gnida[1].swf

Unknown
edited January 2008 in Spyware & Virus Removal
Novice PC user needs help removing this Trojan -- McAfee reflects "cannot be cleaned" status. The following is cut/paste log from TrendMicro HijackThis scan. What is the next step?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:00 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SideStep Browser Helper - {08351227-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1822439336-1161744426-439199626-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Cassie')
O4 - HKUS\S-1-5-21-1822439336-1161744426-439199626-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Cassie')
O4 - HKUS\S-1-5-21-1822439336-1161744426-439199626-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Cassie')
O4 - HKUS\S-1-5-21-1822439336-1161744426-439199626-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Cassie')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk762MEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03FDBC65-B631-41C6-A1EB-5CA065F58769} (Web Conferencing Pro Audio Recording Control) - http://pfpc.presentonline.com/atc/signedencoder_1,29,0,48.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127848260917
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - http://download.sidestep.com/get/k00719/sb027.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://americanhome.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O16 - DPF: {EEA8A033-84D3-4CA9-9C12-3697347D0FD3} (Web Conferencing Pro Application Sharing Control) - http://pfpc.presentonline.com/atc/signedshare_1,32,0,51.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by137fd.bay137.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 9481 bytes

Comments

  • Rahina-RescueRahina-Rescue Finland
    edited January 2008
    Hello!

    You should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

    Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with DrWeb-CureIt as follows:
    • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
    • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
    • Once the short scan has finished, Click Options > Change settings
    • Choose the "Scan tab" and UNcheck "Heuristic analysis"
    • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
    • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
    • When done, a message will be displayed at the bottom advising if any viruses were found.
    • Click "Yes to all" if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
      (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
    • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
    • Save the DrWeb.csv report to your desktop.
    • Exit Dr.Web Cureit when done.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  • dompants
    edited January 2008
    Hello Rahina Rescue. Thanks so much for your help. As follows is the log from Dr. Web after scanning. I have several questions regarding the scan. The effected computer is used on a network and makes heavy use of a network hard drive which was not scanned by Dr. Web. Also I was unable to access in safe mode the user account in which gnida[1] was contracted. So I ran the scan in another account, which possibly does not have a protocol for the network. Also the segment of the instructions which asked me to press "select drive" was not in the application window. Instead I had a choice of scanning entire computer or setting up a custom scan. Perhaps I missed something.

    Thanks again for all your help. Much appreciated!
    Dom

    WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;

    MiniBugTransporter.dll;C:\Program Files\AWS\WeatherBug;Adware.Aws;Incurable.Moved.;

    Rahina Rescue wrote:
    Hello!

    You should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

    Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with DrWeb-CureIt as follows:
    • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
    • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
    • Once the short scan has finished, Click Options > Change settings
    • Choose the "Scan tab" and UNcheck "Heuristic analysis"
    • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
    • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
    • When done, a message will be displayed at the bottom advising if any viruses were found.
    • Click "Yes to all" if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
      (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
    • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
    • Save the DrWeb.csv report to your desktop.
    • Exit Dr.Web Cureit when done.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  • Rahina-RescueRahina-Rescue Finland
    edited January 2008
    Hello! No Problem!

    Please download Deckard's System Scanner (DSS) to your desktop.
    • Close all applications and windows.
    • Double-click on dss.exe to run it, and follow the prompts.
    • When the scan is complete, a text file will open - Main.txt
    • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
    • A folder, C:\Deckard\System Scanner, will also open. In it will be another text file, Extra.txt.
    • Please also copy the contents of Extra.txt to your post as well.
    • Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
    • What DSS will do:
    • create a new System Restore point in Windows XP and Vista.
    • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
  • dompants
    edited January 2008
    Hi Rahina Rescue,
    Thanks again for your help.

    Here is the main.txt :
    Deckard's System Scanner v20071014.68
    Run by GERBER on 2008-01-22 07:27:18
    Computer is in Normal Mode.
    -- System Restore
    Successfully created a Deckard's System Scanner Restore Point.

