Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

It pops up every time I start my P.c...(attachment)

  • 03-01-2008 2:47pm
    #1
    Registered Users, Registered Users 2 Posts: 1,164 ✭✭✭


    I took a screenshot of what pops up every time The computer starts up
    (see attached file).

    Its happened for a few months now, i just never have come around to sorting it out until now
    . when i click ok on it , it just dissapears.


    My computer works fine, except I think since it started popping up, Internet Explorer has slowed down. As in when i click internet explorer it takes ages to starup..etc so i switched to mozilla which is so much faster!

    Ive looked around different forums..etc and haven't found much.

    Any1 any ideas on this annoying little pop up???:rolleyes:


Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    It's malware

    Do this

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • Registered Users, Registered Users 2 Posts: 6,462 ✭✭✭TheBazman


    I'm having a similar pop up (not all the time but sometimes). Would it be okay if I also added my results for you to have a look at ActorSeeksJob or should I start a new thread?


  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    TheBazman wrote: »
    I'm having a similar pop up (not all the time but sometimes). Would it be okay if I also added my results for you to have a look at ActorSeeksJob or should I start a new thread?
    Work away. If its the same issue there is little sense in having a second thread on it. If it turns out to be a different issue I can always split the thread at a later date.

    Include a little explanation of the issue though, just in case. Frequency it shows up and such.


  • Registered Users, Registered Users 2 Posts: 6,462 ✭✭✭TheBazman


    Cheers well the issue is much the same as the OP - While using the PC I get several Rundll type pop ups. I am attaching the notepad files below

    Deckard's System Scanner v20071014.68
    Run by User Name on 2008-01-03 20:34:59
    Computer is in Normal Mode.

    -- Last 5 Restore Point(s) --
    26: 2008-01-02 19:24:04 UTC - RP223 - Scheduled Checkpoint
    25: 2008-01-01 18:37:32 UTC - RP222 - Removed ClearAllHistory
    24: 2008-01-01 18:32:37 UTC - RP221 - Installed ClearAllHistory
    23: 2008-01-01 12:56:44 UTC - RP220 - Scheduled Checkpoint
    22: 2007-12-31 22:07:27 UTC - RP219 - Scheduled Checkpoint


    -- First Restore Point --
    1: 2007-12-10 19:31:59 UTC - RP195 - Scheduled Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-01-03 20:38:14
    Platform: Windows Vista (6.00.6000)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\dwm.exe
    C:\Windows\System32\taskeng.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
    C:\Users\User Name \Downloads\dss.exe
    C:\Windows\System32\conime.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Komplett
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O15 - Trusted Zone: http://toolbar.imageshack.us (HKCU)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{4FA961E5-3BEE-4882-B6B7-F60014139C92}: NameServer = 213.94.190.235 213.94.190.195
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
    O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - c:\Users\Administrator\Temp\report\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


    --
    End of file - 8361 bytes

    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    S3 ASPI (Advanced SCSI Programming Interface Driver) - \??\c:\windows\system32\drivers\aspi32.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 NMSAccess - c:\program files\cdburnerxp\nmsaccess.exe
    R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

    S3 SandraTheSrv (Sandra Service) - c:\users\administrator\temp\report\rpcsandrasrv.exe (file missing)


    -- Device Manager: Disabled

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0017
    Manufacturer: Microsoft
    Name: isatap.{4FA961E5-3BEE-4882-B6B7-F60014139C92}
    PNP Device ID: ROOT\*ISATAP\0017
    Service: tunnel

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia N73
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Nokia 6234
    Device ID: ROOT\WPD\0001
    Manufacturer: Nokia
    Name: Nokia 6234
    PNP Device ID: ROOT\WPD\0001
    Service: WUDFRd


    -- Scheduled Tasks

    2008-01-03 19:47:12 430 --ah
    C:\Windows\Tasks\User_Feed_Synchronization-{3C9D3323-2FD1-40D0-9CFC-B0665643015C}.job


    -- Files created between 2007-12-03 and 2008-01-03

    2007-12-30 11:17:56 0 d
    C:\Program Files\vixy.net
    2007-12-29 16:31:34 0 d
    C:\Program Files\ffdshow
    2007-12-28 18:58:02 356352 --a
    C:\Windows\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
    2007-12-28 18:58:02 0 d
    C:\Program Files\Album Cover Fider
    2007-12-28 18:54:08 0 d
    C:\Program Files\WikidPad
    2007-12-28 18:53:14 0 d
    C:\Program Files\Opera 9.5 beta
    2007-12-28 18:51:10 0 d
    C:\Program Files\PlayFLV
    2007-12-25 10:27:32 0 d
    C:\Program Files\Picasa2
    2007-12-25 10:26:52 0 d
    C:\Users\All Users\Google
    2007-12-25 10:26:20 0 d
    C:\Program Files\Western Digital
    2007-12-25 10:26:09 0 d
    C:\Users\All Users\InstallShield
    2007-12-25 10:25:53 0 d
    C:\Users\All Users\eSellerate
    2007-12-25 10:24:21 0 d
    C:\Program Files\Memeo
    2007-12-25 10:24:09 0 d---s---- C:\Users\All Users\Memeo
    2007-12-25 10:21:41 0 d
    C:\Program Files\Western Digital Technologies
    2007-12-10 19:05:02 0 d
    C:\U5_8248508
    2007-12-09 17:37:52 0 d
    C:\Program Files\Handbrake
    2007-12-09 17:24:33 0 d
    C:\Users\User Name \Software


    -- Find3M Report

    2008-01-03 20:16:21 0 d
    C:\Users\User Name \AppData\Roaming\RipIt4Me
    2008-01-03 18:56:49 0 d
    C:\Users\User Name \AppData\Roaming\AVG7
    2007-12-28 18:56:27 0 d
    C:\Users\User Name \AppData\Roaming\WikidPad
    2007-12-28 18:53:23 0 d
    C:\Users\User Name \AppData\Roaming\Opera
    2007-12-27 17:28:24 0 d--h
    C:\Program Files\InstallShield Installation Information
    2007-12-25 20:45:32 0 d
    C:\Users\User Name \AppData\Roaming\Google
    2007-12-25 10:27:00 0 d
    C:\Program Files\Google
    2007-12-25 10:25:51 0 d
    C:\Program Files\Common Files\InstallShield
    2007-12-18 16:34:18 0 d
    C:\Users\User Name \AppData\Roaming\Vso
    2007-12-07 21:37:51 0 d
    C:\Users\User Name \AppData\Roaming\FrostWire
    2007-11-27 20:17:58 574 --a
    C:\Users\User Name \AppData\Roaming\AutoGK.ini
    2007-11-25 21:03:09 194597 --a
    C:\Users\User Name \AppData\Roaming\UserTile.png
    2007-11-25 21:02:36 0 d
    C:\Users\BaUser Name \AppData\Roaming\Apple Computer
    2007-11-25 11:41:24 0 d
    C:\Program Files\AutoGK
    2007-11-25 11:41:22 43698 --a
    C:\Windows\system32\xvid-uninstall.exe
    2007-11-25 11:41:18 0 d
    C:\Program Files\AviSynth 2.5
    2007-11-22 18:40:23 0 d
    C:\Program Files\iTunes
    2007-11-22 18:40:06 0 d
    C:\Program Files\iPod
    2007-11-22 18:38:31 0 d
    C:\Program Files\QuickTime
    2007-11-22 18:36:48 0 d
    C:\Program Files\Apple Software Update
    2007-11-22 18:35:21 0 d
    C:\Program Files\Common Files
    2007-11-22 18:35:21 0 d
    C:\Program Files\Common Files\Apple
    2007-11-13 22:57:05 0 d
    C:\Program Files\Windows Mail
    2007-11-10 08:49:10 0 d
    C:\Program Files\Nokia
    2007-11-10 08:46:56 0 d
    C:\Program Files\Common Files\Nokia
    2007-10-29 20:12:39 0 --a
    C:\Windows\nsreg.dat


