Tech Support Forum - View Single Post - Internet explore opening popup adds at random

Kizlan · 01-22-2008, 07:52 PM

As far as I can tell there hasn't been any change. The programs I usually run still run and the popups still happen, although it's functioning normally a noticable amount faster.

Fresh DSS log -

Deckard's System Scanner v20071014.68
Run by Kizlan on 2008-01-23 20:38:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 8.82 GiB (less than 15%) free.

-- HijackThis (run as Kizlan.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:43 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\Kizlan\Desktop\dss.exe
C:\DOCUME~1\Kizlan\Desktop\Kizlan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://forums.worldofwarcraft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200089204515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7283 bytes

-- Files created between 2007-12-23 and 2008-01-23 -----------------------------

2008-01-23 20:08:14 0 d-------- C:\Program Files\Java
2008-01-23 20:08:10 0 d-------- C:\Program Files\Common Files\Java
2008-01-17 13:00:58 0 d-------- C:\Documents and Settings\Rifter\Application Data\Grisoft
2008-01-14 13:18:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-01-13 15:04:18 0 dr-h----- C:\Documents and Settings\Kizlan\Recent
2008-01-12 12:15:38 0 d-------- C:\Documents and Settings\Kizlan\Application Data\Grisoft
2008-01-12 11

20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 11

11 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-12 11

11 0 d-------- C:\Documents and Settings\Kizlan\Application Data\SUPERAntiSpyware.com
2008-01-11 22:55:23 0 d-------- C:\Program Files\SpywareBlaster
2008-01-11 20:13:15 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-11 20:07:58 8576 --a------ C:\WINDOWS\system32\drivers\keurhjbavoio.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-11 19:52:37 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-11 19:25:51 0 d-------- C:\Documents and Settings\Kizlan\Application Data\Uniblue
2008-01-11 19

26 0 d-------- C:\Documents and Settings\Kizlan\.housecall6.6
2008-01-11 15:49:16 495616 --a------ C:\WINDOWS\system32\hphmon05 .exe <Not Verified; Hewlett-Packard; HP Photosmart>
2008-01-11 12:52:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 10:30:24 86016 --a------ C:\WINDOWS\system32\drivers\avg7coree.sys
2007-12-30 02:13:41 0 d-------- C:\Program Files\Rosetta Stone
2007-12-29 14:04:17 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

-- Find3M Report ---------------------------------------------------------------

2008-01-23 20:08:10 0 d-------- C:\Program Files\Common Files
2008-01-20 23:57:14 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-15 20:35:08 0 d-------- C:\Program Files\GetRight
2008-01-14 15:04:07 0 d-------- C:\Documents and Settings\Kizlan\Application Data\Canon
2008-01-12 11:05:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 22:07:34 0 d-------- C:\Program Files\MagicISO
2008-01-11 21:55:53 0 d-------- C:\Program Files\7-Zip
2007-12-30 02:14:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-13 11:25:35 0 d-------- C:\Program Files\WoW UI Designer
2007-12-12 21:42:09 1208 --a------ C:\drmHeader.bin
2007-12-08 15:47:38 0 d-------- C:\Program Files\Hero Editor
2007-12-08 15:47:03 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-12-06 16:49:07 31223 --a------ C:\WINDOWS\DIIUnin.dat
2007-12-01 06:25:45 0 d-------- C:\Documents and Settings\Kizlan\Application Data\Macromedia
2007-12-01 06:24:21 6421 --a------ C:\WINDOWS\mozver.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [01/11/2008 04:45 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 12:56 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/11/2008 04:45 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/11/2008 04:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Plextor!\PlexTools Professional.lnk
backup=C:\WINDOWS\pss\PlexTools Professional.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetscapeClient]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
"C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba2eef52-2005-11db-ab27-00038a000015}]
AutoRun\command- G:\setupSNK.exe