    -- Last 5 Restore Point(s) --
    56: 2008-01-22 12:27:25 UTC - RP981 - Deckard's System Scanner Restore Point
    55: 2008-01-21 14:33:57 UTC - RP980 - System Checkpoint
    54: 2008-01-18 13:32:44 UTC - RP979 - Installed AVG 7.5
    53: 2008-01-18 13:30:40 UTC - RP978 - Removed AVG 7.5
    52: 2008-01-17 20:41:45 UTC - RP977 - Installed AVG 7.5

    -- First Restore Point --
    1: 2007-10-25 11:43:37 UTC - RP926 - System Checkpoint

    Backed up registry hives.
    Performed disk cleanup.

    -- HijackThis (run as GERBER.exe)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:28:21 AM, on 1/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Documents and Settings\GERBER\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\GERBER.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.doylesails.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
    O4 - HKCU\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /M "Stylus CX6400" /EF "HKCU"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EpsonReg.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (NOXLATE) - [URL]file://C:\Program[/URL] Files\AutoCAD LT 2000i\InstFred.ocx
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - [URL]file://C:\Program[/URL] Files\AutoCAD LT 2000i\AcPreview.ocx
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - http://porktornado.diaryland.com/images/zipzaprap1.jpg
    --
    End of file - 5235 bytes
    -- File Associations
    All associations okay.

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
    R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
    R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
    R3 WdmIo (CES Motion Control Driver) - c:\windows\system32\drivers\wdmio.sys <Not Verified; GT - Cutting Edge Division; DCSX500 Driver>
    S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
    R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

    -- Device Manager: Disabled
    No disabled devices found.

    -- Files created between 2007-12-22 and 2008-01-22
    2008-01-18 15:20:50 0 d
    C:\Documents and Settings\dparry\DoctorWeb
    2008-01-18 15:16:05 0 d
    C:\Documents and Settings\dparry\Application Data\Macromedia
    2008-01-17 16:53:36 0 d
    C:\Program Files\Trend Micro

    -- Find3M Report
    2008-01-18 08:30:55 0 d
    C:\Documents and Settings\GERBER\Application Data\AVG7
    2008-01-03 12:01:13 0 d
    C:\Program Files\CutWorks

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 10:35 AM]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
    "EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.exe" [06/03/2003 03:00 AM]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.exe" [06/03/2003 03:00 AM]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
    C:\Documents and Settings\GERBER\Start Menu\Programs\Startup\
    DESKTOP.INI [9/3/2002 2:36:04 PM]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AudioSrv"=2 (0x2)


    -- End of Deckard's System Scanner: finished at 2008-01-22 07:29:15

    *******************************************************
    Here is the Extra.txt :

    *******************************************************
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    -- System Information
    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English
    CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 2.40GHz
    Percentage of Memory in Use: 43%
    Physical Memory (total/avail): 765.98 MiB / 435.04 MiB
    Pagefile Memory (total/avail): 1871.65 MiB / 1629.69 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1931.63 MiB
    A: is Removable (Unformatted)
    C: is Fixed (NTFS) - 37.21 GiB total, 28.19 GiB free.
    D: is CDROM (No Media)
    E: is Removable (No Media)
    F: is Network (NTFS)
    M: is Network (NTFS)
    P: is Network (NTFS)
    S: is Network (NTFS)
    T: is Network (NTFS)
    U: is Network (NTFS)
    [URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - WDC WD400BB-75DEA0 - 37.25 GiB - 2 partitions
    \PARTITION0 - Unknown - 39.19 MiB
    \PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:
    [URL="file://\\.\PHYSICALDRIVE1"]\\.\PHYSICALDRIVE1[/URL] - EPSON Stylus Storage USB Device

    -- Security Center
    AUOptions is set to notify before install.
    Windows Internal Firewall is enabled.
    AntivirusOverride is set.

