There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox freeze google hard drive hardware hijackthis internet laptop logon logs off macro malware motherboard network networking problem ram recovery router screen slow software sound trojan usb userinit.exe virus vista webcam wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: xlibgfl254.dll error (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
joseph28's Avatar
Member with 53 posts.
  
Join Date: Mar 2007
Location: lebanon
Experience: Intermediate
09-Mar-2007, 11:41 AM #1
Solved: xlibgfl254.dll error
the application or dll C:\WINDOWS\system32\xlibgfl254.dll is not a valid windows image. please check this against your installation diskette.


Logfile of HijackThis v1.99.1
Scan saved at 6:41:04 PM, on 3/9/2007
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\UpsPilot\Winpower.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\UpsPilot\monitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\UpsPilot\hello21.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0495A58-EA35-4964-B665-DA1CFA52B085}: NameServer = 172.17.10.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Winpower - Zero G - C:\PROGRA~1\UpsPilot\Winpower.exe
Register for free to hide this ad!
JSntgRvr's Avatar
Moderator with 15,334 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
09-Mar-2007, 11:53 AM #2
Hi, joseph28

Welcome to TSG.

Please download ComboScan by Deckard from Here and save it to your Desktop.
  • Double click comboScan.exe and follow the prompts.
  • When finished, it shall produce a log for you.
  • Post the contents of that log in your next reply.
  • Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\ComboScan folder. You will find two logs in the folder, ComboScan.txt and Supplementary.txt.
  • Open the Supplementary.txt log in Notepad
  • Also Copy and Paste its contents in a reply.
__________________
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for 5 days will no longer be part of my subscriptions.
joseph28's Avatar
Member with 53 posts.
  
Join Date: Mar 2007
Location: lebanon
Experience: Intermediate
09-Mar-2007, 12:09 PM #3
thanks JSntgRvr for your quick reply
here is what you asked for:
ComboScan v20070306.20 run by zouzou on 2007-03-09 at 18:59:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
41: 2007-03-09 16:59:35 UTC - RP41 - ComboScan Restore Point
40: 2007-03-09 15:31:21 UTC - RP40 - Removed Windows Live Messenger
39: 2007-03-09 15:30:18 UTC - RP39 - Installed Windows Live Messenger
38: 2007-03-09 13:57:13 UTC - RP38 - System Checkpoint
37: 2007-03-07 11:03:48 UTC - RP37 - System Checkpoint


-- First Restore Point --
1: 2007-01-26 17:10:32 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as zouzou.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:59:51 PM, on 3/9/2007
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\UpsPilot\Winpower.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\UpsPilot\monitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\UpsPilot\hello21.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\IDA\_IDA.exe
C:\Downloads\Programs\comboscan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\HIJACK~1\zouzou.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0495A58-EA35-4964-B665-DA1CFA52B085}: NameServer = 172.17.10.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Winpower - Zero G - C:\PROGRA~1\UpsPilot\Winpower.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S 61883 (61883 Unit Device) - C:\WINDOWS\system32\drivers\61883.sys
3R ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3S Avc (AVC Device) - C:\WINDOWS\system32\drivers\avc.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
3S GMSIPCI - E:\INSTALL\GMSIPCI.SYS (not found)
3R HCF_MSFT - C:\WINDOWS\system32\drivers\HCF_MSFT.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
1R ikhlayer (Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhlayer.sys
2R MaVctrl - C:\WINDOWS\system32\drivers\MaVc2K.sys
3S MSDV (Microsoft DV Camera and VCR) - C:\WINDOWS\system32\drivers\msdv.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051129.016\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051129.016\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R SAVRT - C:\Program Files\Norton AntiVirus\savrt.sys
1R SAVRTPEL - C:\Program Files\Norton AntiVirus\Savrtpel.sys
3S Ser2pl (MAT Serial port driver) - C:\WINDOWS\system32\drivers\ser2pl.sys
3R SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3R SISNIC (SiS PCI Fast Ethernet Adapter Driver) - C:\WINDOWS\system32\drivers\sisnic.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
0R uagp35 (%uagp35_svcdesc%) - C:\WINDOWS\system32\drivers\UAGP35.SYS
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3S IDriverT (InstallDriver Table Manager) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2R navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
2R NPFMntor (Norton AntiVirus Firewall Monitor Service) - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
3S ose (Office Source Engine) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
3S SAVScan - C:\Program Files\Norton AntiVirus\SAVScan.exe
2S SBService (ScriptBlocking Service) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
3S SCardDrv (Smart Card Helper) - C:\WINDOWS\System32\SCardSvr.exe
2R SDhelper (PC Tools Spyware Doctor) - C:\Program Files\Spyware Doctor\sdhelp.exe
2R SNDSrvc (Symantec Network Drivers Service) - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
2R SPBBCSvc (Symantec SPBBCSvc) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
2R Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
3S TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
2R uploadmgr (Upload Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R usnjsvc (Messenger Sharing Folders USN Journal Reader service) - C:\Program Files\MSN Messenger\usnsvc.exe
3S Visual Studio Analyzer RPC bridge - C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
2R Winpower - C:\PROGRA~1\UpsPilot\Winpower.exe -zglaxservice Winpower


