Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Two strange problems!!

  • 09-09-2007 1:33pm
    #1
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭


    Hi all,

    I have two strange problems with my pc lately.

    Prob 1
    The first one is that over the last few weeks I have not been able to log into various sites including this one. The odd time I can but 90% of the time I can't. Today I can!!

    For example, when I log on here it says "Thank you for logging on, Py2006" and then it loops back to were it prompts me for my username and password.

    I tried disabling my firewall etc and tried using different browsers but the problem remained.


    Prob 2
    My second problem is that there is a file on my desktop that keeps making a copy of itself without me going near it. When I delete all these copies they start returning one by one over a period of time. This morning there is 12 copies of this file on my desktop.

    Its a winrar file that contains a game mod. Even when I deleted the original file it returned to my desktop the next day.

    Any ideas? Thanks!


Comments

  • #2
    feylya
    Moderators, Music Moderators Posts: 23,363 Mod ✭✭✭✭feylya


    Prob 1 sounds like cookies but...

    Prob 2 sounds like a virus and could be causing Prob 1. Update and use your virus scanner.


  • #3
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


    feylya wrote:
    Prob 1 sounds like cookies but...

    Prob 2 sounds like a virus and could be causing Prob 1. Update and use your virus scanner.

    I thought about cookies but its strange that it works sometimes and not others!

    My virus scanner hasn't detected anything.


  • #4
    Anti
    Closed Accounts Posts: 12,401 ✭✭✭✭Anti


    Boot into safe mode, ( press f8 while the pc is booting up ) run the scanner there.

    Take not, if you have norton you mayaswell not have a AV scanner. If you have it, unimstall it fully. And download AVG (free) and spybot search & destroy. Run both in safe mode.

    Also, Run hijack this. And post the log here.

    AVG: - http://www.grisoft.com/

    Hijack This: - http://www.spywareinfo.com/~merijn/programs.php


  • #5
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


    Anti wrote:
    Boot into safe mode, ( press f8 while the pc is booting up ) run the scanner there.

    Take not, if you have norton you mayaswell not have a AV scanner. If you have it, unimstall it fully. And download AVG (free) and spybot search & destroy. Run both in safe mode.

    Also, Run hijack this. And post the log here.

    AVG: - http://www.grisoft.com/

    Hijack This: - http://www.spywareinfo.com/~merijn/programs.php

    I will try that thanks. Today is the first day since my last post that I could log on.


  • #6
    mango
    Closed Accounts Posts: 6 mango


    Also download and install ccleaner it'll clear out temp files that may contain the virus/spyware.. http://www.ccleaner.com/


  • Advertisement
  • #7
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


    mango wrote:
    Also download and install ccleaner it'll clear out temp files that may contain the virus/spyware.. http://www.ccleaner.com/

    I scanned with AVG and found nothing and I also scanned with Spybot, CCleaner and Adaware and found nothing! :(

    I haven't been able to log in here until today!


  • #8
    Gadgetman496
    Registered Users, Registered Users 2 Posts: 8,423 ✭✭✭Gadgetman496


    Download "Highjack This" as suggested earlier & run a scan. Copy the log file & paste it to a post here.

    If "Actor Seeks Job" is around? he won't be long telling you where the problem is.

    ;)

    "Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."



  • #9
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


    gadgetman496 wrote:
    Download "Highjack This" as suggested earlier & run a scan. Copy the log file & paste it to a post here.

    If "Actor Seeks Job" is around? he won't be long telling you where the problem is.

    ;)

    Ok, just attached a hijack this log. :)


  • #10
    Gadgetman496
    Registered Users, Registered Users 2 Posts: 8,423 ✭✭✭Gadgetman496


    That's the first step, now hopefully "ActorSeeksJob" will respond. I've got help from him in the past & he knows what he's at.

    As a by the way, I see you use Mailwasher Pro, damn good program, everyone should have it:)

    "Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."



