HighJackThis log/recieving random errors

[OTHG_ChefTreb]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:59 AM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Kine\Runner.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.othg-gamers.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207341449203
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 3965 bytes

Ran VundoFix, TroganFinder and have NOD32 as intivirus. Followed OSIRIS,s remove spyware tut. Ran Memtest over 9 hours with no errors. link to other post with error message.
http://www.techist.com/forums/f9/problem-w-random-reboots-w-errors-174507/

 

[Redmo0n]

You ran ccleaner and cleanup?

Also do a registry clean with ccleaner.

 

[KSoD]

I dont see anything suspecious in there. Kine is a screensaver app right?

I mean these look like they could be removed:

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1207341449203
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

But that isnt necessary. That looks good. Are you still having the issues mentioned in that Windows thread? Post back in there after Osiris gives you the thumbs up.

 

[techpro5238]

Hello OTHG,

Lets get a deeper look at that computer. I suspect there is malware hidden deeper in the computer.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

This is also could be a hardware issue. We'll get you moved over to hardware if you need help as many error messages points towards RAM problems.

What do the error messages say?

Kind Regards,
Techpro5238

 

[OTHG_ChefTreb]

heres the text from DSS. you were right Redmo0n, I forgot to run ccleaner and cleanup, thanks. Also you were right Makaveli, Kine is an old screensaver app, my wife just loves it, it keeps going to each new machine we get,lol.
I couldnt get the whole text in one post so its in the next few.

Deckard's System Scanner v20071014.68
Run by OTHG_ChefTreb on 2008-05-09 17:18:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as OTHG_ChefTreb.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:12 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Kine\Runner.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\OTHG_ChefTreb\Desktop\dss.exe
C:\PROGRA~1\OTHG_C~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.othg-gamers.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-21-1343024091-1604221776-839522115-1005\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Melody')
O4 - HKUS\S-1-5-21-1343024091-1604221776-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Melody')
O4 - S-1-5-21-1343024091-1604221776-839522115-1005 Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE (User 'Melody')
O4 - S-1-5-21-1343024091-1604221776-839522115-1005 User Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE (User 'Melody')
O4 - Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207341449203
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4550 bytes