-- Scheduled Tasks -------------------------------------------------------------

2007-03-09 18:01:50 532 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - zouzou.job<NORTON~1.JOB>
2007-03-09 17:27:22 392 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job<1-CLIC~1.JOB>
2007-03-09 12:44:13 466 --a------ C:\WINDOWS\Tasks\WebReg 20070126124459.job<WEBREG~1.JOB>
2007-02-26 12:44:09 392 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1169844229.job<FRUTAS~1.JOB>


-- Files created between 2007-02-09 and 2007-03-09 -----------------------------

2007-03-09 18:08:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-03-09 17:57:39 4608 --a------ C:\WINDOWS\System32\drivers\symlcbrd.sys
2007-03-09 17:57:30 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-07 13:40:55 0 d-------- C:\Program Files\MVP Software<MVPSOF~1>
2007-03-01 18:20:11 0 d-------- C:\Program Files\Ricochet
2007-03-01 18:05:15 0 d-------- C:\WINDOWS\pss
2007-02-27 14:11:21 0 d-------- C:\Program Files\directx
2007-02-27 14:10:33 0 d-------- C:\Program Files\Infogrames Interactive<INFOGR~1>
2007-02-27 14:09:43 0 d-------- C:\ALADDIN
2007-02-27 14:09:21 0 d-------- C:\GAMES
2007-02-27 14:09:07 0 d-------- C:\ASTERIX
2007-02-27 13:50:14 0 d--h----- C:\WINDOWS\PIF
2007-02-27 13:49:40 0 d-------- C:\MARIO
2007-02-22 13:45:53 45312 --a------ C:\WINDOWS\System32\drivers\ma8630u.sys
2007-02-22 13:45:53 25428 --a------ C:\WINDOWS\System32\drivers\ma8630m.sys
2007-02-22 13:45:53 23248 --a------ C:\WINDOWS\System32\drivers\ma8630c.sys
2007-02-22 13:45:44 24789 --a------ C:\WINDOWS\System32\drivers\MaVctrl.sys
2007-02-22 13:45:44 11473 --a------ C:\WINDOWS\System32\drivers\MaVc2K.sys
2007-02-22 13:45:44 49484 --a------ C:\WINDOWS\System32\drivers\mardpnp.sys
2007-02-22 13:45:44 49867 --a------ C:\WINDOWS\System32\drivers\mardp2k.sys
2007-02-21 18:59:55 21648 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-02-21 18:59:43 96928 --a------ C:\WINDOWS\system\BWCC000C.DLL
2007-02-21 18:59:43 96912 --a------ C:\WINDOWS\system\BWCC0009.DLL
2007-02-21 18:59:43 97072 --a------ C:\WINDOWS\system\BWCC0007.DLL
2007-02-21 18:59:43 164928 --a------ C:\WINDOWS\system\BWCC.DLL
2007-02-21 18:59:37 264800 --a------ C:\WINDOWS\system\BOCOLE.DLL
2007-02-21 18:59:34 58192 --a------ C:\WINDOWS\system\MHRUN300.DLL
2007-02-21 18:59:34 244192 --a------ C:\WINDOWS\system\MHCARDS.DLL
2007-02-21 18:59:26 81920 --a------ C:\WINDOWS\system\BIVBX11.DLL
2007-02-21 18:59:23 0 d-------- C:\ACROREAD
2007-02-21 18:59:13 0 d-------- C:\TCWIN45
2007-02-21 17:52:49 0 d-------- C:\New Folder<NEWFOL~1>
2007-02-21 15:42:54 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-02-19 14:40:54 0 d-------- C:\Program Files\3D Grapher<3DGRAP~1>
2007-02-15 17:31:36 0 d-------- C:\Program Files\Web Publish<WEBPUB~1>
2007-02-15 14:45:55 143872 --a------ C:\WINDOWS\System32\iacenc.dll
2007-02-15 14:42:28 0 d-------- C:\Program Files\CherrySoft<CHERRY~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-09 18:59:57 7240 --a------ C:\WINDOWS\System32\unimdmlt.dat
2007-03-09 18:58:55 0 --a------ C:\WINDOWS\System32\shimeng.dat
2007-03-09 18:58:55 0 --a------ C:\WINDOWS\System32\iissupa.dat
2007-03-09 18:58:55 0 --a------ C:\WINDOWS\System32\cryptdlz.dat
2007-03-09 18:58:55 21302 --a------ C:\WINDOWS\System32\apphelbv.dat
2007-03-09 18:53:39 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-09 18:52:12 0 --a------ C:\WINDOWS\System32\wshipm.dat
2007-03-09 18:52:12 0 --a------ C:\WINDOWS\System32\ntmsmgg.dat
2007-03-09 18:52:12 0 --a------ C:\WINDOWS\System32\ipsmsnep.dat
2007-03-09 17:58:23 0 d-------- C:\Program Files\Symantec
2007-03-09 17:30:39 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-08 16:09:28 0 d-------- C:\Program Files\UpsPilot
