My Anti Spyware

[jimmyfoz]

Hi there,

After having some problems fixed on this site before (recently thanks to Patrik), I thought all was OK until I found I cound not print anything. So i went to device manager and found that the list was completely empty. I think I still have some sort of malware on the pc. There is a plethora of information on the web about apropos problems, but I am unsure of how to tackle this problem. I have attached HijackThis log.
Thanks.

[patrik]

Hello jimmyfoz.

Just checked you HijackThis log, it is ok.
Look like is not malware problem.

Click Start -> Run
In the type box enter Services.msc and press Enter.

Scroll down to Plug and Play service, Double Click on it, Make the StartUp type - Automatic, Click Ok/Apply

Close Services.
Now reboot the system.

Checkup Device manager.

[jimmyfoz]

Hi Patrik,

I have done as suggested but no fix.
I have checked permissions on Enum in HKLM no fix.
I have disabled pnp in services, and rebooted and then restarted service again but no fix.
Information on the www seems to say that HijackThis does not pick up the apropos virus. I also ran a Kaspersky online scan which picked up nothing.

jimmyfoz

[patrik]

Please download AproposFix.

Save it to your desktop but do NOT run it yet.

Reboot your computer in Safe Mode by doing the following:

[jimmyfoz]

Hi Patrik,

I attach the files, main.txt from DSS and log.txt from aproposfix. I ran DSS twice and could not get the extra.txt file to come up. I even performed a system search and no extra.txt

jimmyfoz

[patrik]

Go to Start -> Run
In the type box enter C:\Documents and Settings\USER 1\Desktop\dss.exe /config
Press Enter

The Deckard System Scanner Config display will appear.

Click the "Check All" button, then under "Main Log" uncheck "System Restore". Make no other changes at this time.

Then click the Scan! button. Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also again the second text file, extra.txt, will show as minimized in your Task Bar. Open this, and copy/paste those contents back here please.

[jimmyfoz]

Here are the two logs of main.txt and extra.txt:

main.txt-

Deckard's System Scanner v20071014.68
Run by USER 1 on 2008-06-29 20:11:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as USER 1.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:42 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\USER 1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\USER1~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201862166522
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5146 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 BrScnUsb (Brother USB Still Image driver) - c:\windows\system32\drivers\brscnusb.sys <Not Verified; Brother Industries Ltd.; Brother MFC Scanner>
S3 BrSerIf (Brother MFC Serial Port Interface WDM Driver) - c:\windows\system32\drivers\brserif.sys <Not Verified; Brother Industries Ltd.; Windows (R) Server 2003 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_00000000&REV_03\4&3AB31F7F&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_00000000&REV_03\4&3AB31F7F&0&40F0
Service:

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Printer Port
Device ID: ROOT\PORTS\0000
Manufacturer: (Standard port types)
Name: Printer Port (LPT3)
PNP Device ID: ROOT\PORTS\0000
Service: Parport


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 640)
2004-12-16 04:43:42 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-02-27 11:39:26 282624 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 852)
2004-12-16 04:43:42 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1016)
2004-12-16 04:43:42 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 1440)
2004-12-16 04:43:42 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-20 12:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2007-12-06 18:32:58 69632 --a------ C:\Program Files\7-Zip\7-zip.dll <Not Verified; Igor Pavlov; 7-Zip>
2005-09-23 07:28:38 83456 --a------ C:\WINDOWS\system32\dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:52 270848 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:56 107520 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:50 9216 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:58 17920 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:29:00 85504 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-02-27 11:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>
2007-07-20 22:36:46 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