-- Files created between 2008-04-09 and 2008-05-09 -----------------------------

2008-05-09 16:50:15 0 dr-h----- C:\Documents and Settings\OTHG_ChefTreb\Recent
2008-05-09 08:56:39 0 d-------- C:\VundoFix Backups
2008-05-09 08:56:07 1424 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-09 08:09:40 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-09 08:09:40 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-09 08:09:40 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-05-09 08:09:40 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-09 08:09:40 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-09 08:09:32 0 d-------- C:\Program Files\Trojan Remover
2008-05-09 08:09:32 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Simply Super Software
2008-05-09 08:09:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-09 08:09:04 0 d-------- C:\Program Files\MSConfig CleanUp
2008-05-09 08:07:06 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-09 08:07:06 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-09 08:07:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-09 08:07:06 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-09 08:07:06 77824 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-09 08:07:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-08 19:25:23 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Uniblue
2008-05-07 18:53:24 0 d-------- C:\WINDOWS\Sun
2008-05-07 18:53:24 0 d-------- C:\Documents and Settings\Melody\Application Data\Sun
2008-05-05 18:04:28 0 d-------- C:\Program Files\Empire Interactive
2008-05-04 22:22:00 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-05-04 22:20:52 0 d-------- C:\Program Files\Common Files\LightScribe
2008-05-04 22:19:25 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Ahead
2008-05-04 22:16:47 0 d-------- C:\Program Files\Nero
2008-05-04 22:16:47 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-04 22:16:22 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-04 08:58:14 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\InstallShield
2008-05-04 08:23:17 0 d-------- C:\Program Files\EVGA Precision
2008-05-02 16:47:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-02 16:47:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-02 10:41:27 0 d--hs---- C:\found.000
2008-04-28 17:47:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-28 17:45:55 0 d-------- C:\Program Files\TmNationsForever
2008-04-26 11:05:21 12911 --a------ C:\WINDOWS\system32\tablet.dat
2008-04-26 11:05:19 0 d-------- C:\Program Files\Tablet
2008-04-25 19:31:26 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Sun
2008-04-23 12:23:00 0 d-------- C:\WINDOWS\system32\CTF
2008-04-20 22:30:04 0 d-------- C:\Program Files\NVIDIA Corporation
2008-04-20 22:29:22 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-04-19 16:54:53 2883584 --a------ C:\Documents and Settings\Melody\ntuser.dat
2008-04-19 16:54:53 2039808 --a------ C:\Documents and Settings\Jesse\ntuser.dat
2008-04-19 16:54:53 1888256 --a------ C:\Documents and Settings\Haley\ntuser.dat
2008-04-19 16:54:52 3932160 --a------ C:\Documents and Settings\OTHG_ChefTreb\ntuser.dat
2008-04-17 22:48:11 0 d---s---- C:\Documents and Settings\Haley\UserData
2008-04-17 22:32:09 0 d-------- C:\Documents and Settings\Haley\Application Data\Macromedia
2008-04-17 17:29:22 0 d-------- C:\Program Files\Microsoft Games
2008-04-17 08:52:23 0 d-------- C:\Program Files\CCleaner
2008-04-15 11:47:11 0 d-------- C:\Program Files\MSXML 6.0
2008-04-15 11:45:53 0 d-------- C:\Program Files\MSXML 4.0
2008-04-15 11:39:08 0 d-------- C:\Program Files\RivaTuner v2.08