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/05/2007 19:35]
    "RtHDVCpl"="RtHDVCpl.exe" [23/04/2007 13:51 C:\Windows\RtHDVCpl.exe]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [12/04/2007 15:07]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/04/2007 15:07]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/04/2007 15:07]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21/12/2007 18:45]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 02:43]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 12:20]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [29/10/2007 09:50]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 20:16]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 18:36]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [25/12/2007 10:27]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [21/02/2007 01:18]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 12:35]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [25/12/2007 10:26]
    "ClearAllHistory"="C:\Program Files\ClearAllHistory\cah.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 00:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 27/05/2007 11:40 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^User Name ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
    path=C:\Users\User Name \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
    backup=C:\Windows\pss\OpenOffice.org 2.2.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-01-03 20:39:20


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Yeah sure, why not. The more the merrier :)

    I will label which fix is for which one of you, so make sure you don't run his fix, and vice versa.

    So go ahead and run DSS there


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Well your problem doesn't seem to be malware related

    Can you post a SS of the error you are having and a bit more information


    Also do this

    Download Silent Runners and extract it to a new folder on your Desktop.
    Run the Silent Runners.vbs file.
    You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
    If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
    This script is not malicious so please allow it.
    A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!)
    Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.


  • Registered Users, Registered Users 2 Posts: 6,462 ✭✭✭TheBazman


    and the extra.txt

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft® Windows Vista™ Home Premium (build 6000)
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
    Percentage of Memory in Use: 54%
    Physical Memory (total/avail): 2045.88 MiB / 927.74 MiB
    Pagefile Memory (total/avail): 4310.25 MiB / 2997.68 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1910.22 MiB

    C: is Fixed (NTFS) - 465.76 GiB total, 277.47 GiB free.
    D: is Fixed (NTFS) - 465.76 GiB total, 131.25 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (No Media)
    G: is Fixed (NTFS) - 298.09 GiB total, 30.27 GiB free.
    H: is Fixed (NTFS) - 232.88 GiB total, 173.53 GiB free.
    I: is Fixed (NTFS) - 465.76 GiB total, 465.33 GiB free.

    \\.\PHYSICALDRIVE1 - ST3500630AS ATA Device - 465.76 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 465.76 GiB - D:

    \\.\PHYSICALDRIVE0 - ST3500630AS ATA Device - 465.76 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:

    \\.\PHYSICALDRIVE2 - WD 2500JB External USB Device - 232.88 GiB - 1 partition
    \PARTITION0 - Installable File System - 232.88 GiB - H:

    \\.\PHYSICALDRIVE3 - WD 3200JB External USB Device - 298.09 GiB - 1 partition
    \PARTITION0 - Installable File System - 298.09 GiB - G:

    \\.\PHYSICALDRIVE4 - WD 5000AAC External USB Device - 465.76 GiB - 1 partition
    \PARTITION0 - Installable File System - 465.76 GiB - I:



    -- Security Center

    AUOptions is set to notify before download.
    Windows Internal Firewall is enabled.

    AV: AVG 7.5.516 v7.5.516 (Grisoft)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\User Name\AppData\Roaming
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=User Name-PC
    ComSpec=C:\Windows\system32\cmd.exe
    configsetroot=C:\Windows\ConfigSetRoot
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\User Name
    LANG=C
    LOCALAPPDATA=C:\Users\User Name\AppData\Local
    LOGONSERVER=\\User Name-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f06
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\USERNAME~1\AppData\Local\Temp
    TMP=C:\Users\USERNAME~1\AppData\Local\Temp
    USERDOMAIN=User Name-PC
    USERNAME=User Name
    USERPROFILE=C:\Users\User Name
    windir=C:\Windows


    -- User Profiles

    User Name


    -- Add/Remove Programs

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
    Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
    Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
    Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    Album Cover Finder v.6.2.0 --> "C:\Program Files\Album Cover Fider\unins000.exe"
    Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Ares Tube 2.0 --> "C:\Program Files\Ares Tube\unins000.exe"
    Audacity 1.3.3 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
    Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
    AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
    ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
    DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    DVDFab HD Decrypter 3.1.1.6 --> "C:\Program Files\DVDFab HD Decrypter 3\unins000.exe"
    dvdSanta 4.50 --> "C:\Program Files\dvdSanta1\unins000.exe"
    Free DVD Ripper Version 2.25 --> "C:\Program Files\Free DVD Ripper\unins000.exe"
    FrostWire 4.13.1.7 BETA --> C:\Program Files\FrostWire\Uninstall.exe
    Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    GTK+ 2.10.11 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
    Handbrake 2.4.1 --> C:\Program Files\Handbrake\uninst.exe
    ImageShack Toolbar for Internet Explorer --> MsiExec.exe /I{A080492B-91D0-4CB8-AE02-9FF2EF9FFDC8}
    ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
    iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
    Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
    Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
    Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
    Nokia Nseries Skin for Microsoft Windows Media Player --> MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}
    Nokia PC Suite --> C:\ProgramData\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng.exe /LANG="2057"
    Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
    Nokia Software Updater --> MsiExec.exe /X{57CEA991-6F11-4E7E-B67C-2F02168CED6B}
    Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OpenOffice.org 2.2 --> MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}
    Opera 9.21 --> MsiExec.exe /X{AF599832-2305-4922-9342-6FF48894E384}
    Opera 9.50 --> MsiExec.exe /X{EDC7328C-E5DE-43DB-A8BD-2FCFA46370C3}
    Paint.NET v3.08 --> MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}
    PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
    Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
    PlayFLV --> "C:\Program Files\PlayFLV\uninstall.exe"
    PS3 Video 9 2.15 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
    QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
    Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
    Sony Sound Forge Audio Studio 9.0 --> MsiExec.exe /X{F655FEC2-EB66-4B94-8F51-B2A8EE6FE374}
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
    The GIMP 2.2.15 --> "C:\Program Files\GIMP-2.0\unins000.exe"
    Video Convert Master Trial Version (English) 8.0.1.18 --> "C:\Program Files\Video Convert Master\unins000.exe"
    VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Videora iPod Converter 2.19 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
    Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
    vixy converter uninstall --> "C:\Program Files\vixy.net\unins000.exe"
    VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
    WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
    WikidPad 1.9beta14 --> "C:\Program Files\WikidPad\unins000.exe"
    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7dedec2f\nokbtmdm.inf
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
    Xilisoft Video Converter --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
    Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
    XviD MPEG4 Video Codec (remove only) --> "C:\Windows\system32\xvid-uninstall.exe"
    Zoom V92 USB Faxmodem --> C:\Program Files\CONEXANT\CNXT_MODEM_USB_VID_0803&PID_1300\UIU32m.exe -U -IZm3090Az.inf


    -- Application Event Log

    Event Record #/Type10107 / Success
    Event Submitted/Written: 01/03/2008 06:56:38 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type10106 / Success
    Event Submitted/Written: 01/03/2008 06:56:37 PM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type10104 / Success
    Event Submitted/Written: 01/03/2008 06:55:53 PM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    The Software Licensing service has started.