-- End of Deckard's System Scanner: finished at 2008-01-23 20:39:16 ------------

Jotti's result -

File: OggDSuninst.exe
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: c51f878b37c7e66d3782bed018f4f515
Packers detected:
-
Bit9 reports: No threat detected (more info)

Notepad -

(Wed Jan 23 20:23:49 2008): ================================================================================
(Wed Jan 23 20:23:49 2008): Beginning WBEM Service Pack Installation
(Wed Jan 23 20:23:49 2008): Current build of wbemupgd.dll is 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
(Wed Jan 23 20:23:49 2008): Current build of wbemcore.dll is 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
(Wed Jan 23 20:23:49 2008): Failing Connecting to Namespace [root\default] with result [80041014]
(Wed Jan 23 20:23:49 2008): One or more core modules is not registered; registering.
(Wed Jan 23 20:23:51 2008): Failing Connecting to Namespace [root\default] with result [80041014]
(Wed Jan 23 20:23:51 2008): Failing Connecting to Namespace [root\default] with result [80041014]
(Wed Jan 23 20:23:51 2008): Failing Connecting to Namespace [root\default] with result [80041014]
(Wed Jan 23 20:23:51 2008): Inconsistent repository detected; it will be recreated
(Wed Jan 23 20:23:51 2008): ERROR: wbemupgd.dll: The WMI repository has failed to upgrade. The repository has been backed up to C:\WINDOWS\system32\WBEM\Repository.001 and a new one created.
(Wed Jan 23 20:23:51 2008): Beginning MOF load
(Wed Jan 23 20:23:51 2008): Processing C:\WINDOWS\system32\WBEM\cimwin32.mof
(Wed Jan 23 20:23:55 2008): Processing C:\WINDOWS\system32\WBEM\cimwin32.mfl
(Wed Jan 23 20:23:57 2008): Processing C:\WINDOWS\system32\WBEM\system.mof
(Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\wmipcima.mof
(Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\wmipcima.mfl
(Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\regevent.mof
(Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\regevent.mfl
(Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\ntevt.mof
(Wed Jan 23 20:23:59 2008): Processing C:\WINDOWS\system32\WBEM\ntevt.mfl
(Wed Jan 23 20:23:59 2008): Processing C:\WINDOWS\system32\WBEM\secrcw32.mof
(Wed Jan 23 20:23:59 2008): Processing C:\WINDOWS\system32\WBEM\secrcw32.mfl
(Wed Jan 23 20:23:59 2008): Processing C:\WINDOWS\system32\WBEM\dsprov.mof
(Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\dsprov.mfl
(Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\msi.mof
(Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\msi.mfl
(Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\policman.mof
(Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\policman.mfl
(Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\subscrpt.mof
(Wed Jan 23 20:24:01 2008): Processing C:\WINDOWS\system32\WBEM\wmi.mof
(Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmi.mfl
(Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\scm.mof
(Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\fevprov.mof
(Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\fevprov.mfl
(Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmitimep.mof
(Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmitimep.mfl
(Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmipdskq.mof
(Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmipdskq.mfl
(Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmipicmp.mof
(Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipicmp.mfl
(Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipiprt.mof
(Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipiprt.mfl
(Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipjobj.mof
(Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipjobj.mfl
(Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipsess.mof
(Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipsess.mfl
(Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\krnlprov.mof
(Wed Jan 23 20:24:04 2008): Processing C:\WINDOWS\system32\WBEM\krnlprov.mfl
(Wed Jan 23 20:24:04 2008): Processing C:\WINDOWS\system32\WBEM\cli.mof
(Wed Jan 23 20:24:04 2008): Processing C:\WINDOWS\system32\WBEM\tscfgwmi.mof