  • #11
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Thank you for the kind words gadgetman496

    Hello py2006, do the following(don't attach any logs as it makes them hard to read)

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10ba3bd2d12c5ed01105/netzip/RdxIE601.cab


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • Advertisement
  • #12
    Gadgetman496
    Registered Users, Registered Users 2 Posts: 8,423 ✭✭✭Gadgetman496


    ActorSeeksJob wrote:
    Thank you for the kind words gadgetman496


    Those words were genuine ActorSeeksJob. I was just showing a bit of appreciation.

    It's not too often that people who offer such professional help (At no charge) are thanked.

    I've both availed of & have been observing your work here & on other forums for some time now & my conclusion is this,

    "If you could be burned onto a CD/DVD disc? you would be the best security software available"

    "Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."



  • #13
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


    ActorSeeksJob wrote:
    Thank you for the kind words gadgetman496

    Hello py2006, do the following(don't attach any logs as it makes them hard to read)

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10ba3bd2d12c5ed01105/netzip/RdxIE601.cab


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

    Hi ActorSeeksJob,

    Ok I did as you said. DSS had probs recognisging my version of hijackthis so had to install earlier version.

    There is quite alot to paste. Are you sure you want me to paste it all or should I just paste a particualar subsection?


  • #14
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Those words were genuine ActorSeeksJob. I was just showing a bit of appreciation.
    It is much appreciated, sometimes people forget a simple please and thank you when helping them :)
    There is quite alot to paste. Are you sure you want me to paste it all or should I just paste a particualar subsection?
    Paste it all please


  • #15
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


    Deckard's System Scanner v20070905.67
    Run by Py2006 on 2007-09-16 22:38:57
    Computer is in Normal Mode.
    System Drive C: has 19.34 GiB (less than 15%) free.

    -- HijackThis (run as Py2006.exe)
    Unable to find log (file not found); running clone.
    -- HijackThis Clone
    Emulating logfile of HijackThis v1.99.1
    Scan saved at 2007-09-16 22:46:24
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16512)
    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\LckFldService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\downloadz\dss.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HijackThis\Py2006.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig?sourceid=navclient&ie=UTF-8&hl=en
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?sourceid=navclient&ie=utf-8&hl=en
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ie/ig?sourceid=navclient&ie=utf-8&hl=en
    R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?sourceid=navclient&ie=UTF-8&hl=en
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKEY_LOCAL_MACHINE\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKEY_LOCAL_MACHINE\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKEY_LOCAL_MACHINE\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O10 - Unknown file in Winsock LSP: C:\Program Files\Bonjour\mdnsNSP.dll
    O16 - DPF: Yahoo! Pool 2 () - http://download.games.yahoo.com/games/clients/y/potd_x.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://www.itb.ie/xplug.ocx
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
    O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118855225296
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} () - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38097.5450694444
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O20 - AppInit_DLLs: acaptuser32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - "C:\Program Files\Bonjour\mDNSResponder.exe"
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
    O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: wampapache - Apache Software Foundation - "c:\wamp\apache2\bin\Apache.exe" -k runservice
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld

    -- Files created between 2007-08-16 and 2007-09-16
    2007-09-16 22:28:25 0 dr-h
    C:\Documents and Settings\Py2006\Recent
    2007-09-16 17:06:12 0 d
    C:\Program Files\Trend Micro
    2007-08-25 17:41:54 0 d
    C:\Documents and Settings\All Users\Application Data\ATI
    2007-08-25 17:36:15 593920
    n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
    2007-08-25 17:35:19 0 d
    C:\Program Files\ATI Technologies
    2007-08-22 11:33:11 0 d
    C:\Documents and Settings\Py2006\Application Data\Bioshock
    2007-08-22 10:52:09 0 d
    C:\AMD
    2007-08-21 21:49:56 0 d
    C:\Program Files\2K Games
    2007-08-16 09:37:12 0 d
    C:\Documents and Settings\Py2006\Application Data\Opera
    2007-08-16 09:37:03 0 d
    C:\Program Files\Opera