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\CutWorks\\ceibase.exe"="C:\\Program Files\\CutWorks\\ceibase.exe:*:Enabled:CutWorks Desktop Executable"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

    -- Environment Variables
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\GERBER\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=D939QQ31
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\GERBER
    LOGONSERVER=\\D939QQ31
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;;C:\PROGRA~1\COMMON~1\AUTODE~1
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0209
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\GERBER\LOCALS~1\Temp
    TMP=C:\DOCUME~1\GERBER\LOCALS~1\Temp
    USERDOMAIN=D939QQ31
    USERNAME=GERBER
    USERPROFILE=C:\Documents and Settings\GERBER
    windir=C:\WINDOWS

    -- User Profiles
    GERBER (admin)
    rmuschamp (new local, admin)
    dparry (admin)
    Administrator (admin)

    -- Add/Remove Programs
    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
    AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
    ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
    AutoCAD LT 2000i --> MsiExec.exe /I{5783F2D7-0065-0409-0000-0060B0CE6BBA}
    CutWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1F98CDB-7066-43D8-9A02-C1428635A0C4}\setup.exe" -uninst
    Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
    EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
    EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
    EPSON ES CX6400 Manual --> C:\Program Files\epson\guide\cx6400_e\uninstall.exe
    EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B53B71D-9E2F-42B8-9123-96354872D166}\setup.exe" -l0x9 MyUninstall
    EPSON PhotoStarter3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" -l0x9 uninst
    EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL
    EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
    Intel(R) PRO Network Connections Drivers --> Prounstl.exe
    Intel(R) PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
    Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
    LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
    Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
    Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
    Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
    MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
    OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
    PawCom 2.7.0C for Access 2000/2002/2003 --> MsiExec.exe /I{98D37D48-1325-428E-91B1-27577F330BD0}
    Peachtree Premium Accounting 2006 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{90B45142-A746-431E-8B97-14E42E6D1E8C}
    ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
    Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
    Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
    Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
    Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
    Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"

    -- Application Event Log
    Event Record #/Type11107 / Warning
    Event Submitted/Written: 01/21/2008 06:48:38 AM
    Event ID/Source: 1004 / MsiInstaller
    Event Description:
    Detection of product '{00000409-78E1-11D2-B60F-006097C998E7}', feature 'ExcelUserData', component '{8ADD2C96-C8B7-11D1-9C67-0000F81F1B38}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Excel\UserData' does not exist.
    Event Record #/Type11105 / Warning
    Event Submitted/Written: 01/21/2008 06:48:32 AM
    Event ID/Source: 1004 / MsiInstaller
    Event Description:
    Detection of product '{00000409-78E1-11D2-B60F-006097C998E7}', feature 'OfficeUserData', component '{C9AF9050-C8BE-11D1-9C67-0000F81F1B38}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Common\UserData' does not exist.
    Event Record #/Type11102 / Error
    Event Submitted/Written: 01/21/2008 06:44:19 AM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Event Record #/Type11101 / Error
    Event Submitted/Written: 01/21/2008 06:44:16 AM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Event Record #/Type11060 / Error
    Event Submitted/Written: 01/16/2008 09:00:00 AM
    Event ID/Source: 8 / crypt32
    Event Description:
    Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

    -- Security Event Log
    No Errors/Warnings found.

    -- System Event Log
    Event Record #/Type31665 / Error
    Event Submitted/Written: 01/18/2008 05:51:51 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}
    Event Record #/Type31664 / Error
    Event Submitted/Written: 01/18/2008 05:51:09 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
    in order to run the server:
    {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    Event Record #/Type31663 / Error
    Event Submitted/Written: 01/18/2008 05:51:09 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
    in order to run the server:
    {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    Event Record #/Type31662 / Error
    Event Submitted/Written: 01/18/2008 05:51:05 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
    in order to run the server:
    {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    Event Record #/Type31661 / Error
    Event Submitted/Written: 01/18/2008 05:51:05 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
    in order to run the server:
    {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

    -- End of Deckard's System Scanner: finished at 2008-01-22 07:29:15




    Rahina Rescue wrote:
    Hello! No Problem!

    Please download Deckard's System Scanner (DSS) to your desktop.
    • Close all applications and windows.
    • Double-click on dss.exe to run it, and follow the prompts.
    • When the scan is complete, a text file will open - Main.txt
    • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
    • A folder, C:\Deckard\System Scanner, will also open. In it will be another text file, Extra.txt.
    • Please also copy the contents of Extra.txt to your post as well.
    • Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
    • What DSS will do:
    • create a new System Restore point in Windows XP and Vista.
    • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
This discussion has been closed.