(Wed Jan 23 20:24:05 2008): Processing C:\WINDOWS\system32\WBEM\tscfgwmi.mfl
(Wed Jan 23 20:24:05 2008): Processing C:\WINDOWS\system32\WBEM\licwmi.mof
(Wed Jan 23 20:24:05 2008): Processing C:\WINDOWS\system32\WBEM\licwmi.mfl
(Wed Jan 23 20:24:06 2008): Processing C:\WINDOWS\system32\WBEM\evntrprv.mof
(Wed Jan 23 20:24:06 2008): Processing C:\WINDOWS\system32\WBEM\hnetcfg.mof
(Wed Jan 23 20:24:07 2008): Processing C:\WINDOWS\system32\WBEM\sr.mof
(Wed Jan 23 20:24:07 2008): Processing C:\WINDOWS\system32\WBEM\CmdEvTgProv.mof
(Wed Jan 23 20:24:07 2008): Processing C:\WINDOWS\system32\WBEM\dgnet.mof
(Wed Jan 23 20:24:08 2008): Processing C:\WINDOWS\system32\WBEM\whqlprov.mof
(Wed Jan 23 20:24:08 2008): Processing C:\WINDOWS\system32\WBEM\ieinfo5.mof
(Wed Jan 23 20:24:08 2008): MOF load completed.
(Wed Jan 23 20:24:08 2008): Beginning MOF load
(Wed Jan 23 20:24:08 2008): Processing C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfgprovm.mof
(Wed Jan 23 20:24:11 2008): Processing C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfgprov.mfl
(Wed Jan 23 20:24:11 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\RSOP.MOF
(Wed Jan 23 20:24:12 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\RSOP.MFL
(Wed Jan 23 20:24:12 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\SCERSOP.MOF
(Wed Jan 23 20:24:12 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\WSCENTER.MOF
(Wed Jan 23 20:24:12 2008): Processing C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF
(Wed Jan 23 20:24:12 2008): ERROR: An error occurred while compiling the following MOF file: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF Please refer to C:\WINDOWS\system32\WBEM\Logs\mofcomp.log for more detailed information.
(Wed Jan 23 20:24:12 2008): Processing C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\OINFOP11.MOF
(Wed Jan 23 20:24:13 2008): Processing C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\OINFOP11.MOF
(Wed Jan 23 20:24:13 2008): Processing C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
(Wed Jan 23 20:24:13 2008): ERROR: An error occurred while compiling the following MOF file: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF Please refer to C:\WINDOWS\system32\WBEM\Logs\mofcomp.log for more detailed information.
(Wed Jan 23 20:24:13 2008): MOF load completed.
(Wed Jan 23 20:24:13 2008): ERROR: The following External MOF file(s) failed to load:
(Wed Jan 23 20:24:13 2008): ERROR: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF
(Wed Jan 23 20:24:13 2008): ERROR: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
(Wed Jan 23 20:24:13 2008): Wbemupgd.dll Service Security upgrade succeeded (XP SP update).
(Wed Jan 23 20:24:13 2008): WBEM Service Pack Installation completed.
(Wed Jan 23 20:24:13 2008): ================================================================================
(Wed Jan 23 20:26:45 2008): ================================================================================
(Wed Jan 23 20:26:45 2008): Beginning Wbemupgd.dll Registration
(Wed Jan 23 20:26:45 2008): Current build of wbemupgd.dll is 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
(Wed Jan 23 20:26:45 2008): Beginning Core Upgrade
(Wed Jan 23 20:26:45 2008): Beginning MOF load
(Wed Jan 23 20:26:45 2008): Processing C:\WINDOWS\system32\WBEM\cimwin32.mof
(Wed Jan 23 20:26:48 2008): Processing C:\WINDOWS\system32\WBEM\cimwin32.mfl
(Wed Jan 23 20:26:50 2008): Processing C:\WINDOWS\system32\WBEM\system.mof
(Wed Jan 23 20:26:50 2008): Processing C:\WINDOWS\system32\WBEM\wmipcima.mof
(Wed Jan 23 20:26:50 2008): Processing C:\WINDOWS\system32\WBEM\wmipcima.mfl
(Wed Jan 23 20:26:50 2008): Processing C:\WINDOWS\system32\WBEM\regevent.mof
(Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\regevent.mfl
(Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\ntevt.mof
(Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\ntevt.mfl
(Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\secrcw32.mof
(Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\secrcw32.mfl
(Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\dsprov.mof
(Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\dsprov.mfl
(Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\msi.mof
(Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\msi.mfl
(Wed Jan 23 20:26:52 2008): Processing C:\WINDOWS\system32\WBEM\policman.mof
(Wed Jan 23 20:26:52 2008): Processing C:\WINDOWS\system32\WBEM\policman.mfl
(Wed Jan 23 20:26:52 2008): Processing C:\WINDOWS\system32\WBEM\subscrpt.mof
(Wed Jan 23 20:26:52 2008): Processing C:\WINDOWS\system32\WBEM\wmi.mof
(Wed Jan 23 20:26:58 2008): Processing C:\WINDOWS\system32\WBEM\wmi.mfl
(Wed Jan 23 20:26:58 2008): Processing C:\WINDOWS\system32\WBEM\scm.mof
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\fevprov.mof
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\fevprov.mfl
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmitimep.mof
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmitimep.mfl
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipdskq.mof
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipdskq.mfl
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipicmp.mof
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipicmp.mfl
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipiprt.mof
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipiprt.mfl
(Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipjobj.mof
(Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\wmipjobj.mfl
(Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\wmipsess.mof
(Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\wmipsess.mfl
(Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\krnlprov.mof
(Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\krnlprov.mfl
(Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\cli.mof
(Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\tscfgwmi.mof
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\tscfgwmi.mfl
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\licwmi.mof
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\licwmi.mfl
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\evntrprv.mof
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\hnetcfg.mof
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\sr.mof
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\CmdEvTgProv.mof
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\dgnet.mof
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\whqlprov.mof
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\ieinfo5.mof
(Wed Jan 23 20:27:01 2008): MOF load completed.
(Wed Jan 23 20:27:01 2008): Beginning MOF load
(Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfgprovm.mof
(Wed Jan 23 20:27:03 2008): Processing C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfgprov.mfl
(Wed Jan 23 20:27:04 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\RSOP.MOF
(Wed Jan 23 20:27:04 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\RSOP.MFL
(Wed Jan 23 20:27:05 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\SCERSOP.MOF
(Wed Jan 23 20:27:05 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\WSCENTER.MOF
(Wed Jan 23 20:27:05 2008): Processing C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF
(Wed Jan 23 20:27:05 2008): Processing C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\OINFOP11.MOF
(Wed Jan 23 20:27:05 2008): Processing C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\OINFOP11.MOF
(Wed Jan 23 20:27:06 2008): Processing C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
(Wed Jan 23 20:27:06 2008): MOF load completed.
(Wed Jan 23 20:27:06 2008): Core Upgrade completed.
(Wed Jan 23 20:27:06 2008): Wbemupgd.dll Service Security upgrade succeeded.
(Wed Jan 23 20:27:06 2008): Beginning WMI(WDM) Namespace Init
(Wed Jan 23 20:27:06 2008): WMI(WDM) Namespace Init Completed
(Wed Jan 23 20:27:06 2008): ESS enabled
(Wed Jan 23 20:27:06 2008): ODBC Driver <system32>\wbemdr32.dll not present
(Wed Jan 23 20:27:06 2008): Successfully verified WBEM OBDC adapter (incompatible version removed if it was detected).
(Wed Jan 23 20:27:06 2008): Wbemupgd.dll Registration completed.
(Wed Jan 23 20:27:06 2008): ================================================================================