C:\WINDOWS\system32\svchost.exe (pid 464)
2004-12-16 04:43:42 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-29 20:00:02 488 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 16:24:18 21536 --a------ C:\Documents and Settings\USER 1\Application Data\GDIPFONTCACHEV1.DAT
2008-06-29 12:19:57 0 d-------- C:\Program Files\Panda Security
2008-06-29 11:02:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-29 11:02:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-29 11:02:33 0 d-------- C:\Documents and Settings\USER 1\Application Data\SUPERAntiSpyware.com
2008-06-29 10:51:38 0 d-------- C:\Documents and Settings\USER 1\Application Data\Malwarebytes
2008-06-29 10:51:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 10:51:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 10:50:57 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-29 09:24:31 0 d-------- C:\WINDOWS\BBSTORE
2008-06-29 09:21:08 61568 -ra------ C:\WINDOWS\VIEWER.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:08 17536 -ra------ C:\WINDOWS\VIEWENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:08 93504 -ra------ C:\WINDOWS\QTW16DEL.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:08 74496 -ra------ C:\WINDOWS\PLAYER.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:08 16928 -ra------ C:\WINDOWS\PLAYENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:07 73712 -ra------ C:\WINDOWS\system\QTOLE.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:07 4176 -ra------ C:\WINDOWS\system\QTNOTIFY.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:07 8304 -ra------ C:\WINDOWS\system\QTHNDLR.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:06 429424 -ra------ C:\WINDOWS\system\QTIM.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:05 14544 -ra------ C:\WINDOWS\system\QTIMCMGR.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:05 4320 -ra------ C:\WINDOWS\system\MCIQTENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:21:04 2037248 -ra------ C:\WINDOWS\QTINSTAL.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-06-29 09:20:25 0 d-------- C:\WINDOWS\KidMedia
2008-06-29 09:19:49 0 d-------- C:\KPSDLUX
2008-06-28 13:53:24 0 d-------- C:\WINDOWS\pss
2008-06-28 12:55:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-28 12:55:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-28 12:55:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-28 12:55:10 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-28 12:55:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-28 12:55:10 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 12:55:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-28 12:55:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-28 12:55:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-28 12:55:10 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-28 12:55:10 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-28 12:55:10 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-28 12:55:10 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-28 12:55:10 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-26 15:36:55 20976 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-24 15:11:08 0 d-------- C:\Program Files\Java
2008-06-24 15:03:44 0 d-------- C:\Program Files\Common Files\Java
2008-06-23 21:40:48 95395 --a------ C:\WINDOWS\system32\USB
2008-06-23 21:32:07 14 --a------ C:\Documents and Settings\USER 1\usb
2008-06-23 19:52:00 0 d-------- C:\Documents and Settings\USER 1\Application Data\ScanSoft
2008-06-20 21:53:01 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-06-19 19:02:52 0 dr-h----- C:\Documents and Settings\USER 1\Recent
2008-06-19 10:22:46 0 d-------- C:\Program Files\Trend Micro
2008-06-18 22:12:45 0 d-------- C:\Documents and Settings\USER 1\Application Data\TuneUp Software
2008-06-18 22:11:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-18 22:11:12 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-18 22:08:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 14:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 07:35:11 0 d-------- C:\Program Files\Enigma Software Group


-- Find3M Report ---------------------------------------------------------------

2008-06-23 19:52:04 0 --a------ C:\WINDOWS\system32\Biport
2008-06-19 10:28:56 5615 --a------ C:\Program Files\hijackthis.log
2008-05-07 09:51:12 0 d-------- C:\Documents and Settings\USER 1\Application Data\PC-FAX TX
2008-05-06 20:00:48 0 d-------- C:\Documents and Settings\USER 1\Application Data\Nero
2008-05-06 19:53:44 0 d-------- C:\Program Files\Common Files\Nero
2008-05-05 18:10:50 0 d-------- C:\Documents and Settings\USER 1\Application Data\Ahead
2008-05-01 13:26:04 0 d-------- C:\Program Files\Alcohol Soft
2008-04-30 17:23:24 0 d-------- C:\Documents and Settings\USER 1\Application Data\Datalayer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [01/23/2007 11:19 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/16/2008 03:19 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-06-29 20:13:37 ------------