    -- Find3M Report
    2007-09-16 17:05:06 14906 --a
    C:\Documents and Settings\Py2006\Application Data\.googlewebacchosts
    2007-09-16 09:55:53 0 d
    C:\Documents and Settings\Py2006\Application Data\MailWasherPro
    2007-09-15 12:46:49 0 d
    C:\Program Files\Mozilla Thunderbird
    2007-09-12 20:20:45 0 d
    C:\Documents and Settings\Py2006\Application Data\AVG7
    2007-08-28 14:01:36 72788 --ah
    C:\WINDOWS\system32\mlfcache.dat
    2007-08-25 17:16:38 0 d
    C:\Program Files\Common Files
    2007-08-24 18:17:05 0 d
    C:\Program Files\Electronic Arts
    2007-08-24 18:16:28 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-24 18:16:23 0 d
    C:\Program Files\AGEIA Technologies
    2007-08-24 16:54:59 0 d
    C:\Program Files\GameSpot
    2007-08-21 21:49:56 0 d--h
    C:\Program Files\InstallShield Installation Information
    2007-08-15 11:51:28 0 d
    C:\Program Files\MSXML 6.0
    2007-08-10 23:35:04 0 d
    C:\Program Files\SWiSHmax
    2007-08-10 23:31:42 0 d
    C:\Program Files\QuickTime
    2007-08-06 15:40:41 0 d
    C:\Documents and Settings\Py2006\Application Data\Adobe
    2007-08-01 10:43:08 0 d
    C:\Program Files\Safari
    2007-08-01 09:54:58 0 d
    C:\Program Files\Pcsx2
    2007-07-30 20:35:05 0 d
    C:\Program Files\Codemasters
    2007-07-30 17:27:02 0 d
    C:\Documents and Settings\Py2006\Application Data\BitTorrent
    2007-07-26 19:27:14 0 d
    C:\Program Files\LimeWire

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/2007 01:02]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 22:48]
    "BCMSMMSG"="BCMSMMSG.exe" [29/08/2003 05:59 C:\WINDOWS\BCMSMMSG.exe]
    "@=" []
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [14/09/2007 09:21]
    "Logitech Utility"="Logi_MwX.Exe" [17/12/2003 10:50 C:\WINDOWS\LOGI_MWX.EXE]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/2007 01:02]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/06/2007 16:51]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [08/11/2006 17:32]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [08/11/2006 17:32]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/06/2006 13:32]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [31/05/2007 17:39]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
    C:\Documents and Settings\Py2006\Start Menu\Programs\Startup\
    GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [29/08/2007 18:33:36]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [09/07/2007 22:24:38]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=01000000
    "ClearRecentDocsOnExit"=01000000
    "NoRecentDocsHistory"=01000000
    "NoUserNameInStartMenu"=01000000
    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    FriendlyName= GameSpot: for your PC, PlayStation 2, Xbox, GameCube, GBA, and video game needs.
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=acaptuser32.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
    "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    *Newly Created Service* - SBAPIFS

    -- End of Deckard's System Scanner: finished at 2007-09-16 22:47:31


  • #16
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


    The extra one never came up??


  • #17
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Don't worry about the extra text

    Can you tell me the name of the files when you said this
    This morning there is 12 copies of this file on my desktop.


    Do this as well for one of the files


    Go to this site:
    http://www.virustotal.com/
    On top you'll find 'Browse'
    Click the browse button and browse to the file:

    FILE HERE that is on your desktop that's annoying you

    Click open.
    Then click the 'Send' button next to it.
    This will scan the file. Please be patient.
    Once scanned, copy and paste the results as well in your next reply.


  • #18
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


    ActorSeeksJob wrote:
    Don't worry about the extra text

    Can you tell me the name of the files when you said this
    .

    FirstContact.zip (This is a mod for Half Life2, it keeps returning to desktop after being deleted and then making multiple copies of itself)

    The scan seems to be taking a long time.


  • #19
    py2006
    Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


    Still scanning 2 hours later!! :confused:

    File is 470mb


  • #20
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Ah no wonder if it is that big, do this instead.