01-22-2008, 07:52 PM	#13 (permalink)
Kizlan Registered User Join Date: Jan 2008 Posts: 12 OS: xp sp2	Re: Internet explore opening popup adds at random As far as I can tell there hasn't been any change. The programs I usually run still run and the popups still happen, although it's functioning normally a noticable amount faster. Fresh DSS log - Deckard's System Scanner v20071014.68 Run by Kizlan on 2008-01-23 20:38:34 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 8.82 GiB (less than 15%) free. -- HijackThis (run as Kizlan.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:38:43 PM, on 1/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe C:\Documents and Settings\Kizlan\Desktop\dss.exe C:\DOCUME~1\Kizlan\Desktop\Kizlan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://forums.worldofwarcraft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200089204515 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7283 bytes -- Files created between 2007-12-23 and 2008-01-23 ----------------------------- 2008-01-23 20:08:14 0 d-------- C:\Program Files\Java 2008-01-23 20:08:10 0 d-------- C:\Program Files\Common Files\Java 2008-01-17 13:00:58 0 d-------- C:\Documents and Settings\Rifter\Application Data\Grisoft 2008-01-14 13:18:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7 2008-01-13 15:04:18 0 dr-h----- C:\Documents and Settings\Kizlan\Recent 2008-01-12 12:15:38 0 d-------- C:\Documents and Settings\Kizlan\Application Data\Grisoft 2008-01-12 1120 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-01-12 1111 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-01-12 1111 0 d-------- C:\Documents and Settings\Kizlan\Application Data\SUPERAntiSpyware.com 2008-01-11 22:55:23 0 d-------- C:\Program Files\SpywareBlaster 2008-01-11 20:13:15 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-01-11 20:07:58 8576 --a------ C:\WINDOWS\system32\drivers\keurhjbavoio.sys <Not Verified; Panda Software International; RKPavProc Driver> 2008-01-11 19:52:37 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-01-11 19:25:51 0 d-------- C:\Documents and Settings\Kizlan\Application Data\Uniblue 2008-01-11 1926 0 d-------- C:\Documents and Settings\Kizlan\.housecall6.6 2008-01-11 15:49:16 495616 --a------ C:\WINDOWS\system32\hphmon05 .exe <Not Verified; Hewlett-Packard; HP Photosmart> 2008-01-11 12:52:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-11 10:30:24 86016 --a------ C:\WINDOWS\system32\drivers\avg7coree.sys 2007-12-30 02:13:41 0 d-------- C:\Program Files\Rosetta Stone 2007-12-29 14:04:17 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir -- Find3M Report --------------------------------------------------------------- 2008-01-23 20:08:10 0 d-------- C:\Program Files\Common Files 2008-01-20 23:57:14 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-01-15 20:35:08 0 d-------- C:\Program Files\GetRight 2008-01-14 15:04:07 0 d-------- C:\Documents and Settings\Kizlan\Application Data\Canon 2008-01-12 11:05:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-11 22:07:34 0 d-------- C:\Program Files\MagicISO 2008-01-11 21:55:53 0 d-------- C:\Program Files\7-Zip 2007-12-30 02:14:51 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-13 11:25:35 0 d-------- C:\Program Files\WoW UI Designer 2007-12-12 21:42:09 1208 --a------ C:\drmHeader.bin 2007-12-08 15:47:38 0 d-------- C:\Program Files\Hero Editor 2007-12-08 15:47:03 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-12-06 16:49:07 31223 --a------ C:\WINDOWS\DIIUnin.dat 2007-12-01 06:25:45 0 d-------- C:\Documents and Settings\Kizlan\Application Data\Macromedia 2007-12-01 06:24:21 6421 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [01/11/2008 04:45 PM] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 12:56 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/11/2008 04:45 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/11/2008 04:45 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Plextor!\PlexTools Professional.lnk backup=C:\WINDOWS\pss\PlexTools Professional.