Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Need help cleaning pc

Options
  • 11-12-2007 11:34pm
    #1
    DanGerMus
    Registered Users Posts: 1,525 ✭✭✭


    hey guys basically a few weeks ago my Gfs brother tried downloading "free porn" and was prompted to download some software and moron that he is agreed to it and the pc was quickly filled with a pletera of malware and other sh1te. Since then there has been a significant performance drop ie loading up running IE7 which frequently errors out. Ive tried avg, adaware, spybot but still no joy.
    i've attached a screeny of the taskmanager processes to see if you guys can spot anything there, should there be so many svchost.exe processes. I dont really know what i'm doing so any suggestions would be great. thnx in advance


Comments

  • Options
    #2
    Mr NoTV
    Registered Users Posts: 204 ✭✭Mr NoTV


    G'day! I never use AVG since relacing with Avast (www.avast.com) - it's free for home use and just requires you to apply for a reg code (that they send to you by email). Updates are free for 1 year and then you have to apply for a new code - free again! How good is that? This usually sorts the virus threats.

    I use Ad-aware 2007 (or the earlier version) to clean mal/spyware.
    Make sure you have the latest definitions loaded.

    Check the registry with WinASO - there are free versions out there. Very good tool but use carefully.

    A clean with East-Tec Eraser will clear past 'visit' histories too - worthwhile.

    good luck.


  • Options
    #3
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • Options
    #4
    donaghs
    Registered Users Posts: 2,702 ✭✭✭donaghs


    Are you familiar with msconfig? The startup tab will show you programs that are running at startup. The unecessary ones can be turned off. If you are not familiar with it be very careful, as you are basically changing the registry.


  • Options
    #5
    DanGerMus
    Registered Users Posts: 1,525 ✭✭✭DanGerMus


    Deckard's System Scanner v20071014.68
    Run by Administrator on 2007-12-13 00:03:28
    Computer is in Normal Mode.

    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2007-12-13 00:05:35
    Platform: Windows 2003 Service Pack 2 (5.02.3790)
    MSIE: Internet Explorer (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files (x86)\Belkin\F5D7051\WLService.exe
    C:\Program Files (x86)\Belkin\F5D7051\WLanCfgG.exe
    C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\SysWOW64\igfxtray.exe
    C:\WINDOWS\SysWOW64\hkcmd.exe
    C:\WINDOWS\SysWOW64\igfxpers.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\WINDOWS\RTHDCPL.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Ares\Ares.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
    C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\QuickTime\qttask.exe
    C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\iPod\bin\iPodService.exe
    C:\Documents and Settings\Administrator\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=userinit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - C:\Program Files (x86)\Video ActiveX Access\iesplg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\GoogleToolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\GoogleToolbar1.dll
    O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files (x86)\Video ActiveX Access\iesbpl.dll (file missing)
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SNM] C:\System Volume Information\_restore{5530D965-F6D0-4096-9E0E-F25727A70238}\RP130\A0011091.exe /startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files (x86)\Video ActiveX Access\iesmn.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: eBay Search - res://C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files (x86)\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files (x86)\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171311541497
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} () - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://83.141.84.133:82/activex/AMC.cab
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{E697EBA6-6B25-433E-BC87-D1BE92D0C2AD}: NameServer = 192.168.11.1
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll (file missing)
    O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll (file missing)
    O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll (file missing)
    O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll (file missing)
    O22 - SharedTaskScheduler: dizening - {70d17a5f-ef27-4295-90f5-20ad6f24834f} - C:\WINDOWS\SysWow64\tmxxxh.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files
    O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe /com
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_1.EXE
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe


    --
    End of file - 12624 bytes

    -- File Associations

    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
    R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing)
    R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
    R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
    R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing)
    R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing)
    R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
    R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing)
    R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
    R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
    R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
    R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
    R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
    R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
    R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
    R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing)
    R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing)
    R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
    R1 AFD - c:\windows\system32\drivers\afd.sys (file missing)
    R1 AvgAsC64 (AVG Anti-Spyware Clean Driver) - c:\windows\system32\drivers\avgasc64.sys (file missing)
    R1 Beep - c:\windows\system32\drivers\beep.sys (file missing)
    R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
    R1 Fips - c:\windows\system32\drivers\fips.sys (file missing)
    R1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing)
    R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing)
    R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
    R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
    R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing)
    R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
    R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
    R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing)
    R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
    R1 Null - c:\windows\system32\drivers\null.sys (file missing)
    R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
    R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
    R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing)
    R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
    R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
    R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
    R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing)
    R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing)
    R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing)
    R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
    R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing)
    R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
    R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
    R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing)
    R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
    R3 hidusb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
    R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
    R3 ialm - c:\windows\system32\drivers\ialmnt5.sys (file missing)
    R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkhda64.sys (file missing)
    R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
    R3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
    R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing)
    R3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
    R3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
    R3 LUsbFilt (Logitech SetPoint KMDF USB Filter) - c:\windows\system32\drivers\lusbfilt.sys (file missing)
    R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
    R3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing)
    R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
    R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
    R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
    R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
    R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
    R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
    R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
    R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing)
    R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing)
    R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
    R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
    R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing)
    R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
    R3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
    R3 Srv - c:\windows\system32\drivers\srv.sys (file missing)
    R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
    R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing)
    R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing)
    R3 USB_RNDIS (Morgano Wireless G USB Network Adapter x64 Driver) - c:\windows\system32\drivers\usb8023.sys (file missing)
    R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
    R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
    R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
    R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
    R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
    R3 Wdf01000 - c:\windows\system32\drivers\wdf01000.sys (file missing)
    R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing)
    R3 yukonx64 (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - c:\windows\system32\drivers\yk51x64.sys (file missing)
    R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing)
    R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)