2007-03-07 11:11:55 0 d---s---- C:\Documents and Settings\zouzou\Application Data\Microsoft<MICROS~1>
2007-03-01 12:08:31 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-01 12:08:15 0 d-------- C:\Program Files\Google
2007-02-19 17:20:51 0 d-------- C:\Documents and Settings\zouzou\Application Data\Real
2007-02-19 16:55:52 0 d-------- C:\Program Files\Java
2007-02-19 16:03:52 396 --a------ C:\WINDOWS\System32\dpu1c.dat
2007-02-19 16:01:09 0 --a------ C:\WINDOWS\System32\sdhcinse.dat
2007-02-19 16:01:09 0 --a------ C:\WINDOWS\System32\kbdinbl1.dat
2007-02-19 16:01:09 0 --a------ C:\WINDOWS\System32\kbdhwlb.dat
2007-02-09 12:41:13 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-07 20:10:46 0 d-------- C:\Program Files\IDA
2007-02-06 15:34:21 0 d-------- C:\Documents and Settings\zouzou\Application Data\DataLayer<DATALA~1>
2007-02-06 15:29:10 0 d-------- C:\Program Files\6610i USB-Handset Manager<6610IU~1>
2007-02-06 15:29:04 0 d-------- C:\Documents and Settings\zouzou\Application Data\MobileAction<MOBILE~1>
2007-02-05 09:39:54 0 d-------- C:\Documents and Settings\zouzou\Application Data\ultra
2007-02-03 10:39:38 0 d-------- C:\Program Files\In bed with Alison<INBEDW~1>
2007-02-01 19:18:03 425 --a------ C:\WINDOWS\System32\umpnpkgr.dat
2007-02-01 15:44:16 0 d-------- C:\Documents and Settings\zouzou\Application Data\Sun
2007-01-30 09:19:27 286720 -----n--- C:\WINDOWS\Setup1.exe
2007-01-30 09:19:25 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-01-28 22:03:08 0 d-------- C:\Program Files\RM to MP3 Converter<RMTOMP~1>
2007-01-28 19:11:17 0 d-------- C:\Documents and Settings\zouzou\Application Data\Apple Computer<APPLEC~1>
2007-01-28 14:06:31 0 d-------- C:\Documents and Settings\zouzou\Application Data\Ahead
2007-01-28 13:55:07 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-01-28 13:52:42 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-28 12:59:58 0 d-------- C:\Documents and Settings\zouzou\Application Data\Google
2007-01-28 12:48:47 0 d-------- C:\Documents and Settings\zouzou\Application Data\MSN6
2007-01-28 11:26:04 0 d-------- C:\Program Files\Common Files\L&H
2007-01-28 11:25:43 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-01-28 11:25:05 0 d-------- C:\Program Files\Microsoft Works<MICROS~4>
2007-01-28 11:24:18 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-01-28 11:06:37 0 d-------- C:\Program Files\Total Video Converter<TOTALV~1>
2007-01-28 10:04:06 0 d-------- C:\Documents and Settings\zouzou\Application Data\Internet Download Accelerator<INTERN~1>
2007-01-28 08:18:55 606848 --a------ C:\WINDOWS\flashax.exe
2007-01-28 08:18:54 12288 --a------ C:\WINDOWS\impborl.dll
2007-01-27 00:14:28 2516 --ahs---- C:\WINDOWS\System32\KGyGaAvL.sys
2007-01-27 00:10:26 0 d-------- C:\Program Files\DivX
2007-01-26 23:59:44 0 d-------- C:\Documents and Settings\zouzou\Application Data\Macromedia<MACROM~1>
2007-01-26 23:59:16 0 d-------- C:\Documents and Settings\zouzou\Application Data\Nokia Multimedia Player<NOKIAM~1>
2007-01-26 23:39:03 114688 --a------ C:\WINDOWS\System32\wmatimer.dll
2007-01-26 23:36:41 0 d-------- C:\Documents and Settings\zouzou\Application Data\PC Suite<PCSUIT~1>
2007-01-26 23:36:02 0 d-------- C:\Program Files\Nokia
2007-01-26 23:34:25 0 d-------- C:\Program Files\Common Files\PCSuite
2007-01-26 23:34:20 0 d-------- C:\Program Files\Common Files\Nokia
2007-01-26 23:33:02 56 -r-hs---- C:\WINDOWS\System32\895FC8074A.sys<895FC8~1.SYS>
2007-01-26 23:31:28 0 d-------- C:\Documents and Settings\zouzou\Application Data\PC Tools<PCTOOL~1>
2007-01-26 23:29:33 0 d-------- C:\Program Files\Flash Movie Player<FLASHM~1>
2007-01-26 23:29:24 0 d-------- C:\Program Files\FLVPlayer<FLVPLA~1>
2007-01-26 23:29:15 0 d-------- C:\Program Files\Common Files\Real