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] C:\WINDOWS\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetscapeClient] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba2eef52-2005-11db-ab27-00038a000015}] AutoRun\command- G:\setupSNK.exe -- End of Deckard's System Scanner: finished at 2008-01-23 20:39:16 ------------ Jotti's result - File: OggDSuninst.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: c51f878b37c7e66d3782bed018f4f515 Packers detected: - Bit9 reports: No threat detected (more info) Notepad - (Wed Jan 23 20:23:49 2008): ================================================================================ (Wed Jan 23 20:23:49 2008): Beginning WBEM Service Pack Installation (Wed Jan 23 20:23:49 2008): Current build of wbemupgd.dll is 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) (Wed Jan 23 20:23:49 2008): Current build of wbemcore.dll is 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) (Wed Jan 23 20:23:49 2008): Failing Connecting to Namespace [root\default] with result [80041014] (Wed Jan 23 20:23:49 2008): One or more core modules is not registered; registering. (Wed Jan 23 20:23:51 2008): Failing Connecting to Namespace [root\default] with result [80041014] (Wed Jan 23 20:23:51 2008): Failing Connecting to Namespace [root\default] with result [80041014] (Wed Jan 23 20:23:51 2008): Failing Connecting to Namespace [root\default] with result [80041014] (Wed Jan 23 20:23:51 2008): Inconsistent repository detected; it will be recreated (Wed Jan 23 20:23:51 2008): ERROR: wbemupgd.dll: The WMI repository has failed to upgrade. The repository has been backed up to C:\WINDOWS\system32\WBEM\Repository.001 and a new one created. (Wed Jan 23 20:23:51 2008): Beginning MOF load (Wed Jan 23 20:23:51 2008): Processing C:\WINDOWS\system32\WBEM\cimwin32.mof (Wed Jan 23 20:23:55 2008): Processing C:\WINDOWS\system32\WBEM\cimwin32.mfl (Wed Jan 23 20:23:57 2008): Processing C:\WINDOWS\system32\WBEM\system.mof (Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\wmipcima.mof (Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\wmipcima.mfl (Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\regevent.mof (Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\regevent.mfl (Wed Jan 23 20:23:58 2008): Processing C:\WINDOWS\system32\WBEM\ntevt.mof (Wed Jan 23 20:23:59 2008): Processing C:\WINDOWS\system32\WBEM\ntevt.mfl (Wed Jan 23 20:23:59 2008): Processing C:\WINDOWS\system32\WBEM\secrcw32.mof (Wed Jan 23 20:23:59 2008): Processing C:\WINDOWS\system32\WBEM\secrcw32.mfl (Wed Jan 23 20:23:59 2008): Processing C:\WINDOWS\system32\WBEM\dsprov.mof (Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\dsprov.mfl (Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\msi.mof (Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\msi.mfl (Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\policman.mof (Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\policman.mfl (Wed Jan 23 20:24:00 2008): Processing C:\WINDOWS\system32\WBEM\subscrpt.mof (Wed Jan 23 20:24:01 2008): Processing C:\WINDOWS\system32\WBEM\wmi.mof (Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmi.mfl (Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\scm.mof (Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\fevprov.mof (Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\fevprov.mfl (Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmitimep.mof (Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmitimep.mfl (Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmipdskq.mof (Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmipdskq.mfl (Wed Jan 23 20:24:02 2008): Processing C:\WINDOWS\system32\WBEM\wmipicmp.mof (Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipicmp.mfl (Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipiprt.mof (Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipiprt.mfl (Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipjobj.mof (Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipjobj.mfl (Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipsess.mof (Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\wmipsess.mfl (Wed Jan 23 20:24:03 2008): Processing C:\WINDOWS\system32\WBEM\krnlprov.mof (Wed Jan 23 20:24:04 2008): Processing C:\WINDOWS\system32\WBEM\krnlprov.mfl (Wed Jan 23 20:24:04 2008): Processing C:\WINDOWS\system32\WBEM\cli.mof (Wed Jan 23 20:24:04 