    S1 BUFADPT - c:\windows\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN>
    S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing)
    S2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
    S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing)
    S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
    S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing)
    S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
    S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
    S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
    S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)
    S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing)
    S3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing)
    S3 LHidKe (Logitech SetPoint HID Mouse Filter Driver) - c:\windows\system32\drivers\lhidke.sys (file missing)
    S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys (file missing)
    S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
    S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
    S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
    S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
    S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
    S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing)
    S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing)
    S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing)
    S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
    S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
    S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
    S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
    S3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - c:\windows\system32\drivers\wudfpf.sys (file missing)
    S3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - c:\windows\system32\drivers\wudfrd.sys (file missing)
    S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing)
    S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing)
    S4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing)
    S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
    S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 aawservice (Ad-Aware 2007 Service) - "c:\program files (x86)\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
    R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service (Belkin High-Speed Mode Wireless G USB Driver) - c:\program files (x86)\belkin\f5d7051\wlservice.exe
    R2 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing)
    R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing)
    R2 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing)
    R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
    R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)

    S3 AresChatServer (Ares Chatroom server) - c:\program files (x86)\ares\chatserver.exe
    S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing)
    S3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing)
    S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing)
    S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
    S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing)
    S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing)
    S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)
    S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
    S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing)


    -- Device Manager: Disabled

    No disabled devices found.


    -- Scheduled Tasks

    2007-11-14 23:02:01 296 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2007-11-13 and 2007-12-13

    2007-12-06 23:43:28 0 d
    C:\Program Files (x86)\Axis Communications
    2007-12-05 15:54:54 0 d
    C:\Program Files (x86)\Disc2Phone
    2007-12-05 15:45:21 0 d
    C:\WINDOWS\system32\URTTemp


    -- Find3M Report

    2007-12-12 23:20:20 0 d
    C:\Program Files (x86)\Symantec AntiVirus
    2007-12-11 22:16:00 0 d
    C:\Program Files (x86)\Java
    2007-12-01 13:42:15 0 d
    C:\Program Files (x86)\eBay
    2007-11-09 23:23:46 0 d
    C:\Documents and Settings\Administrator\Application Data\Skype
    2007-11-09 19:50:15 0 d
    C:\Documents and Settings\Administrator\Application Data\eBay
    2007-11-06 23:26:52 27126 --a
    C:\WINDOWS\system32\TB2Categories000.dat


    -- Registry Dump



    -- End of Deckard's System Scanner: finished at 2007-12-13 00:06:18


  • Options
    #6
    DanGerMus
    Registered Users Posts: 1,525 ✭✭✭DanGerMus


    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft(R) Windows(R) XP Professional x64 Edition (build 3790) SP 2.0
    Architecture: X64; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
    Percentage of Memory in Use: 69%
    Physical Memory (total/avail): 1015.39 MiB / 312.41 MiB
    Pagefile Memory (total/avail): 2471.18 MiB / 1818.99 MiB
    Virtual Memory (total/avail): 4095.88 MiB / 3948.28 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 232.88 GiB total, 188.7 GiB free.
    D: is CDROM (CDFS)

    \\.\PHYSICALDRIVE0 - SAMSUNG SP2504C - 232.88 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



    -- Security Center

    Windows Internal Firewall is enabled.