2007-01-26 23:28:53 0 d-------- C:\Program Files\Real
2007-01-26 23:28:45 0 d-------- C:\Program Files\Common Files\Java
2007-01-26 23:27:45 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-01-26 23:27:30 0 d-------- C:\Program Files\Robusst.ws
2007-01-26 23:26:27 0 d-------- C:\Program Files\TuneUp Utilities 2006<TUNEUP~1>
2007-01-26 23:24:10 0 d-------- C:\Documents and Settings\zouzou\Application Data\TuneUp Software<TUNEUP~1>
2007-01-26 23:23:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-01-26 23:23:22 0 d-------- C:\Program Files\Xing
2007-01-26 23:23:21 0 d-------- C:\Program Files\Common Files\Xing Shared<XINGSH~1>
2007-01-26 23:18:22 0 d-------- C:\Documents and Settings\zouzou\Application Data\InterTrust<INTERT~1>
2007-01-26 23:18:22 0 d-------- C:\Documents and Settings\zouzou\Application Data\Adobe
2007-01-26 23:12:35 47848 --a------ C:\WINDOWS\hpiins01.dat
2007-01-26 23:09:57 0 d-------- C:\Program Files\Hewlett Packard<HEWLET~2>
2007-01-26 23:08:11 0 d-------- C:\Program Files\Common Files\HP
2007-01-26 23:06:38 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-01-26 22:54:30 0 d-------- C:\Program Files\HP
2007-01-26 22:50:17 0 d-------- C:\Documents and Settings\zouzou\Application Data\Help
2007-01-26 22:47:10 0 d-------- C:\Program Files\Canon
2007-01-26 22:44:35 0 d-------- C:\Documents and Settings\zouzou\Application Data\Hewlett-Packard<HEWLET~1>
2007-01-26 22:43:48 20738 --a------ C:\WINDOWS\hpoins01.dat
2007-01-26 22:42:38 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-01-26 22:40:06 56832 --a------ C:\WINDOWS\System32\smemory.dll
2007-01-26 22:40:06 35992 --a------ C:\WINDOWS\System32\jspWinRnia.DLL<JSPWIN~2.DLL>
2007-01-26 22:40:06 0 d--h----- C:\Program Files\Zero G Registry<ZEROGR~1>
2007-01-26 22:40:05 49152 --a------ C:\WINDOWS\System32\TrayIcon12.dll<TRAYIC~1.DLL>
2007-01-26 22:40:05 53248 --a------ C:\WINDOWS\System32\jspWinRni.DLL<JSPWIN~1.DLL>
2007-01-26 22:40:05 60156 --a------ C:\WINDOWS\System32\jspWinNm.DLL
2007-01-26 22:40:05 45056 --a------ C:\WINDOWS\System32\jspWin.dll
2007-01-26 22:38:51 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-01-26 19:41:29 0 d-------- C:\Documents and Settings\zouzou\Application Data\Symantec
2007-01-26 19:36:37 0 d-------- C:\Program Files\SiS VGA Utilities V3.56<SISVGA~1.56>
2007-01-26 19:33:06 0 d-------- C:\Program Files\Ahead
2007-01-26 19:30:38 0 d-------- C:\Program Files\Common Files\Ahead
2007-01-26 19:25:37 0 d-------- C:\Program Files\SiSLan
2007-01-26 19:23:31 664 --a------ C:\WINDOWS\System32\d3d9caps.dat
2007-01-26 19:12:32 0 d-------- C:\Documents and Settings\zouzou\Application Data\Identities<IDENTI~1>
2007-01-26 19:04:57 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-01-26 19:04:36 0 -rahs---- C:\MSDOS.SYS
2007-01-26 19:04:36 0 -rahs---- C:\IO.SYS
2007-01-26 19:04:36 0 --a------ C:\CONFIG.SYS
2007-01-26 19:04:36 0 --a------ C:\AUTOEXEC.BAT
2007-01-26 19:03:07 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-01-26 19:02:46 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-01-26 19:02:02 0 d-------- C:\Program Files\Common Files\MSSoap
2007-01-26 19:00:57 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-01-26 19:00:35 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-01-26 19:00:20 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-01-26 19:00:08 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-01-26 10:54:58 0 d-------- C:\Program Files\Common Files\ODBC
2007-01-26 10:54:54 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-01-26 10:54:23 62 --ahs---- C:\Documents and Settings\zouzou\Application Data\desktop.ini
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\System32\sirenacm.dll
joseph28's Avatar
Member with 53 posts.
  