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases

        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer

        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save as Text button:
        [*]Save the file to your desktop.
        [*]Copy and paste that information in your next post.


      • #21
        joe_chicken
        Registered Users, Registered Users 2 Posts: 1,287 ✭✭✭joe_chicken


        Did you get your Half Life Mod from Gamespot by any chance?

        C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe


      • Advertisement
      • #22
        py2006
        Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


        joe_chicken wrote:
        Did you get your Half Life Mod from Gamespot by any chance?

        C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

        Yea more than likely


      • #23
        joe_chicken
        Registered Users, Registered Users 2 Posts: 1,287 ✭✭✭joe_chicken


        py2006 wrote:
        Yea more than likely

        Use task manager to kill the process.
        (ctrl-alt-delete -> right click GameSpotDownloadManager_Win32.exe and kill it)

        Uninstall and reinstall the download manager.


      • #24
        py2006
        Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


        ActorSeeksJob wrote:
        Ah no wonder if it is that big, do this instead.

        Please do an online scan with Kaspersky WebScanner

        Click on Kaspersky Online Scanner
        Thanks for your help...scan in progress..


      • #25
        py2006
        Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


        Sorry about the delay...
        KASPERSKY ONLINE SCANNER REPORT
        Monday, September 17, 2007 9:00:51 PM
        Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
        Kaspersky Online Scanner version: 5.0.93.1
        Kaspersky Anti-Virus database last update: 17/09/2007
        Kaspersky Anti-Virus database records: 419944
        Scan Settings:
        Scan using the following antivirus database: extended
        Scan Archives: true
        Scan Mail Bases: true
        Scan Target - My Computer:
        A:\
        C:\
        D:\
        E:\
        F:\
        Scan Statistics:
        Total number of scanned objects: 291019
        Number of viruses found: 11
        Number of infected objects: 31
        Number of suspicious objects: 0
        Duration of the scan process: 04:03:22
        Infected Object Name / Virus Name / Last Action
        C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Kontiki\error.log Object is locked skipped
        C:\Documents and Settings\Daire\Application Data\MailWasherPro\tmpLog.txt Object is locked skipped
        C:\Documents and Settings\Daire\Application Data\MailWasherPro\Training\Training archive - junk.rot135 Object is locked skipped
        C:\Documents and Settings\Daire\Application Data\MailWasherPro\Training\Training archive - legitimate.rot135 Object is locked skipped
        C:\Documents and Settings\Daire\Application Data\MailWasherPro\Trash.rot135 Object is locked skipped
        C:\Documents and Settings\Daire\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\Daire\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/19 Nov 2004 16:52 from [EMAIL="user_info@revenue.ie:Your"]user_info@revenue.ie:Your[/EMAIL] mail password </revenue.bat Infected: Email-Worm.Win32.Sober.i skipped
        C:\Documents and Settings\Daire\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 1 skipped
        C:\Documents and Settings\Daire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\Daire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\Daire\Local Settings\History\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\Daire\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
        C:\Documents and Settings\Daire\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
        C:\Documents and Settings\Daire\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
        C:\Documents and Settings\Daire\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
        C:\Documents and Settings\Daire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\Daire\ntuser.dat Object is locked skipped
        C:\Documents and Settings\Daire\ntuser.dat.LOG Object is locked skipped
        C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
        C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
        C:\Program Files\GameSpot\logs\FirstContact.zip.log Object is locked skipped
        C:\Program Files\GameSpot\logs\GameSpot_Download_Service.log Object is locked skipped
        C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
        C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
        C:\System Volume Information\catalog.wci\00010006.ci Object is locked skipped
        C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
        C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
        C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
        C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
        C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
        C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
        C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
        C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
        C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
        C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
        C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
        C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
        C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