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files (x86)\\Ares\\Ares.exe"="C:\\Program Files (x86)\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
    "C:\\Program Files (x86)\\Azureus\\Azureus.exe"="C:\\Program Files (x86)\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Program Files (x86)\\iTunes\\iTunes.exe"="C:\\Program Files (x86)\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe"="C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Administrator\Application Data
    CLASSPATH=.;C:\Program Files (x86)\Java\jre1.6.0_01\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files (x86)\Common Files
    CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
    CommonProgramW6432=C:\Program Files\Common Files
    COMPUTERNAME=PAULAS-PC
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Administrator
    LOGONSERVER=\\PAULAS-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_ARCHITEW6432=AMD64
    PROCESSOR_IDENTIFIER=EM64T Family 15 Model 4 Stepping 3, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0403
    ProgramFiles=C:\Program Files (x86)
    ProgramFiles(x86)=C:\Program Files (x86)
    ProgramW6432=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files (x86)\Java\jre1.6.0_01\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    USERDOMAIN=PAULAS-PC
    USERNAME=Administrator
    USERPROFILE=C:\Documents and Settings\Administrator
    windir=C:\WINDOWS


    -- User Profiles

    Administrator (admin)


    -- Add/Remove Programs

    --> C:\Program Files (x86)\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNNMP.exe /UNINSTALL
    Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Ares 2.0.5 --> "C:\Program Files (x86)\Ares\uninstall.exe"
    AVG Anti-Spyware 7.5 --> C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    AXIS Media Control Embedded --> rundll32 "C:\Program Files (x86)\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
    Azureus --> C:\Program Files (x86)\Azureus\Uninstall.exe
    Bebo - Skype 3.1 --> "C:\Program Files (x86)\Skype\Phone\unins000.exe"
    Belkin High-Speed Mode Wireless G USB Network Adapter --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\Belkin\F5D7051\setup.exe" -l0x9
    CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
    Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
    DivX 5.0.2 Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files (x86)\DivX\uninstal.log
    Google Earth --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files (x86)\google\googletoolbar1.dll"
    iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
    J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    K-Lite Codec Pack 3.3.0 Full --> "C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
    LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files (x86)\\Symantec\LiveUpdate\LSETUP.EXE /U
    LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
    Logitech SetPoint --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
    Magic DVD Ripper V5.0.1 --> "C:\Program Files (x86)\MagicDVDRipper\unins000.exe"
    Messenger Service --> "C:\Program Files (x86)\Video ActiveX Access\imsunst.exe"
    Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    MSN --> C:\Program Files (x86)\MSN\MsnInstaller\msninst.exe /Action:ARP
    Nero Suite --> C:\Program Files (x86)\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
    PartyPoker --> "C:\Program Files (x86)\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files (x86)\PartyGaming\PartyPoker\install.log"
    PowerDVD --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
    RealPlayer --> C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    Security Update for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
    Spybot - Search & Destroy 1.4 --> "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
    SpyNoMore 2.56 --> C:\Program Files (x86)\SpyNoMore\uninst.exe
    Video ActiveX Solution 2.07 --> C:\Program Files (x86)\Video ActiveX Access\uninst.exe
    Yahoo! Toolbar --> C:\PROGRA~2\Yahoo!\Common\unyt.exe


    -- Application Event Log

    Event Record #/Type3455 / Error
    Event Submitted/Written: 12/13/2007 00:05:11 AM
    Event ID/Source: 51 / Symantec AntiVirus
    Event Description:
    Security Risk Found!Risk: Downloader.MisleadApp in File: C:\Documents and Settings\Administrator\Local Settings\Temp\laf1.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

    Event Record #/Type3454 / Error
    Event Submitted/Written: 12/13/2007 00:05:11 AM
    Event ID/Source: 5 / Symantec AntiVirus
    Event Description:
    Risk Found!Risk: Downloader.MisleadApp in File: C:\Documents and Settings\Administrator\Local Settings\Temp\laf1.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

    Event Record #/Type3453 / Error
    Event Submitted/Written: 12/13/2007 00:05:11 AM
    Event ID/Source: 46 / Symantec AntiVirus
    Event Description:
    Security Risk Found!Risk: Downloader.MisleadApp in File: C:\Documents and Settings\Administrator\Local Settings\Temp\laf1.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

    Event Record #/Type3426 / Error
    Event Submitted/Written: 12/11/2007 10:10:54 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application iexplore.exe, version 7.0.6000.16544, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type3425 / Error
    Event Submitted/Written: 12/11/2007 10:10:20 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application iexplore.exe, version 7.0.6000.16544, faulting module ntdll.dll, version 5.2.3790.3959, fault address 0x0004d233.
    Processing media-specific event for [iexplore.exe!ws!]



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type20776 / Error
    Event Submitted/Written: 12/13/2007 00:06:09 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
    %%2

    Event Record #/Type20775 / Error
    Event Submitted/Written: 12/13/2007 00:06:09 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
    %%2

    Event Record #/Type20774 / Error
    Event Submitted/Written: 12/13/2007 00:05:27 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
    %%2

    Event Record #/Type20773 / Error
    Event Submitted/Written: 12/13/2007 00:05:27 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
    %%2

    Event Record #/Type20772 / Error
    Event Submitted/Written: 12/13/2007 00:03:19 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
    %%2



    -- End of Deckard's System Scanner: finished at 2007-12-13 00:06:18


  • Advertisement
  • Options
    #7
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, double-click on SmitfraudFix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.


Advertisement