Join Date: Mar 2007
Location: lebanon
Experience: Intermediate
09-Mar-2007, 12:10 PM #4
-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SiS Windows KeyHook"="C:\\WINDOWS\\System32\\keyhook.exe"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Winpower"="C:\\Program Files\\UpsPilot\\Winpower.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier. exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray"
"DataLayer"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"BluetoothAuthenticationAgent"="rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
xmlprov REG_MULTI_SZ xmlprov\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CCEVTMGR
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NAVAPSVC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NAVENG
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NAVEX15
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SNDSRVC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SPBBCSVC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SYMDNS
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_USNJSVC


-- End of ComboScan: finished at 2007-03-09 at 19:00:36 ------------------------

ComboScan v20070306.20 run by zouzou on 2007-03-09 at 18:59:27
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 479.48 MiB / 162.06 MiB
Pagefile Memory (total/avail): 1122.3 MiB / 738.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1993.92 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 22.35 GiB free.
D: is Fixed (NTFS) - 35.46 GiB total, 3.49 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\zouzou\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-3DB5E9317F
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\zouzou
LOGONSERVER=\\YOUR-3DB5E9317F
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\TCWIN45\BIN;C:\Program Files\MSN\MSNCoreFiles
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\zouzou\LOCALS~1\Temp
TMP=C:\DOCUME~1\zouzou\LOCALS~1\Temp
USERDOMAIN=YOUR-3DB5E9317F
USERNAME=zouzou
USERPROFILE=C:\Documents and Settings\zouzou
windir=C:\WINDOWS
ZETZCFABDJRQH=MQHLB