        C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0029407.exe Object is locked skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0045134.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0045134.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0045134.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0045134.exe NSIS: infected - 3 skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051362.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051362.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051362.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.EZula.w skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051362.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051362.exe WiseSFX: infected - 4 skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051399.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051399.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051399.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.EZula.w skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051399.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051399.exe WiseSFX: infected - 4 skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051400.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051400.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051400.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.EZula.w skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051400.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051400.exe WiseSFX: infected - 4 skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051403.exe/data0010/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051403.exe/data0010/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051403.exe/data0010/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051403.exe/data0010 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051403.exe/data0012 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
        C:\System Volume Information\_restore{23FB175D-36A6-4537-B564-C3CA3DF5F304}\RP67\A0051403.exe Inno: infected - 5 skipped
        C:\WINDOWS\Application Data\Identities\{B7114133-43C2-4BAF-937B-4D722861F4BB}\Software\Microsoft\Outlook Express\Inbox.dbx/[From [EMAIL="aisirl@iol.ie]"]aisirl@iol.ie][/EMAIL][Date Wed, 02 Jun 2004 18:19:41 UTC]/UNNAMED/private.zip/p-zipped_file_data .pif Infected: Email-Worm.Win32.Sober.g skipped
        C:\WINDOWS\Application Data\Identities\{B7114133-43C2-4BAF-937B-4D722861F4BB}\Software\Microsoft\Outlook Express\Inbox.dbx/[From [EMAIL="aisirl@iol.ie]"]aisirl@iol.ie][/EMAIL][Date Wed, 02 Jun 2004 18:19:41 UTC]/UNNAMED/private.zip Infected: Email-Worm.Win32.Sober.g skipped
        C:\WINDOWS\Application Data\Identities\{B7114133-43C2-4BAF-937B-4D722861F4BB}\Software\Microsoft\Outlook Express\Inbox.dbx/[From [EMAIL="aisirl@iol.ie]"]aisirl@iol.ie][/EMAIL][Date Wed, 02 Jun 2004 18:19:41 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
        C:\WINDOWS\Application Data\Identities\{B7114133-43C2-4BAF-937B-4D722861F4BB}\Software\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 3 skipped
        C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
        C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
        C:\WINDOWS\Internet Logs\PYRAMUS.ldb Object is locked skipped
        C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
        C:\WINDOWS\SchedLgU.Txt Object is locked skipped
        C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
        C:\WINDOWS\Sti_Trace.log Object is locked skipped
        C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
        C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
        C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
        C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\default Object is locked skipped
        C:\WINDOWS\system32\config\default.LOG Object is locked skipped
        C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
        C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
        C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
        C:\WINDOWS\system32\config\SAM Object is locked skipped
        C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
        C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\SECURITY Object is locked skipped
        C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
        C:\WINDOWS\system32\config\software Object is locked skipped
        C:\WINDOWS\system32\config\software.LOG Object is locked skipped
        C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\system Object is locked skipped
        C:\WINDOWS\system32\config\system.LOG Object is locked skipped
        C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
        C:\WINDOWS\system32\h323log.txt Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
        C:\WINDOWS\Temp\Perflib_Perfdata_7f0.dat Object is locked skipped
        C:\WINDOWS\Temp\ZLT0179c.TMP Object is locked skipped
        C:\WINDOWS\Temp\ZLT017a2.TMP Object is locked skipped
        C:\WINDOWS\wiadebug.log Object is locked skipped
        C:\WINDOWS\wiaservc.log Object is locked skipped
        C:\WINDOWS\WindowsUpdate.log Object is locked skipped
        Scan process completed.


      • #26
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        First download AVG Anti-Spyware from HERE and save that file to your desktop.
        This is a 30 day trial of the program
        1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
        2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
        3. On the main screen select the icon "Update" then select the "Update now" link.
          • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
        4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
        5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
        6. Under "Reports"
          • Select "Automatically generate report after every scan"
          • Un-Select "Only if threats were found"
        Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
        1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
          IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
        2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
        3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
        4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
          Once the scan is complete do the following:
        5. If you have any infections you will prompted, then select "Apply all actions"
        6. Next select the "Reports" icon at the top.
        7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
        8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.