    Event Record #/Type10091 / Warning
    Event Submitted/Written: 01/02/2008 09:27:39 PM
    Event ID/Source: 1530 / profsvc
    Event Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-2406636356-1627270548-1371518726-1000_Classes:
    Process 920 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2406636356-1627270548-1371518726-1000_CLASSES

    Event Record #/Type10089 / Warning
    Event Submitted/Written: 01/02/2008 09:27:36 PM
    Event ID/Source: 1530 / profsvc
    Event Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-2406636356-1627270548-1371518726-1000:
    Process 920 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2406636356-1627270548-1371518726-1000



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type40717 / Warning
    Event Submitted/Written: 01/03/2008 08:38:28 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %User Name-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %User Name-PC27 can't undo changes that you allow.

    For more information please see the following:
    %User Name-PC275

    Scan ID: {74FC73C3-E42D-43F8-A100-17EDC70387E2}

    User: User Name-PC\User Name

    Name: %User Name-PC271

    ID: %User Name-PC272

    Severity ID: %User Name-PC273

    Category ID: %User Name-PC274

    Path Found: %User Name-PC276

    Alert Type: %User Name-PC278

    Detection Type: 1.1.1505.02

    Event Record #/Type40716 / Warning
    Event Submitted/Written: 01/03/2008 08:38:28 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %User Name-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %User Name-PC27 can't undo changes that you allow.

    For more information please see the following:
    %User Name-PC275

    Scan ID: {1AA14723-B2FD-476F-983D-4380304646F5}

    User: User Name-PC\User Name

    Name: %User Name-PC271

    ID: %BUser Name-PC272

    Severity ID: %User Name-PC273

    Category ID: %User Name-PC274

    Path Found: %User Name-PC276

    Alert Type: %User Name-PC278

    Detection Type: 1.1.1505.02

    Event Record #/Type40705 / Warning
    Event Submitted/Written: 01/03/2008 07:01:26 PM
    Event ID/Source: 4 / Client Side Rendering Spooler
    Event Description:
    The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

    Event Record #/Type40704 / Warning
    Event Submitted/Written: 01/03/2008 07:01:26 PM
    Event ID/Source: 4 / Client Side Rendering Spooler
    Event Description:
    The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

    Event Record #/Type40556 / Warning
    Event Submitted/Written: 01/02/2008 06:14:31 PM
    Event ID/Source: 4 / Client Side Rendering Spooler
    Event Description:
    The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.



    -- End of Deckard's System Scanner: finished at 2008-01-03 20:39:20


  • Registered Users, Registered Users 2 Posts: 6,462 ✭✭✭TheBazman


    Thanks - I will try to grab a screenshot when it pops up next. Its certainly not as regular as the OP's problem but when it does happen it pops up around 10 times

    Anyway silent runner results


    "Silent Runners.vbs", revision 55, http://www.silentrunners.org/
    Operating System: Windows Vista
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe" [MS]
    "ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
    "WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
    "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
    "ClearAllHistory" = "C:\Program Files\ClearAllHistory\cah.exe" [file not found]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
    "RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
    "NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
    "NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
    "NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
    "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
    "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
    "PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
    "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
    "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
    "ISUSPM" = ""C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler" [file not found]
    "Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]
    "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
    -> {HKLM...CLSID} = "AVG7 Find Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
    "{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Exctractor"
    -> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"
    \InProcServer32\(Default) = "C:\Program Files\VistaCodecPack\filters\mmfinfo.dll" [null data]
    "{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"
    -> {HKLM...CLSID} = "Haali Matroska Shell Property Page"
    \InProcServer32\(Default) = "C:\Program Files\VistaCodecPack\filters\mmfinfo.dll" [null data]
    "{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
    -> {HKLM...CLSID} = "Haali Column Provider"
    \InProcServer32\(Default) = "C:\Program Files\VistaCodecPack\filters\mmfinfo.dll" [null data]
    "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
    -> {HKLM...CLSID} = "Nokia Phone Browser"
    \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
    "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
    "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
    "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
    "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    <<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" ["Google"]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
    {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
    -> {HKLM...CLSID} = "Haali Column Provider"
    \InProcServer32\(Default) = "C:\Program Files\VistaCodecPack\filters\mmfinfo.dll" [null data]
    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]


    Group Policies {GPedit.msc branch and setting}:

    Note: detected settings may not have any effect.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

    "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

    "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Behavior Of The Elevation Prompt For Standard Users}

    "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Detect Application Installations And Prompt For Elevation}

    "EnableLUA" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Run All Administrators In Admin Approval Mode}

    "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Only elevate UIAccess applications that are installed in secure locations}

    "EnableVirtualization" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Virtualize file and registry write failures to per-user locations}

    "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Conrol: Switch to the secure desktop when prompting for elevation}

    "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}

    "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Admin Approval Mode for the Built-in Administrator Account}


    Active Desktop and Wallpaper:

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Users\User Name\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


    Enabled Screen Saver:

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]


    Autostart via AUTORUN.INF on local fixed drives:

    I:\
    <<!>> I:\AUTORUN.INF -> "open=wd_windows_tools\setup.exe" ["Western Digital Technologies, Inc."]


    Startup items in "User Name" & "All Users" startup folders:

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


    Winsock2 Service Provider DLLs:

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
    000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
    000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 14


    Toolbars, Explorer Bars, Extensions:

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{F2CF5485-4E02-4F68-819C-B92DE9277049}"
    -> {HKLM...CLSID} = "&Links"
    \InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
    -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]


    HOSTS file

    C:\Windows\System32\drivers\etc\HOSTS

    maps: 2 domain names to IP addresses,
    1 of the IP addresses is *not* localhost!


    Running Services (Display Name, Service Name, Path {Service DLL}):

    Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
    AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
    AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
    AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]
    AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
    Human Interface Device Access, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}
    iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
    NMSAccess, NMSAccess, "C:\Program Files\CDBurnerXP\NMSAccess.exe" [null data]
    ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
    Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
    Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
    Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]
    XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."]


    Print Monitors:

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    LIDIL hpzlllhn\Driver = "hpzlllhn.dll" ["Hewlett-Packard Company"]


    (launch time: 2008-01-03 20:57:20)
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    (total run time: 50 seconds, including 17 seconds for message boxes)


  • Registered Users, Registered Users 2 Posts: 6,462 ✭✭✭TheBazman


    Damn, the missus wants to make a phone call (still in dial up land unfortunately). It may take a while so if I dont check in tonight, I will do in the morning.

    Thanks for the help so far - its great to be able to check these things out with people who actually know what they are doing


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Well your logs are clean from malware.