2008-04-15 10:17:21 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Help
2008-04-15 09:27:23 0 d-------- C:\Program Files\Futuremark
2008-04-15 08:24:42 0 d-------- C:\WINDOWS\system32\Futuremark
2008-04-13 19:52:34 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Hamachi
2008-04-13 19:52:12 0 d-------- C:\Program Files\Hamachi
2008-04-13 19:51:30 0 d-------- C:\MVATM
2008-04-13 19:37:56 0 d-------- C:\Program Files\THQ
2008-04-13 18:44:39 0 d-------- C:\Documents and Settings\Melody\Application Data\ArcSoft
2008-04-13 18:41:40 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-13 18:41:40 0 d-------- C:\Program Files\ArcSoft
2008-04-13 18:23:23 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-04-13 18:23:02 52736 --a------ C:\WINDOWS\system32\brinsstr.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2008-04-13 18:22:52 188416 --a------ C:\WINDOWS\system32\PDRVINST.DLL <Not Verified; brother; installer>
2008-04-13 18:22:52 69632 --a------ C:\WINDOWS\system32\BRWEBUP.EXE <Not Verified; brother; brother brwebup>
2008-04-13 18:22:52 86016 --a------ C:\WINDOWS\system32\BrWebIns.dll <Not Verified; brother; brother BrWebIns>
2008-04-13 18:22:51 34816 --a------ C:\WINDOWS\system32\BrWiaNCp.dll <Not Verified; Brother Industries,Ltd.; Brother MFC Network Scanner>
2008-04-13 18:22:51 37376 --a------ C:\WINDOWS\system32\Brnsplg.dll <Not Verified; Brother Industries,Ltd; Brother Insustries,Ltd>
2008-04-13 18:22:51 54784 --a------ C:\WINDOWS\system32\BrNetSti.dll <Not Verified; Brother Industries, Ltd.; Brother Industries, Ltd.>
2008-04-13 18:22:47 0 d-------- C:\Brother
2008-04-13 18:22:45 163840 --a------ C:\WINDOWS\system32\NSSearch.dll <Not Verified; brother; brother NSSearch>
2008-04-13 18:22:45 126976 --a------ C:\WINDOWS\system32\BrfxD05a.dll <Not Verified; Brother Industries,LTD; Brother PC-FAX DIAL Dynamic Link Library>
2008-04-13 18:22:45 0 --a------ C:\WINDOWS\brdfxspd.dat
2008-04-13 18:22:45 0 d-------- C:\Program Files\Brother
2008-04-13 18:22:44 106496 --a------ C:\WINDOWS\system32\BrMuSNMP.dll
2008-04-13 18:22:44 147456 --a------ C:\WINDOWS\brunin03.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2008-04-13 18:20:57 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-13 18:20:49 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-04-13 18:20:44 0 d-------- C:\Program Files\ScanSoft
2008-04-13 18:20:44 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-13 18:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-04-11 21:41:33 0 d-------- C:\Program Files\SiSoftware
2008-04-11 21:39:48 0 d-------- C:\Program Files\Java
2008-04-11 21:39:30 0 d-------- C:\Program Files\Common Files\Java
2008-04-11 21:29:45 0 d-------- C:\Program Files\SiSoftware Sandra PRO SP2 2008.4.14.20(NEW-with serial key)
2008-04-10 22:58:46 0 d-------- C:\WINDOWS\nvidia icons
2008-04-10 22:58:27 0 d-------- C:\WINDOWS\nview
2008-04-10 22:57:48 0 d-------- C:\NVIDIA
2008-04-10 21:43:08 0 d-------- C:\b773aa2c841b2ac2a6f266aca5f845b9
2008-04-10 21:42:59 0 d-------- C:\e469c3c9ace9b911d62bc960fa
2008-04-09 20:09:13 0 d-------- C:\Program Files\MSBuild
2008-04-09 20:07:30 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 20:07:14 0 d-------- C:\Program Files\Reference Assemblies
2008-04-09 15:40:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SBT
2008-04-09 15:40:38 0 d-------- C:\Program Files\Snapshot Viewer
2008-04-09 15:36:26 0 d-------- C:\WINDOWS\ShellNew
2008-04-09 15:35:42 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Microsoft Web Folders
2008-04-09 10:08:31 0 d-------- C:\Documents and Settings\Jesse\Application Data\Macromedia
2008-04-09 10:08:01 0 d-------- C:\Documents and Settings\Jesse\Application Data\Adobe