-- User Profiles ---------------------------------------------------------------

zouzou (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Grapher 1.21 --> "C:\Program Files\3D Grapher\unins000.exe"
6610i USB-Handset Manager --> C:\WINDOWS\USB6610iphmgunin.exe C:\Program Files\6610i USB-Handset Manager\FileList.ini
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Beach Head 2002 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames Interactive\Beach Head 2002\Uninst.isu"
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities ZoomBrowser EX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Flash Movie Player 1.4 --> C:\Program Files\Flash Movie Player\uninst.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HP Digital Photo Advisor --> MsiExec.exe /X{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}
HP Image Zone 4.5 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photosmart Cameras 4.5 --> C:\Program Files\Hewlett-Packard\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
In bed with Alison --> C:\Program Files\In bed with Alison\Uninstal.exe
Interactive User’s Guide --> MsiExec.exe /I{E786D4DB-EB0D-4474-ADC2-3C229BC17FCA}
Internet Download Accelerator version 4.4 --> "C:\Program Files\IDA\unins000.exe"
Internet Speed Booster 3.0 --> "C:\Program Files\Robusst.ws\ISB\unins000.exe"
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 6.0 Docs --> "C:\Program Files\Microsoft Visual Studio\MSDN98\VC6intro\1033\Setup\Setup.exe"
Microsoft Visual C++ 6.0 Introductory Edition --> "C:\Program Files\Microsoft Visual Studio\VC98\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}
Nokia PC Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{9012E9AD-0183-4FAD-A379-BCC5B6C62098}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Ricochet 1.3 --> "C:\Program Files\Ricochet\unins000.exe"
RM to MP3 Converter 1.36 --> "C:\Program Files\RM to MP3 Converter\unins000.exe"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,r,0
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 3.5 --> "C:\Program Files\Spyware Doctor\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Real Deal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{321C28E0-2926-11D5-B3F1-00485486D0B6}\setup.exe"
Total Video Converter 3.01 --> "C:\Program Files\Total Video Converter\unins000.exe"
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Ultra soft --> C:\Documents and Settings\zouzou\Application Data\ultra\uninstall.bat
Video Strippoker 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CherrySoft\VideoPoker2\Uninst.isu"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Winpower --> "C:\Program Files\UpsPilot\UninstallerData\Uninstall.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XingMPEG Encoder --> C:\PROGRA~1\Xing\XINGMP~1\uninst.exe C:\PROGRA~1\Xing\XINGMP~1\install.log


-- End of ComboScan: finished at 2007-03-09 at 19:00:36 ------------------------
JSntgRvr's Avatar
Moderator with 15,334 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
09-Mar-2007, 12:34 PM #5
Hi, joseph28

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous. As a precaution, we will make a backup of the registry first.

Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing. Please follow the steps that are listed below EXACTLY. If you cannot preform some of these steps, or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  1. Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked
  6. Press OK
  7. Press YES to create the folder.
Registry Modifications

Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\xlibgfl254.dll

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
    • If able, copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on a note pad document. Save it on the desktop and post its contents in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Download Superantispyware (SAS)
  1. Install it and double-click the icon on your desktop to run it.
  2. It will ask if you want to update the program definitions, click Yes.
  3. Under Configuration and Preferences, click the Preferences button.
  4. Click the Scanning Control tab.
  5. Under Scanner Options make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Please leave the others unchecked.
    5. Click the Close button to leave the control center screen.
  6. On the main screen, under Scan for Harmful Software click Scan your computer.
  7. On the left check C:\Fixed Drive.
  8. On the right, under Complete Scan, choose Perform Complete Scan.
  9. Click Next to start the scan. Please be patient while it scans your computer.
  10. After the scan is complete a summary box will appear. Click OK.
  11. Make sure everything in the white box has a check next to it, then click Next.
  12. It will quarantine what it found and if it asks if you want to reboot, click Yes.
  13. To retrieve the removal information, please do the following:
    1. After reboot, double-click the SUPERAntispyware icon on your desktop.
    2. Click Preferences. Click the Statistics/Logs tab.
    3. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    4. It will open in your default text editor (such as Notepad/Wordpad).
    5. Please highlight everything in the notepad, then right-click and choose copy.
  14. Click close and close again to exit the program.
  15. Please paste that information in your next reply along with a fresh HijackThis log.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
__________________
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for 5 days will no longer be part of my subscriptions.
joseph28's Avatar
Member with 53 posts.
  
Join Date: Mar 2007
Location: lebanon
Experience: Intermediate
09-Mar-2007, 02:48 PM #6
LoadLibrary failed for C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\xlibgfl254.dll NOT unregistered.
C:\WINDOWS\system32\xlibgfl254.dll moved successfully.

Created on 03/09/2007 20:08:47
joseph28's Avatar
Member with 53 posts.
  