    When did these pop ups start do you think ? I will need more information and a screenshot if possible.


    I would recommend downloading and running CCleaner
    http://www.ccleaner.com/download

    Go to Registry > Scan for Issues > Make a backup when it prompts you > Fix all selected issues(the prompt for the backup might pop up after you click Fix all)


    Reboot your PC and see if you still get the error message. Also you need to do this


    You now need to update your Java and remove your older versions.

    Please follow these steps to remove older version Java components.

    * Click Start > Control Panel.
    * Click Add/Remove Programs.
    * Check any item with Java Runtime Environment (JRE) in the name.
    * Click the Remove or Change/Remove button.

    Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
    here


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,164 ✭✭✭BaRcOe


    Deckard's System Scanner v20071014.68
    Run by Owner on 2008-01-04 22:54:59
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    92: 2008-01-04 22:55:07 UTC - RP357 - Deckard's System Scanner Restore Point
    91: 2008-01-04 21:46:11 UTC - RP356 - System Checkpoint
    90: 2008-01-03 20:56:31 UTC - RP355 - System Checkpoint
    89: 2008-01-02 20:37:12 UTC - RP354 - System Checkpoint
    88: 2008-01-01 19:37:13 UTC - RP353 - System Checkpoint


    -- First Restore Point --
    1: 2007-10-06 18:27:56 UTC - RP266 - Software Distribution Service 3.0


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-01-04 23:00:16
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\ESET\nod32krn.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {d7ee4663-5103-4b3a-a6fc-f717bd61e4ce} - C:\WINDOWS\system32\c_1mgr.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
    O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\nnkhih.dll",forkonce
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [MsnMsgr..] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYIE
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
    O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/msaud.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-IE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172334399765
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\windows\system32\vtursst.dll
    O20 - Winlogon Notify: c_1mgr - C:\WINDOWS\system32\c_1mgr.dll (file missing)
    O20 - Winlogon Notify: dpvodm - C:\WINDOWS\system32\dpvodm.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


    --
    End of file - 11614 bytes

    -- File Associations

    .js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>

    S3 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


    -- Device Manager: Disabled

    No disabled devices found.


    -- Scheduled Tasks

    2008-01-04 14:08:53 330 --ah
    C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2008-01-01 21:55:11 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2007-12-04 and 2008-01-04

    2007-12-23 17:18:30 0 d
    C:\Documents and Settings\Owner\Application Data\InterVideo
    2007-12-08 20:45:17 0 d
    C:\Documents and Settings\Owner\Application Data\U3


    -- Find3M Report

    2008-01-04 09:57:53 0 d
    C:\Program Files\Spyware Doctor
    2008-01-02 21:57:14 0 d
    C:\Program Files\iTunes
    2007-12-04 08:02:03 0 d---s---- C:\Program Files\Xfire
    2007-12-03 13:34:20 0 d
    C:\Documents and Settings\Owner\Application Data\Xfire
    2007-12-03 12:54:28 0 d
    C:\Program Files\Ventrilo
    2007-12-03 12:54:07 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-01 19:21:02 0 d
    C:\Program Files\DinerDashFloontheGo_at
    2007-11-21 17:19:27 0 d
    C:\Program Files\America's Army
    2007-11-20 19:46:57 0 d
    C:\Program Files\BitTorrent
    2007-11-19 21:28:59 0 d
    C:\Documents and Settings\Owner\Application Data\BitTorrent
    2007-11-17 18:36:17 0 d
    C:\Program Files\Paradise Pet Salon
    2007-11-17 17:30:52 0 d
    C:\Program Files\Burger Shop
    2007-11-17 16:29:38 0 d
    C:\Program Files\Fashion Fits!
    2007-11-17 16:25:10 0 d
    C:\Program Files\Cake Mania 2
    2007-11-12 12:50:59 16 --a
    C:\WINDOWS\system32\buyurl0502.dat
    2007-11-12 12:49:52 0 d
    C:\Program Files\PartyGaming
    2007-11-08 20:33:08 0 d
    C:\Program Files\Common Files\DVDVideoSoft
    2007-11-08 20:33:05 0 d
    C:\Program Files\DVDVideoSoft
    2007-11-08 16:09:31 0 d
    C:\Program Files\Common Files
    2007-11-05 17:28:42 0 d
    C:\Program Files\iPod
    2007-11-05 17:26:41 0 d
    C:\Program Files\QuickTime
    2007-11-05 17:23:06 0 d
    C:\Program Files\Apple Software Update
    2007-11-05 17:21:53 0 d
    C:\Program Files\Common Files\Apple


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d7ee4663-5103-4b3a-a6fc-f717bd61e4ce}]
    C:\WINDOWS\system32\c_1mgr.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtr"="ALCMTR.EXE" [03/05/2005 17:43 C:\WINDOWS\ALCMTR.EXE]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [24/02/2007 15:59]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [25/05/2004 09:16]
    "kgsystray"="C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe" []
    "MemoryManager"="C:\WINDOWS\nnkhih.dll" []
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/10/2007 16:27]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 09:37]
    "MsnMsgr.."="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]


    -- End of Deckard's System Scanner: finished at 2008-01-04 23:02:08

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Celeron(R) CPU 3.06GHz
    Percentage of Memory in Use: 47%
    Physical Memory (total/avail): 991.48 MiB / 524.73 MiB
    Pagefile Memory (total/avail): 2387.54 MiB / 1960.48 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1921.64 MiB

    C: is Fixed (NTFS) - 186.3 GiB total, 106.03 GiB free.
    D: is CDROM (No Media)
    E: is Removable (No Media)
    F: is Removable (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - ST3200021A - 186.31 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:

    \\.\PHYSICALDRIVE1 - Generic 2.0 Reader -CF USB Device

    \\.\PHYSICALDRIVE4 - Generic 2.0 Reader -MS USB Device

    \\.\PHYSICALDRIVE3 - Generic 2.0 Reader -SD USB Device

    \\.\PHYSICALDRIVE2 - Generic 2.0 Reader -SM USB Device

    \\.\PHYSICALDRIVE5 - Generic 2.0 Reader -xD USB Device



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
    "C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
    "C:\\mcoinstall.exe"="C:\\mcoinstall.exe:*:Enabled:mcoinstall"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
    "C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Documents and Settings\\Owner\\Application Data\\tmp73.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
    "C:\\WINDOWS\\system32\\qwerty12.exe"="C:\\WINDOWS\\system32\\qwe"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=BARCOE-D2755371
    ComSpec=C:\WINDOWS\system32\cmd.exe
    DEFAULT_CA_NR=CA8
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner
    LOGONSERVER=\\BARCOE-D2755371
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\iTunes\Plug-Ins\Qloud\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0409
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    USERDOMAIN=BARCOE-D2755371
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner
    windir=C:\WINDOWS


    -- User Profiles

    Owner (admin)