2008): Processing C:\WINDOWS\system32\WBEM\tscfgwmi.mof (Wed Jan 23 20:24:05 2008): Processing C:\WINDOWS\system32\WBEM\tscfgwmi.mfl (Wed Jan 23 20:24:05 2008): Processing C:\WINDOWS\system32\WBEM\licwmi.mof (Wed Jan 23 20:24:05 2008): Processing C:\WINDOWS\system32\WBEM\licwmi.mfl (Wed Jan 23 20:24:06 2008): Processing C:\WINDOWS\system32\WBEM\evntrprv.mof (Wed Jan 23 20:24:06 2008): Processing C:\WINDOWS\system32\WBEM\hnetcfg.mof (Wed Jan 23 20:24:07 2008): Processing C:\WINDOWS\system32\WBEM\sr.mof (Wed Jan 23 20:24:07 2008): Processing C:\WINDOWS\system32\WBEM\CmdEvTgProv.mof (Wed Jan 23 20:24:07 2008): Processing C:\WINDOWS\system32\WBEM\dgnet.mof (Wed Jan 23 20:24:08 2008): Processing C:\WINDOWS\system32\WBEM\whqlprov.mof (Wed Jan 23 20:24:08 2008): Processing C:\WINDOWS\system32\WBEM\ieinfo5.mof (Wed Jan 23 20:24:08 2008): MOF load completed. (Wed Jan 23 20:24:08 2008): Beginning MOF load (Wed Jan 23 20:24:08 2008): Processing C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfgprovm.mof (Wed Jan 23 20:24:11 2008): Processing C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfgprov.mfl (Wed Jan 23 20:24:11 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\RSOP.MOF (Wed Jan 23 20:24:12 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\RSOP.MFL (Wed Jan 23 20:24:12 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\SCERSOP.MOF (Wed Jan 23 20:24:12 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\WSCENTER.MOF (Wed Jan 23 20:24:12 2008): Processing C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF (Wed Jan 23 20:24:12 2008): ERROR: An error occurred while compiling the following MOF file: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF Please refer to C:\WINDOWS\system32\WBEM\Logs\mofcomp.log for more detailed information. (Wed Jan 23 20:24:12 2008): Processing C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\OINFOP11.MOF (Wed Jan 23 20:24:13 2008): Processing C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\OINFOP11.MOF (Wed Jan 23 20:24:13 2008): Processing C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF (Wed Jan 23 20:24:13 2008): ERROR: An error occurred while compiling the following MOF file: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF Please refer to C:\WINDOWS\system32\WBEM\Logs\mofcomp.log for more detailed information. (Wed Jan 23 20:24:13 2008): MOF load completed. (Wed Jan 23 20:24:13 2008): ERROR: The following External MOF file(s) failed to load: (Wed Jan 23 20:24:13 2008): ERROR: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF (Wed Jan 23 20:24:13 2008): ERROR: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF (Wed Jan 23 20:24:13 2008): Wbemupgd.dll Service Security upgrade succeeded (XP SP update). (Wed Jan 23 20:24:13 2008): WBEM Service Pack Installation completed. (Wed Jan 23 20:24:13 2008): ================================================================================ (Wed Jan 23 20:26:45 2008): ================================================================================ (Wed Jan 23 20:26:45 2008): Beginning Wbemupgd.dll Registration (Wed Jan 23 20:26:45 2008): Current build of wbemupgd.dll is 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) (Wed Jan 23 20:26:45 2008): Beginning Core Upgrade (Wed Jan 23 20:26:45 2008): Beginning MOF load (Wed Jan 23 20:26:45 2008): Processing C:\WINDOWS\system32\WBEM\cimwin32.mof (Wed Jan 23 20:26:48 2008): Processing C:\WINDOWS\system32\WBEM\cimwin32.mfl (Wed Jan 23 20:26:50 2008): Processing C:\WINDOWS\system32\WBEM\system.mof (Wed Jan 23 20:26:50 2008): Processing C:\WINDOWS\system32\WBEM\wmipcima.mof (Wed Jan 23 20:26:50 2008): Processing C:\WINDOWS\system32\WBEM\wmipcima.mfl (Wed Jan 23 20:26:50 2008): Processing C:\WINDOWS\system32\WBEM\regevent.mof (Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\regevent.mfl (Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\ntevt.mof (Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\ntevt.mfl (Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\secrcw32.mof (Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\secrcw32.mfl (Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\dsprov.mof (Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\dsprov.mfl (Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\msi.mof (Wed Jan 23 20:26:51 2008): Processing C:\WINDOWS\system32\WBEM\msi.mfl (Wed Jan 23 20:26:52 2008): Processing C:\WINDOWS\system32\WBEM\policman.mof (Wed Jan 23 20:26:52 2008): Processing C:\WINDOWS\system32\WBEM\policman.mfl (Wed Jan 23 20:26:52 2008): Processing C:\WINDOWS\system32\WBEM\subscrpt.mof (Wed Jan 23 20:26:52 2008): Processing C:\WINDOWS\system32\WBEM\wmi.mof (Wed Jan 23 20:26:58 2008): Processing C:\WINDOWS\system32\WBEM\wmi.mfl (Wed Jan 23 20:26:58 2008): Processing C:\WINDOWS\system32\WBEM\scm.mof (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\fevprov.mof (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\fevprov.mfl (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmitimep.mof (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmitimep.mfl (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipdskq.mof (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipdskq.mfl (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipicmp.mof (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipicmp.mfl (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipiprt.mof (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipiprt.mfl (Wed Jan 23 20:26:59 2008): Processing C:\WINDOWS\system32\WBEM\wmipjobj.mof (Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\wmipjobj.mfl (Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\wmipsess.mof (Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\wmipsess.mfl (Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\krnlprov.mof (Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\krnlprov.mfl (Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\cli.mof (Wed Jan 23 20:27:00 2008): Processing C:\WINDOWS\system32\WBEM\tscfgwmi.mof (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\tscfgwmi.mfl (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\licwmi.mof (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\licwmi.mfl (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\evntrprv.mof (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\hnetcfg.mof (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\sr.mof (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\CmdEvTgProv.mof (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\dgnet.mof (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\whqlprov.mof (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\system32\WBEM\ieinfo5.mof (Wed Jan 23 20:27:01 2008): MOF load completed. (Wed Jan 23 20:27:01 2008): Beginning MOF load (Wed Jan 23 20:27:01 2008): Processing C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfgprovm.mof (Wed Jan 23 20:27:03 2008): Processing C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfgprov.mfl (Wed Jan 23 20:27:04 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\RSOP.MOF (Wed Jan 23 20:27:04 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\RSOP.MFL (Wed Jan 23 20:27:05 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\SCERSOP.MOF (Wed Jan 23 20:27:05 2008): Processing C:\WINDOWS\SYSTEM32\WBEM\WSCENTER.MOF (Wed Jan 23 20:27:05 2008): Processing C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF (Wed Jan 23 20:27:05 2008): Processing C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\OINFOP11.MOF (Wed Jan 23 20:27:05 2008): Processing C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\OINFOP11.MOF (Wed Jan 23 20:27:06 2008): Processing C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF (Wed Jan 23 20:27:06 2008): MOF load completed. (Wed Jan 23 20:27:06 2008): Core Upgrade completed. (Wed Jan 23 20:27:06 2008): Wbemupgd.dll Service Security upgrade succeeded. (Wed Jan 23 20:27:06 2008): Beginning WMI(WDM) Namespace Init (Wed Jan 23 20:27:06 2008): WMI(WDM) Namespace Init Completed (Wed Jan 23 20:27:06 2008): ESS enabled (Wed Jan 23 20:27:06 2008): ODBC Driver <system32>\wbemdr32.dll not present (Wed Jan 23 20:27:06 2008): Successfully verified WBEM OBDC adapter (incompatible version removed if it was detected). (Wed Jan 23 20:27:06 2008): Wbemupgd.dll Registration completed. (Wed Jan 23 20:27:06 2008): ================================================================================