Join Date: Mar 2007
Location: lebanon
Experience: Intermediate
09-Mar-2007, 02:50 PM #7
Logfile of HijackThis v1.99.1
Scan saved at 9:49:54 PM, on 3/9/2007
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\IDA\_IDA.exe
C:\Downloads\Programs\comboscan.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKLM\..\RunOnce: [NAVNT 2005Seq] C:\DOCUME~1\zouzou\LOCALS~1\Temp\LUProdRg.exe /f:C:\DOCUME~1\zouzou\LOCALS~1\Temp\2005LU~1.INI /s:SPW_Set_Sequence
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0495A58-EA35-4964-B665-DA1CFA52B085}: NameServer = 172.17.10.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Winpower - Zero G - C:\PROGRA~1\UpsPilot\Winpower.exe
joseph28's Avatar
Member with 53 posts.
  
Join Date: Mar 2007
Location: lebanon
Experience: Intermediate
09-Mar-2007, 02:52 PM #8
thanks a lot JSntgRvr your reply was great
JSntgRvr's Avatar
Moderator with 15,334 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
09-Mar-2007, 04:45 PM #9
Hi, joseph28

Were you able to save the SUPERAntiSpyware report? How is the computer doing?
joseph28's Avatar
Member with 53 posts.
  
Join Date: Mar 2007
Location: lebanon
Experience: Intermediate
10-Mar-2007, 05:17 AM #10
thanks JSntgRvr,

the error is gone and i will post the SUPERAntiSpyware report tomorrow i hadn't time to do a complete scan cause it takes a lot of time.
JSntgRvr's Avatar
Moderator with 15,334 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
10-Mar-2007, 07:06 AM #11
joseph28's Avatar
Member with 53 posts.
  
Join Date: Mar 2007
Location: lebanon
Experience: Intermediate
10-Mar-2007, 11:12 AM #12
SUPERAntiSpyware Scan Log
Generated 03/10/2007 at 06:05 PM

Application Version : 3.6.1000

Core Rules Database Version : 3196
Trace Rules Database Version: 1206

Scan type : Complete Scan
Total Scan Time : 01:47:28

Memory items scanned : 306
Memory threats detected : 0
Registry items scanned : 6496
Registry threats detected : 0
File items scanned : 75079
File threats detected : 14

Adware.Tracking Cookie
C:\Documents and Settings\zouzou\Cookies\zouzou@mediaplex[2].txt
C:\Documents and Settings\zouzou\Cookies\zouzou@fl01.ct2.comclick[1].txt
C:\Documents and Settings\zouzou\Cookies\zouzou@tradedoubler[2].txt
C:\Documents and Settings\zouzou\Cookies\zouzou@doubleclick[2].txt
C:\Documents and Settings\zouzou\Cookies\zouzou@track.effiliation[1].txt
C:\Documents and Settings\zouzou\Cookies\zouzou@xiti[1].txt
C:\Documents and Settings\zouzou\Cookies\zouzou@atdmt[2].txt

Unclassified.Unknown Origin
C:\PROGRAM FILES\RM TO MP3 CONVERTER\KEYGEN.NFO

Trojan.SpySheriff
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE00D2F-1778-4978-B1F4-19B2A29C3109}\RP23\A0006501.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE00D2F-1778-4978-B1F4-19B2A29C3109}\RP25\A0008566.EXE

Trojan.Downloader-XLIB
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE00D2F-1778-4978-B1F4-19B2A29C3109}\RP31\A0014509.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\XLIBGFL254.DLL

Malware.SystemDoctor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE00D2F-1778-4978-B1F4-19B2A29C3109}\RP32\A0019712.EXE

Adware.GloboLook
C:\TCWIN45\EXAMPLES\OWL\GAMES\BLAKJACK\BLAKJACK.ICO
JSntgRvr's Avatar
Moderator with 15,334 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
10-Mar-2007, 07:55 PM #13
Hi, joseph28.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Congratulations.. The rest of the log looks clear.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Create a Restore point:
  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  3. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  4. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  5. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  6. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  7. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  8. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Click Here for some advise from our security Experts.

Please use the thread's Tools and mark this thread as "Solved".

Best wishes!
__________________
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for 5 days will no longer be part of my subscriptions.
joseph28's Avatar
Member with 53 posts.
  
Join Date: Mar 2007
Location: lebanon
Experience: Intermediate
11-Mar-2007, 05:50 AM #14
thanks JSntgRvr,

you were very helpful.
Closed Thread Bookmark and Share   techguy.org/550386

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 11:29 AM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.