extra.txt-

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(TM) CPU 1200MHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 254.48 MiB / 103.07 MiB
Pagefile Memory (total/avail): 529.3 MiB / 220.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.34 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 27.93 GiB total, 23.45 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST330621A - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 27.95 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.8.1201 [VPS 080629-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\System32\\svchost.exe:*:Enabled:@xpsp2res.dll,-22008"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\USER 1\Application Data
CLASSPATH=C:\Program Files\Nexternet\Player\nxvrml.jar;C:\Program Files\Netscape\Communicator\Program\Java\classes\java40.jar
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-
ComSpec=C:\WINDOWS\system32\cmd.exe
CSILOGLEVEL=NORMAL
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\USER 1
LOGONSERVER=\\USER-
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common-Use Signing Interface\JRE\bin;C:\Program Files\Nexternet\Player\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\USER1~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\USER1~1\LOCALS~1\Temp
USERDOMAIN=USER-
USERNAME=USER 1
USERPROFILE=C:\Documents and Settings\USER 1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

USER 1 (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Common-Use Signing Interface --> "C:\Documents and Settings\All Users\Application Data\{53608B89-D534-4FA6-B348-02EF7D3C693C}\CSI Installer.exe" REMOVE=TRUE MODIFY=FALSE
DiMAGE Master Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D312E40B-1C59-4823-AB48-6798D85ABBE4}\Setup.exe" -l0x9 anything
DiMAGE Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\Setup.exe" -l0x9 anything
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) SE Development Kit 6 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
Kid Pix Studio Deluxe --> C:\WINDOWS\uninst.exe -fC:\KPSDLUX\DeIsL1.isu
KONICA_MINOLTA DiMAGE remote camera driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99E67091-D392-4031-AD2A-E9547F3615F8}\setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{40280409-6000-11D3-8CFE-0050048383C9}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nexternet Pivoron Player --> MsiExec.exe /I{CAA53A7D-D47A-45E7-AF2B-167117E13F14}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{98F837F9-A1B4-4155-AABC-4C80637165B5}
Nokia PC Suite --> MsiExec.exe /I{68E9B173-BC4D-4FFF-812D-32D79BE370AD}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort --> MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type4045 / Error
Event Submitted/Written: 06/28/2008 07:20:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x014a9350.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type3982 / Error
Event Submitted/Written: 06/22/2008 05:49:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3969 / Error
Event Submitted/Written: 06/20/2008 10:37:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application setup.exe, version 6.0.21.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3968 / Error
Event Submitted/Written: 06/20/2008 10:37:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application setup.exe, version 6.0.21.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3926 / Error
Event Submitted/Written: 06/19/2008 09:10:34 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 808631637.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type27385 / Error
Event Submitted/Written: 06/29/2008 06:01:12 PM
Event ID/Source: 2 / ParVdm
Event Description:
Unable to get device object pointer for port object.

Event Record #/Type27370 / Warning
Event Submitted/Written: 06/29/2008 04:02:39 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type27340 / Error
Event Submitted/Written: 06/29/2008 00:04:57 PM
Event ID/Source: 2 / ParVdm
Event Description:
Unable to get device object pointer for port object.

Event Record #/Type27308 / Error
Event Submitted/Written: 06/29/2008 10:25:36 AM / 06/29/2008 10:25:40 AM
Event ID/Source: 2 / ParVdm
Event Description:
Unable to get device object pointer for port object.

Event Record #/Type27307 / Warning
Event Submitted/Written: 06/29/2008 10:25:10 AM / 06/29/2008 10:25:40 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-06-29 20:13:37 ------------

Thanks patrik

[patrik]

Logs are ok.

try these steps:

[jimmyfoz]

The problem has been fixed. Thanks Patrik. Bloody Windows and permissions. I had SYSTEM and Everyone already there, but I think it was the inherit permissions from above which needed to be done.

[patrik]

Glad to help you