    -- Add/Remove Programs

    --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    --> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
    --> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
    America's Army --> MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
    Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    ATI Catalyst Control Center --> MsiExec.exe /I{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}
    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
    BearShare --> C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
    Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
    BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
    Bots --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67D1F82A-6366-4646-BB9E-1F0059E47124}\setup.exe" -l0x9 -removeonly
    Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
    Burger Shop (remove only) --> "C:\Program Files\Burger Shop\Uninstall.exe"
    BZFlag 2.0.8 (remove only) --> "C:\Program Files\BZFlag2.0.8\uninstall.exe"
    Cake Mania 2 (remove only) --> "C:\Program Files\Cake Mania 2\Uninstall.exe"
    CamStudio --> C:\Program Files\CamStudio\uninstall.exe
    Catz 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\Uninst\Setup.exe"
    Diner Dash 2 + Together --> C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~1\INSTALL.LOG
    Diner Dash Flo on the Go Free Trial --> "C:\Program Files\DinerDashFloontheGo_at\unins000.exe"
    Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Ease Audio Converter 1.10 --> "C:\Program Files\easetech\AudioConverter\unins000.exe"
    Fashion Fits! (remove only) --> "C:\Program Files\Fashion Fits!\Uninstall.exe"
    First Step Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}\setup.exe" -l0x9 UNINSTALL
    Fraps --> "C:\Fraps\uninstall.exe"
    Free 3GP Video Converter version 2.4 --> "C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
    Free YouTube Download 1.2 --> "C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
    Free YouTube to Mp3 Converter version 2.4 --> "C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
    Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    High Definition Audio Driver Package - KB888111 -->
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
    ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
    InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
    J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
    J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
    Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\setup.exe" -l0x9
    K-Lite Codec Pack 3.4.5 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
    LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
    Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
    Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
    Microsoft Speech SDK 5.1 --> MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    My Web Search (My Fun Cards) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
    NOD32 Antivirus System --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
    OZ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF28434D-DFC2-4567-B73B-D74D0E0B0953}\Setup.exe"
    Paddy Power Poker --> "C:\Poker\Paddy Power Poker\_SetupPoker[1].exe" /uninstall
    PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
    Paradise Pet Salon (remove only) --> "C:\Program Files\Paradise Pet Salon\Uninstall.exe"
    PBCool --> MsiExec.exe /I{07857342-68E0-4178-9DAB-6F420226B0F5}
    Philips FunCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8ED84666-3A2A-4E28-AB26-B6B65260CB86}\Setup.exe" -l0x9
    Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
    PunkBuster for Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}\setup.exe" -l0x9
    Qloud Plug-in for iTunes --> C:\Program Files\iTunes\Plug-Ins\Qloud\iTunesQLoudSetup.exe /uninstall
    QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
    RedLightCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35C73A54-1428-4893-B041-58AA594F4ACD}\setup.exe" -l0x9
    ShortKeys 2 --> C:\PROGRA~1\SHORTK~1\UNWISE.EXE C:\PROGRA~1\SHORTK~1\INSTALL.LOG
    ShortKeys Lite --> C:\PROGRA~1\SHORTK~1\UNWISE.EXE C:\PROGRA~1\SHORTK~1\INSTALL.LOG
    SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
    Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
    TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
    VideoEgg Publisher --> C:\Program Files\VideoEgg\Uninstall.exe
    WinCustomize Browser --> C:\PROGRA~1\Stardock\WINCUS~1\SKINBR~1\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\SKINBR~1\INSTALL.LOG
    Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
    XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
    Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


    -- Application Event Log

    Event Record #/Type3950 / Success
    Event Submitted/Written: 01/04/2008 07:20:01 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type3945 / Warning
    Event Submitted/Written: 01/04/2008 00:24:50 PM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type3941 / Warning
    Event Submitted/Written: 01/04/2008 00:25:12 AM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type3936 / Warning
    Event Submitted/Written: 01/02/2008 11:32:42 PM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type3928 / Success
    Event Submitted/Written: 01/01/2008 01:43:37 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type19155 / Error
    Event Submitted/Written: 01/04/2008 11:00:51 PM
    Event ID/Source: 7016 / Service Control Manager
    Event Description:
    The BrSplService service has reported an invalid current state 0.

    Event Record #/Type19145 / Warning
    Event Submitted/Written: 01/04/2008 03:20:17 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type19052 / Error
    Event Submitted/Written: 01/02/2008 06:19:18 AM
    Event ID/Source: 10010 / DCOM
    Event Description:
    The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

    Event Record #/Type19051 / Error
    Event Submitted/Written: 01/02/2008 06:15:42 AM
    Event ID/Source: 10010 / DCOM
    Event Description:
    The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

    Event Record #/Type19050 / Error
    Event Submitted/Written: 01/02/2008 06:12:47 AM
    Event ID/Source: 10010 / DCOM
    Event Description:
    The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.



    -- End of Deckard's System Scanner: finished at 2008-01-04 23:02:08



    Cheers for the Help!!!;)


  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    I've removed the colour and font tags from your post. They're needless and make reading the logs neigh on impossible.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    When did these pop ups first start ?


    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



    Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

    MyWebSearch
    MyWebSA





    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {d7ee4663-5103-4b3a-a6fc-f717bd61e4ce} - C:\WINDOWS\system32\c_1mgr.dll (file missing)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm080YYIE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
    O20 - AppInit_DLLs: c:\windows\system32\vtursst.dll
    O20 - Winlogon Notify: c_1mgr - C:\WINDOWS\system32\c_1mgr.dll (file missing)
    O20 - Winlogon Notify: dpvodm - C:\WINDOWS\system32\dpvodm.dll (file missing)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




    Please download OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\Documents and Settings\Owner\Application Data\tmp73.tmp.exe
      C:\WINDOWS\system32\qwerty12.exe
      C:\WINDOWS\system32\qwe
      c:\windows\system32\vtursst.dll
      C:\Program Files\MyWebSearch


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

    Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")

    Click "Exit" to close OTMoveIt.



    Reboot then post a new DSS log


  • Registered Users, Registered Users 2 Posts: 6,462 ✭✭✭TheBazman


    Well your logs are clean from malware.

    When did these pop ups start do you think ? I will need more information and a screenshot if possible.


    I would recommend downloading and running CCleaner
    http://www.ccleaner.com/download

    Go to Registry > Scan for Issues > Make a backup when it prompts you > Fix all selected issues(the prompt for the backup might pop up after you click Fix all)


    Reboot your PC and see if you still get the error message. Also you need to do this


    You now need to update your Java and remove your older versions.

    Please follow these steps to remove older version Java components.

    * Click Start > Control Panel.
    * Click Add/Remove Programs.
    * Check any item with Java Runtime Environment (JRE) in the name.
    * Click the Remove or Change/Remove button.

    Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
    here


    Cheers for the help. I am in work at the moment so I will do the above tonight. When I get the pop up again I will try to grab a screen shot and revert to this thread. Thanks again


  • Registered Users, Registered Users 2 Posts: 1,164 ✭✭✭BaRcOe


    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.7
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 21:20:56 05/01/2008

    Listing files found while scanning....

    C:\WINDOWS\hihknn.ini
    C:\WINDOWS\nnkhih.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\hihknn.ini
    C:\WINDOWS\hihknn.ini Has been deleted!

    Performing Repairs to the registry.
    Done!


    /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/




    Deckard's System Scanner v20071014.68
    Run by Owner on 2008-01-05 21:46:05
    Computer is in Normal Mode.