 

[OTHG_ChefTreb]

-- Find3M Report ---------------------------------------------------------------

2008-05-09 17:18:12 4551 --a------ C:\Program Files\hijackthis.log
2008-05-09 08:53:34 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Xfire
2008-05-04 22:20:52 0 d-------- C:\Program Files\Common Files
2008-05-04 08:58:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-02 18:36:41 0 d-------- C:\Program Files\Xfire
2008-05-02 01:38:44 0 d-------- C:\Program Files\Realtek
2008-04-27 11:53:47 0 --a------ C:\WINDOWS\system32\Biport
2008-04-17 08:53:35 0 d-------- C:\Program Files\HP
2008-04-14 20:54:58 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Adobe
2008-04-13 18:21:07 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-09 15:40:13 0 d-------- C:\Program Files\microsoft frontpage
2008-04-06 18:32:02 0 d-------- C:\Program Files\cpuz
2008-04-06 12:59:53 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-06 12:57:53 0 d-------- C:\Program Files\Common Files\HP
2008-04-06 09:56:19 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-04-05 22:55:07 0 d-------- C:\Program Files\rFactor
2008-04-05 22:53:59 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\WinRAR
2008-04-05 21:34:35 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-05 21:34:25 0 d-------- C:\Program Files\Logitech
2008-04-05 21:22:08 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-04-04 22:47:24 2545 --a------ C:\WINDOWS\unins000.dat
2008-04-04 22:43:01 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-04 22:36:49 0 d-------- C:\Program Files\Messenger
2008-04-04 22:36:49 0 d-------- C:\Program Files\Easy Thumbnails
2008-04-04 22:05:18 0 d-------- C:\Program Files\Gigabyte
2008-04-04 21:04:57 0 d-------- C:\Program Files\Activision
2008-04-04 20:54:14 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Ventrilo
2008-04-04 20:38:57 0 d-------- C:\Program Files\Ventrilo
2008-04-04 20:38:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 20:11:27 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Macromedia
2008-04-04 18:00:48 0 d-------- C:\Program Files\Program Files
2008-04-04 16:40:28 0 d-------- C:\Program Files\Google
2008-04-04 16:39:09 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-04 01:49:11 0 d-------- C:\Program Files\Winamp
2008-04-04 01:49:11 0 d-------- C:\Program Files\Synthesoft
2008-04-04 01:49:10 0 d-------- C:\Program Files\Kine
2008-04-04 01:49:08 0 d-------- C:\Program Files\CDSpectrum Pro
2008-04-04 01:11:28 0 d-------- C:\Program Files\Online Services
2008-04-04 00:05:48 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-04 00:04:17 0 d-------- C:\Program Files\Intel
2008-04-04 00:00:20 0 d-------- C:\Documents and Settings\OTHG_ChefTreb\Application Data\Identities
2008-04-03 23:55:44 0 -rahs---- C:\MSDOS.SYS
2008-04-03 23:55:44 0 -rahs---- C:\IO.SYS
2008-04-03 23:55:44 0 --a------ C:\CONFIG.SYS
2008-04-03 23:55:44 0 --a------ C:\AUTOEXEC.BAT
2008-04-03 23:55:01 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-03 23:54:23 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-03 23:54:16 0 d-------- C:\Program Files\Movie Maker
2008-04-03 23:53:55 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-03 23:53:23 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-03 23:53:16 0 d-------- C:\Program Files\Windows NT
2008-04-03 17:43:13 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-03 17:43:11 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-03 17:42:49 62 --ahs---- C:\Documents and Settings\OTHG_ChefTreb\Application Data\desktop.ini
2008-03-24 19:52:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-03-24 19:52:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-03-24 19:52:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-03-24 19:52:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-03-24 19:52:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-03-24 19:52:00 1482752 --a------ C:\WINDOWS\system32\nview.dll
2008-03-24 19:52:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-03-24 19:52:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-03-24 19:52:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [04/06/2008 09:56 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/24/2008 07:52 PM]

C:\Documents and Settings\OTHG_ChefTreb\Start Menu\Programs\Startup\
Runner.LNK - C:\Program Files\Kine\Runner.EXE [4/4/2008 1:49:10 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
C:\Program Files\Gigabyte\ET5Pro\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S




-- End of Deckard's System Scanner: finished at 2008-05-09 17:18:26 ------------

I had to run DSS a second time to get all the text cut up so I could make it fit in here, the second time it didnt give me the "exta text". dont know why, and is there any way I can get it back. It looked important because it had info in the of the errors Ive been getting.
Thanks a million for all your help and YOU GUYS ROCK!
Chef

 

[techpro5238]

How is the system running now?

Step1

Please delete the following files (if they exist):

C:\found.000

Step2

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

EDIT: What do the error messages you get say?

Logs Needed In Next Post:
-------------------------------

Panda ActiveScan Report
New Hijackthis Log
Report on how the System is doing

 

[techpro5238]

Please note my edit.

 

[KSoD]

I still do not see anything on there that shows any sign of being malware or spyware. I do see some temp folders that can be deleted.

2008-04-10 21:43:08 0 d-------- C:\b773aa2c841b2ac2a6f266aca5f845b9
2008-04-10 21:42:59 0 d-------- C:\e469c3c9ace9b911d62bc960fa

The errors are not specific. I have already looked them over from the screenshots he posted. My best guess would be Driver conflict.

 

[techpro5238]

The temporary folders will be dealt with at the end of the fixes.

Thank you for your input Makaveli23. (I don't either so I am closing this with a final scan)