010-06-23 17:22 -------- d-----w- c:\program files\PENTAX
2010-06-22 11:39 . 2010-06-21 13:02 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\ArcSoft
2010-06-21 17:17 . 2010-06-21 17:17 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\OD2
2010-06-21 13:28 . 2010-06-21 13:03 -------- d--h--w- d:\documents and settings\All Users\Application Data\ArcSoft
2010-06-21 12:42 . 2010-06-21 12:42 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\AdobeUM
2010-06-18 16:49 . 2010-06-13 15:57 60296 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-18 16:49 . 2010-06-11 20:29 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\Apple Computer
2010-06-18 16:48 . 2010-06-18 16:47 -------- d-----w- c:\program files\iTunes
2010-06-18 16:47 . 2010-06-18 16:47 -------- d-----w- c:\program files\iPod
2010-06-18 16:47 . 2010-06-11 20:26 -------- d-----w- c:\program files\Common Files\Apple
2010-06-18 16:43 . 2010-06-18 16:43 -------- d-----w- c:\program files\Bonjour
2010-06-16 04:55 . 2010-06-16 04:55 -------- d-----w- c:\program files\MSBuild
2010-06-16 04:55 . 2010-06-16 04:55 -------- d-----w- c:\program files\Reference Assemblies
2010-06-14 14:31 . 2004-09-10 14:34 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 16:23 . 2010-06-13 16:23 -------- d-----w- c:\program files\Common Files\snp2std
2010-06-13 08:55 . 2010-06-13 08:55 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\Facebook
2010-06-13 06:26 . 2010-06-13 06:25 -------- d-----w- c:\program files\Google
2010-06-12 19:25 . 2010-06-12 19:25 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-12 19:21 . 2010-06-12 19:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-06-12 19:21 . 2010-06-12 19:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-12 19:16 . 2010-06-12 19:16 -------- d-----w- c:\program files\MSXML 4.0
2010-06-12 12:53 . 2010-06-12 12:53 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\Ulead Systems
2010-06-12 10:41 . 2010-06-12 10:41 -------- d-----w- c:\program files\Spotify
2010-06-12 09:26 . 2010-06-12 09:03 -------- d-----w- d:\documents and settings\Gareth.SN049924820337.001\Application Data\ntr
2010-06-12 08:45 . 2010-06-12 08:45 -------- d-----w- c:\program files\Burn4Free
2010-06-12 08:42 . 2010-06-12 08:42 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-06-12 08:42 . 2010-06-12 08:42 -------- d-----w- c:\program files\dvd43
2010-06-11 20:15 . 2010-06-11 20:15 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2010-06-11 20:15 . 2010-06-11 20:15 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2010-06-11 19:26 . 2010-06-11 19:54 35792 ----a-w- d:\documents and settings\Gareth.SN049924820337.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-11 19:24 . 2010-06-11 19:24 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2010-06-11 19:24 . 2010-06-11 19:24 335 ----a-w- c:\windows\nsreg.dat
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2010-06-11 26112]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-14 110592]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 5.0\SetHook.exe" [2009-02-02 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 07:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/06/2010 21:16 25608]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [13/06/2010 17:23 46080]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [11/06/2010 21:16 5832712]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [11/06/2010 21:08 668912]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [11/06/2010 21:16 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [11/06/2010 21:16 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [11/06/2010 21:16 25736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/06/2010 07:25 136176]
S2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0B11063A
*NewlyCreated* - BEE441D3
*Deregistered* - 0b11063a
*Deregistered* - bee441d3

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder

2010-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 06:25]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 06:25]

2010-08-11 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2010-07-30 04:55]

2010-08-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-08-07 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - d:\documents and settings\Gareth.SN049924820337.001\Application Data\Mozilla\Firefox\Profiles\us9t206l.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virgin Media\HUB\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\documents and settings\Gareth.SN049924820337.001\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 07:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\apps\Softex\OmniPass\opxpgina.dll
.
Completion time: 2010-08-11 07:27:59
ComboFix-quarantined-files.txt 2010-08-11 06:27

Pre-Run: 15,649,968,128 bytes free
Post-Run: 15,603,007,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 5B8699E377B21A662D8F61178CD0F46B

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 14 · 2010-08-11T14:21:48+00:00

Any change?

You need to uninstall Regcure as it is nothing but a gimmick.

You gain nothing as far as performance is concerned and risk turning your pc into a doorstop.

Merordith 0 Newbie Poster · Answer 15 · 2010-08-11T21:17:55+00:00

Merordith 0 Newbie Poster

13 Years Ago

I'll uninstall regcure and check

Merordith 0 Newbie Poster · Answer 16 · 2010-08-11T21:43:11+00:00

Ok, weirdness abounds. Tried to access my display properties, got our old friend rundll 32 .exe and MEDIAI~1 scr. and THEN I could access the control panel and set a screensaver using a jpeg slideshow. So as it stands, the system seems to be behaving even though the instability is still present. So for that I thank you, I have told a lot of people about the site as the standard PC owner has no clue what to do when windows explodes. When, not if.:) So thanks again, if you have any more ideas I'll try almost anything.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 17 · 2010-08-12T02:41:08+00:00

Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested.
That should repair/replace damaged system files.

Merordith 0 Newbie Poster · Answer 18 · 2010-08-12T17:18:26+00:00

Problem I have is that the only disc I have is a recovery disc from hewlett Packards own internal software, carries only the files that were in the original machine, when I ran the above it asked for a service pack 3 disc first, and then a windows disc 2, none of which i have:( HP do not provide backup discs for preloads.

Merordith 0 Newbie Poster · Answer 19 · 2010-08-13T00:21:16+00:00

NOT Hewlett Packard....Packard Bell, was looking at my damn printer when I was posting.

A rundll32 problem

Recommended Answers Collapse Answers

All 24 Replies

Recommended Answers