    -- HijackThis (run as Owner.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:46:36, on 05/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Razer\Habu\razerhid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Razer\Habu\razertra.exe
    C:\Program Files\Razer\Habu\razerofa.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {d7ee4663-5103-4b3a-a6fc-f717bd61e4ce} - C:\WINDOWS\system32\c_1mgr.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
    O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [MsnMsgr..] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYIE
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-IE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172334399765
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: c:\windows\system32\vtursst.dll
    O20 - Winlogon Notify: c_1mgr - c_1mgr.dll (file missing)
    O20 - Winlogon Notify: dpvodm - dpvodm.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    --
    End of file - 9183 bytes

    -- Files created between 2007-12-05 and 2008-01-05

    2008-01-05 21:46:18 0 d
    C:\Program Files\Trend Micro
    2008-01-05 21:20:56 0 d
    C:\VundoFix Backups
    2008-01-05 21:17:25 381011 --a
    C:\Program Files\Uninstall Fun Web Products.dll <Not Verified; MyWebSearch.com; My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients>
    2008-01-05 15:30:25 0 d
    C:\Program Files\DIFX
    2008-01-05 15:29:48 14592 --a
    C:\WINDOWS\system32\drivers\USBICP.sys <Not Verified; Motorola; >
    2008-01-05 15:29:41 0 d
    C:\Program Files\Razer
    2008-01-05 15:27:40 0 d
    C:\Documents and Settings\Owner\Application Data\InstallShield
    2007-12-23 17:18:30 0 d
    C:\Documents and Settings\Owner\Application Data\InterVideo
    2007-12-08 20:45:17 0 d
    C:\Documents and Settings\Owner\Application Data\U3


    -- Find3M Report

    2008-01-05 21:17:56 0 d
    C:\Program Files\Yahoo!
    2008-01-05 21:17:20 0 d
    C:\Program Files\MSN Messenger
    2008-01-05 15:29:33 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-04 09:57:53 0 d
    C:\Program Files\Spyware Doctor
    2008-01-02 21:57:14 0 d
    C:\Program Files\iTunes
    2007-12-04 08:02:03 0 d---s---- C:\Program Files\Xfire
    2007-12-03 13:34:20 0 d
    C:\Documents and Settings\Owner\Application Data\Xfire
    2007-12-03 12:54:28 0 d
    C:\Program Files\Ventrilo
    2007-12-03 12:54:07 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-01 19:21:02 0 d
    C:\Program Files\DinerDashFloontheGo_at
    2007-11-21 17:19:27 0 d
    C:\Program Files\America's Army
    2007-11-20 19:46:57 0 d
    C:\Program Files\BitTorrent
    2007-11-19 21:28:59 0 d
    C:\Documents and Settings\Owner\Application Data\BitTorrent
    2007-11-17 18:36:17 0 d
    C:\Program Files\Paradise Pet Salon
    2007-11-17 17:30:52 0 d
    C:\Program Files\Burger Shop
    2007-11-17 16:29:38 0 d
    C:\Program Files\Fashion Fits!
    2007-11-17 16:25:10 0 d
    C:\Program Files\Cake Mania 2
    2007-11-12 12:50:59 16 --a
    C:\WINDOWS\system32\buyurl0502.dat
    2007-11-12 12:49:52 0 d
    C:\Program Files\PartyGaming
    2007-11-08 20:33:08 0 d
    C:\Program Files\Common Files\DVDVideoSoft
    2007-11-08 20:33:05 0 d
    C:\Program Files\DVDVideoSoft
    2007-11-08 16:09:31 0 d
    C:\Program Files\Common Files
    2007-11-05 17:28:42 0 d
    C:\Program Files\iPod
    2007-11-05 17:26:41 0 d
    C:\Program Files\QuickTime
    2007-11-05 17:23:06 0 d
    C:\Program Files\Apple Software Update
    2007-11-05 17:21:53 0 d
    C:\Program Files\Common Files\Apple


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d7ee4663-5103-4b3a-a6fc-f717bd61e4ce}]
    C:\WINDOWS\system32\c_1mgr.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtr"="ALCMTR.EXE" [03/05/2005 17:43 C:\WINDOWS\ALCMTR.EXE]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [24/02/2007 15:59]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [25/05/2004 09:16]
    "kgsystray"="C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe" []
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/10/2007 16:27]
    "Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [11/05/2007 11:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 09:37]
    "MsnMsgr.."="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]


    -- End of Deckard's System Scanner: finished at 2008-01-05 21:47:08



    /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/




    Results

    C:\Documents and Settings\Owner\Application Data\tmp73.tmp.exe moved successfully.
    File/Folder C:\WINDOWS\system32\qwerty12.exe not found.
    File/Folder C:\WINDOWS\system32\qwe not found.
    File/Folder c:\windows\system32\vtursst.dll not found.
    C:\Program Files\MyWebSearch\bar\Settings moved successfully.
    Folder move failed. C:\Program Files\MyWebSearch\bar\History\search2 scheduled to be moved on reboot.
    C:\Program Files\MyWebSearch\bar\History moved successfully.
    C:\Program Files\MyWebSearch\bar moved successfully.
    C:\Program Files\MyWebSearch moved successfully.

    Created on 01/05/2008 21:55:57





    /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/






    Deckard's System Scanner v20071014.68
    Run by Owner on 2008-01-05 22:04:52
    Computer is in Normal Mode.



    -- HijackThis (run as Owner.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:05:08, on 05/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Razer\Habu\razerhid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Razer\Habu\razertra.exe
    C:\Program Files\Razer\Habu\razerofa.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
    O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [MsnMsgr..] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-IE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172334399765
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    --
    End of file - 8410 bytes

    -- Files created between 2007-12-05 and 2008-01-05

    2008-01-05 21:46:18 0 d
    C:\Program Files\Trend Micro
    2008-01-05 21:20:56 0 d
    C:\VundoFix Backups
    2008-01-05 15:30:25 0 d
    C:\Program Files\DIFX
    2008-01-05 15:29:48 14592 --a
    C:\WINDOWS\system32\drivers\USBICP.sys <Not Verified; Motorola; >
    2008-01-05 15:29:41 0 d
    C:\Program Files\Razer
    2008-01-05 15:27:40 0 d
    C:\Documents and Settings\Owner\Application Data\InstallShield
    2007-12-23 17:18:30 0 d
    C:\Documents and Settings\Owner\Application Data\InterVideo
    2007-12-08 20:45:17 0 d
    C:\Documents and Settings\Owner\Application Data\U3