        Next delete these files/emails

        C:\Documents and Settings\Daire\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/19 Nov 2004 16:52 from user_info@revenue.ie:Your mail password </revenue.bat

        C:\Documents and Settings\Daire\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail

        C:\WINDOWS\Application Data\Identities\{B7114133-43C2-4BAF-937B-4D722861F4BB}\Software\Microsoft\Outlook Express\Inbox.dbx/[From aisirl@iol.ie][Date Wed, 02 Jun 2004 18:19:41 UTC]/UNNAMED/private.zip

        C:\WINDOWS\Application Data\Identities\{B7114133-43C2-4BAF-937B-4D722861F4BB}\Software\Microsoft\Outlook Express\Inbox.dbx/[From aisirl@iol.ie][Date Wed, 02 Jun 2004 18:19:41 UTC]/UNNAMED

        C:\WINDOWS\Application Data\Identities\{B7114133-43C2-4BAF-937B-4D722861F4BB}\Software\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5


      • #27
        joe_chicken
        Registered Users, Registered Users 2 Posts: 1,287 ✭✭✭joe_chicken


        Just to explain why I think you should uninstall the Gamespot download manager.

        1 - I think the download manager didn't exit properly when you downloaded the original FirstContact.zip. (if you have a look on their site, they seem to be having a lot of trouble with the downloader doing this)

        2 - I think the manager is downloading the file again everytime you delete it.

        These two locked files (locked presumably because they are in use) would suggest that.

        C:\Program Files\GameSpot\logs\FirstContact.zip.log Object is locked skipped
        C:\Program Files\GameSpot\logs\GameSpot_Download_Service.log Object is locked skipped

        Have you uninstalled Gamespot download manager?

        Actor:

        Why are you getting himi to delete emails from the revenue? They are surely a trusted source.

        I don't think your problem is with Outlook. But hey, I could be wrong.

        /EDIT O, I see them in the AV logs... hmmm they could be the problem, although all the mails you mentioned are from 2004.... so unless he's been having these problems since then, I don't think they are a problem.

        I'm not too familiar with Outlook, but if he deletes Inbox.dbx, does he not surely lose his inbox?
        (unless that file is a backup?)


      • #28
        py2006
        Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


        joe_chicken wrote:
        Just to explain why I think you should uninstall the Gamespot download manager.

        .

        I think you maybe right! I uninstalled it yesterday and it hasn't returned!

        However the other problem I had logging into websites is a strange one. You will notice I am logged in here now obviously but the weird thing is I am now permantently logged in. Normally when you leave boards idle for 10 mins or so you need to log in again. I haven't had to log in again in 2 days!!!


      • #29
        joe_chicken
        Registered Users, Registered Users 2 Posts: 1,287 ✭✭✭joe_chicken


        py2006 wrote:
        Normally when you leave boards idle for 10 mins or so you need to log in again. I haven't had to log in again in 2 days!!!


        I haven't had to log into Boards for 2 years
        (slight exaggeration for dramatic effect ;))

        My browser usually saves the log in. I don't think it expires on boards unlke most other websites.


      • #30
        py2006
        Registered Users, Registered Users 2 Posts: 9,844 ✭✭✭py2006


        joe_chicken wrote:
        I haven't had to log into Boards for 2 years
        (slight exaggeration for dramatic effect ;))

        My browser usually saves the log in. I don't think it expires on boards unlke most other websites.

        Hmmm it used to for me!!

        Crikey, that 407mb file must have downloaded 30 times over the passed few weeks! I hope NTL don't shut me off.


      • Advertisement
      • #31
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        joe_chicken's way sounds like the best course of action. If you can't delete them then, then we can use a tool that will remove them. It isn't a malware issue anyway.


      • #32
        Gadgetman496
        Registered Users, Registered Users 2 Posts: 8,423 ✭✭✭Gadgetman496


        There's another option too!

        It's a neat little utility(Free) called "Unlocker"

        It allows you to right click a file or folder that can't be deleted because Windows or what ever reports it's in use & allows you to delete it.

        You can get it here:
        http://www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml

        "Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."



      Advertisement