    -- Find3M Report

    2008-01-05 21:17:56 0 d
    C:\Program Files\Yahoo!
    2008-01-05 21:17:20 0 d
    C:\Program Files\MSN Messenger
    2008-01-05 15:29:33 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-04 09:57:53 0 d
    C:\Program Files\Spyware Doctor
    2008-01-02 21:57:14 0 d
    C:\Program Files\iTunes
    2007-12-04 08:02:03 0 d---s---- C:\Program Files\Xfire
    2007-12-03 13:34:20 0 d
    C:\Documents and Settings\Owner\Application Data\Xfire
    2007-12-03 12:54:28 0 d
    C:\Program Files\Ventrilo
    2007-12-03 12:54:07 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-01 19:21:02 0 d
    C:\Program Files\DinerDashFloontheGo_at
    2007-11-21 17:19:27 0 d
    C:\Program Files\America's Army
    2007-11-20 19:46:57 0 d
    C:\Program Files\BitTorrent
    2007-11-19 21:28:59 0 d
    C:\Documents and Settings\Owner\Application Data\BitTorrent
    2007-11-17 18:36:17 0 d
    C:\Program Files\Paradise Pet Salon
    2007-11-17 17:30:52 0 d
    C:\Program Files\Burger Shop
    2007-11-17 16:29:38 0 d
    C:\Program Files\Fashion Fits!
    2007-11-17 16:25:10 0 d
    C:\Program Files\Cake Mania 2
    2007-11-12 12:50:59 16 --a
    C:\WINDOWS\system32\buyurl0502.dat
    2007-11-12 12:49:52 0 d
    C:\Program Files\PartyGaming
    2007-11-08 20:33:08 0 d
    C:\Program Files\Common Files\DVDVideoSoft
    2007-11-08 20:33:05 0 d
    C:\Program Files\DVDVideoSoft
    2007-11-08 16:09:31 0 d
    C:\Program Files\Common Files
    2007-11-05 17:28:42 0 d
    C:\Program Files\iPod
    2007-11-05 17:26:41 0 d
    C:\Program Files\QuickTime
    2007-11-05 17:23:06 0 d
    C:\Program Files\Apple Software Update
    2007-11-05 17:21:53 0 d
    C:\Program Files\Common Files\Apple


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [24/02/2007 15:59]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [25/05/2004 09:16]
    "kgsystray"="C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe" []
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/10/2007 16:27]
    "Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [11/05/2007 11:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 09:37]
    "MsnMsgr.."="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
    path=
    backup=

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background


    -- End of Deckard's System Scanner: finished at 2008-01-05 22:05:53




    Just wanna ask what more will it take, is it serious, will it take a while to get to the bottom of it?? :rolleyes:

    Can i now delete the 3 programs: Vundo, Hijack this and OTMove off my computer or do i need them for further progress on the extinction of my malware?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    We are nearly done, keep the tools for the time being

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    Reboot and post a new DSS log and tell me how your PC is running


  • Registered Users, Registered Users 2 Posts: 1,164 ✭✭✭BaRcOe


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/06/2008 at 03:00 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3373
    Trace Rules Database Version: 1368

    Scan type : Complete Scan
    Total Scan Time : 02:53:35

    Memory items scanned : 402
    Memory threats detected : 0
    Registry items scanned : 5514
    Registry threats detected : 0
    File items scanned : 138162
    File threats detected : 275

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\owner@ehg-ubid.hitbox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@superstats[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@affiliates.thrixxx[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@pacificpoker[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@mywebsearch[3].txt
    C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@exe[4].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@tripod[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ehg-abscissa.hitbox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@divx.112.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@viacomedycentralrl.112.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@clicktorrent[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ehg-autotrader.hitbox[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@divx.adbureau[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ehg-youtube.hitbox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@aaotracker[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ehg-hibernian.hitbox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@79635536[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@amlocalhost.trymedia[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.clickcommunity[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@partypoker[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@viaukplayer.112.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adserver.filefront[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@screensavers[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@gms.adbureau[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@rocku.adbureau[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.habbohotel.co[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ehg-groupernetworks.hitbox[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@powellsbooks.122.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@indexstats[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@maxserving[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.screensavers[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.fullreleases[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.stardoll[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@counter2.hitslink[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@smileycentral[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@tempstats.sitesuite[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@1-click[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@webstats.thefa[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.gamershell[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@msnaccountservices.112.2o7[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@67.15.239[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@hotlog[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ehg-globalgamingleague.hitbox[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adknowledge[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.guardian.co[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@tracker.roitesting[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@lbhf[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@youporn[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@vodafone.122.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@aerlingus.122.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@1056495965[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@s[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.habbogroup[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@dalenetwork.directtrack[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@sex-superstore[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@findarticles[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.3d-sexgames[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@1071052803[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@focalex[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@winantivirus[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adecn[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@try.screensavers[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@keywordmax[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ufindus[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad.thewheelof[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@audit.median[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad.adocean[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@toseeka[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@estat[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@h.starware[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@stats.privacyprotector[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adserver[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@exe[5].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.gametrust[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.aol.co[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@3d-sexgames[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adserver.mediarun[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@m1.webstats.motigo[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@a[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@go.drivecleaner[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@a.findarticles[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ehg-veohnetworksinc.hitbox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cbs.112.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@please[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@4.afs.googleadservices[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@flixbanner.bearshare[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@winantispyware[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.winantiviruspro[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@brightcove.112.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@try.starware[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.filecloud[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@buildabear.122.2o7[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@media.xfire[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@find-a-part[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adverticum[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@banners.broadwayworld[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[3].txt
    C:\Documents and Settings\Owner\Cookies\owner@new-pcp[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[4].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@eyewonder[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@1071695849[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@members.tripod[1].txt
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Cookies\claire [email]barcoe@2o7[2].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Cookies\claire [email]barcoe@atwola[1].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Cookies\claire [email]barcoe@statcounter[1].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Cookies\claire [email]barcoe@statse.webtrendslive[2].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Cookies\claire [email]barcoe@tribalfusion[1].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Cookies\claire [email]barcoe@aaotracker[1].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Cookies\claire [email]barcoe@cpvfeed[2].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Cookies\claire [email]barcoe@mediaplex[1].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Cookies\claire [email]barcoe@stats1.reliablestats[1].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Cookies\claire [email]barcoe@stats2.reliablestats[2].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Cookies\claire [email]barcoe@winantispyware[2].txt[/email]
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Cookies\claire [email]barcoe@www.winantispyware[1].txt[/email]
    C:\Deckard\System Scanner\20080105212716\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@aaotracker[1].txt
    C:\Deckard\System Scanner\20080105212716\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@adtech[2].txt
    C:\Deckard\System Scanner\20080105212716\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@atdmt[2].txt
    C:\Deckard\System Scanner\20080105212716\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@mywebsearch[2].txt
    C:\Deckard\System Scanner\20080105212716\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@videoegg.adbureau[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@mywebsearch[1].txt

    Trojan.Unclassified/PackedInstaller
    C:\DECKARD\SYSTEM SCANNER\20080105212716\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TEMP.EXE

    Trojan.Downloader-Gen/QWERTY
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP1414.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMPA99.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMPF8.TMP.EXE

    Trojan.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP149.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP1747.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP1E.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP1E0B.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP26.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP33.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP34.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP393.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP3BE.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMP8CA.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMPAE2.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMPBAA.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMPCA1.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMPE54.TMP.EXE
    C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TMPE56.TMP.EXE

    Adware.Casino Games (Golden Palace Casino)
    C:\POKER\PADDY POWER POKER\CASINO.EXE

    BearShare File Sharing Client
    C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

    Trace.Known Threat Sources
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\bar[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LC69S6O\foot_r[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\main_bg[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LC69S6O\top_pic_new2[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\functions.js[1].htm
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\DCPUWE5E\flag_france[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\wav_banner[1].swf
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\DCPUWE5E\top1_menu[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\top1[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\foot_l[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\DCPUWE5E\nav_sep[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\btn_register[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\flag_germany[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\box_fot[1].jpg
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\i_home[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\button2[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\checksoft[1].js
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LC69S6O\top_l[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\icon_infected[1].jpg
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LC69S6O\btn_scan[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\DCPUWE5E\vert_bg2[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LC69S6O\block_bg[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\DCPUWE5E\bulg[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\top_bg[2].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\box_top[1].jpg
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\logo[1].jpg
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\block_r[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LC69S6O\win[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\block_bot[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LC69S6O\vert_bg[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\DCPUWE5E\icon_about[1].jpg
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\bg[2].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\DCPUWE5E\flag_italy[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LC69S6O\bgl[1].jpg
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\i_contact[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\DCPUWE5E\spacer[2].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\DCPUWE5E\index[3].htm
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LC69S6O\styles[1].css
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\IVCIFWDN\flag_usa[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\foot_logo[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temp\Temporary Internet Files\Content.IE5\WU2AZXKZ\threats_head[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\9BDK2AVH\block_bg[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\CL4L872D\bulg[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\9BDK2AVH\main_bg[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\294JIV8H\flag_france[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\CL4L872D\top_bg[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\U5YRGLAL\box_top[1].jpg
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\U5YRGLAL\logo[1].jpg
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\I9QCYNEY\block_r[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\9BDK2AVH\vert_bg[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\9BDK2AVH\nav_sep[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\3DQKELBU\flag_germany[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\CL4L872D\i_home[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\CL4L872D\top_l[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\9BDK2AVH\i_contact[1].gif
    C:\C2580 23-02-2007\Documents and Settings\Claire Barcoe\Local Settings\Temporary Internet Files\Content.IE5\U5YRGLAL\flag_usa[1].gif
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QLN89GRA\prompt[1].js
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\F7TR750W\CAT0031X.php
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\F7TR750W\BrandDetection[1].js
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EN2B6PEB\btn[1].gif
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EN2B6PEB\user_profile[1].php
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EN2B6PEB\access_notification_template[1].js
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WRJ3Y0DX\EulaGateway[1].htm
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QLN89GRA\Layout[1].js
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EN2B6PEB\0121aaeab2[1].js
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WRJ3Y0DX\embed_zango[1].css
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\F7TR750W\DetectEnvironment[1].js
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EN2B6PEB\zango_banner[1].gif











    Deckard's System Scanner v20071014.68
    Run by Owner on 2008-01-06 07:19:57
    Computer is in Normal Mode.



    -- HijackThis (run as Owner.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:20:07, on 06/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Razer\Habu\razerhid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Razer\Habu\razertra.exe
    C:\Program Files\Razer\Habu\razerofa.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
    O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [MsnMsgr..] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-IE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172334399765
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    --
    End of file - 8571 bytes

    -- Files created between 2007-12-06 and 2008-01-06

    2008-01-06 00:03:20 0 d
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-01-06 00:03:03 0 d
    C:\Program Files\SUPERAntiSpyware
    2008-01-06 00:03:03 0 d
    C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2008-01-05 21:46:18 0 d
    C:\Program Files\Trend Micro
    2008-01-05 21:20:56 0 d
    C:\VundoFix Backups
    2008-01-05 15:30:25 0 d
    C:\Program Files\DIFX
    2008-01-05 15:29:48 14592 --a
    C:\WINDOWS\system32\drivers\USBICP.sys <Not Verified; Motorola; >
    2008-01-05 15:29:41 0 d
    C:\Program Files\Razer
    2008-01-05 15:27:40 0 d
    C:\Documents and Settings\Owner\Application Data\InstallShield
    2007-12-23 17:18:30 0 d
    C:\Documents and Settings\Owner\Application Data\InterVideo
    2007-12-08 20:45:17 0 d
    C:\Documents and Settings\Owner\Application Data\U3


    -- Find3M Report

    2008-01-06 00:02:31 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-05 21:17:56 0 d
    C:\Program Files\Yahoo!
    2008-01-05 21:17:20 0 d
    C:\Program Files\MSN Messenger
    2008-01-05 15:29:33 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-04 09:57:53 0 d
    C:\Program Files\Spyware Doctor
    2008-01-02 21:57:14 0 d
    C:\Program Files\iTunes
    2007-12-04 08:02:03 0 d---s---- C:\Program Files\Xfire
    2007-12-03 13:34:20 0 d
    C:\Documents and Settings\Owner\Application Data\Xfire
    2007-12-03 12:54:28 0 d
    C:\Program Files\Ventrilo
    2007-12-01 19:21:02 0 d
    C:\Program Files\DinerDashFloontheGo_at
    2007-11-21 17:19:27 0 d
    C:\Program Files\America's Army
    2007-11-20 19:46:57 0 d
    C:\Program Files\BitTorrent
    2007-11-19 21:28:59 0 d
    C:\Documents and Settings\Owner\Application Data\BitTorrent
    2007-11-17 18:36:17 0 d
    C:\Program Files\Paradise Pet Salon
    2007-11-17 17:30:52 0 d
    C:\Program Files\Burger Shop
    2007-11-17 16:29:38 0 d
    C:\Program Files\Fashion Fits!
    2007-11-17 16:25:10 0 d
    C:\Program Files\Cake Mania 2
    2007-11-12 12:50:59 16 --a
    C:\WINDOWS\system32\buyurl0502.dat
    2007-11-12 12:49:52 0 d
    C:\Program Files\PartyGaming
    2007-11-08 20:33:08 0 d
    C:\Program Files\Common Files\DVDVideoSoft
    2007-11-08 20:33:05 0 d
    C:\Program Files\DVDVideoSoft
    2007-11-08 16:09:31 0 d
    C:\Program Files\Common Files


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [24/02/2007 15:59]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [25/05/2004 09:16]
    "kgsystray"="C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe" []
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/10/2007 16:27]
    "Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [11/05/2007 11:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 09:37]
    "MsnMsgr.."="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


    -- End of Deckard's System Scanner: finished at 2008-01-06 07:20:54



    Pop up is gone. Pc running nicely now!
    Nice job, You really are THE man for spyware/malware problems!!

    Listen thanks a lot, i really appreciate the time and effort you put in.
    Probably talk to you in the near future!

    Good luck :cool:


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Just a few small things to do

    Some clean up :

    Please double-click OTMoveIt.exe to run it.
    Click the Clean up button
    Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
    Click Yes to the reboot



    You now need to update your Java and remove your older versions.

    Please follow these steps to remove older version Java components.

    * Click Start > Control Panel.
    * Click Add/Remove Programs.
    * Check any item with Java Runtime Environment (JRE) in the name.
    * Click the Remove or Change/Remove button.

    Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
    here



    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



    Below I have included a number of recommendations for how to protect your computer against malware infections.

    * Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

    * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
    SpywareBlaster protects against bad ActiveX
    IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    * SpywareGuard offers realtime protection from spyware installation attempts.

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    * I notice that you have no firewall on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs : ZoneAlarm, Comodo, or
    Outpost
    Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

    * I notice that you have no anti-virus program on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs :
    AVG makes an excellent free antivirus client, as do AntiVir or avast!.

    * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

    Thank you for your patience, and performing all of the procedures requested.


Advertisement