Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Unable to remove adware

  • 22-01-2008 5:55pm
    #1
    Closed Accounts Posts: 17


    Hi

    Need some help/advice. Downloaded what i thought was a legit firefox add-on to view a video on the internet but turns out was just adware. Have tried everything to delete it but cant. Have run anti virus, spyware, adware etc software but their not picking it up. Has an icon in lower right hand of screen that keeps flashing telling me about system performance monitoring: warning, and opening windows explorer. Thing is, it's really slowing down my computer and firefox keeps crashing after a few minutes. Have tried to unistall using the add/remove program feature but it does not show up. Found the files under program files in my computer, named video add-on. Every time i delete the file, i'm told i do not have permission, even though i'm the administrator a/c. Any thoughts or suggestions?

    Thanks


Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • Closed Accounts Posts: 17 micsd


    Hi

    The results of the main text are:

    Deckard's System Scanner v20071014.68
    Run by The D's on 2008-01-22 18:23:45
    Computer is in Normal Mode.

    -- Last 5 Restore Point(s) --
    19: 2008-01-17 17:56:19 UTC - RP372 - Device Driver Package Install: Symantec Network Service
    18: 2008-01-17 17:36:39 UTC - RP371 - Windows Update
    17: 2008-01-10 09:31:38 UTC - RP370 - Windows Update
    16: 2007-12-19 23:26:58 UTC - RP369 - Installed VeohTV BETA
    15: 2007-12-19 20:29:23 UTC - RP367 - Installed Windows Media Player Firefox Plugin


    -- First Restore Point --
    1: 2007-12-13 09:05:01 UTC - RP353 - Windows Update


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 894 MiB (1024 MiB recommended).


    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-01-22 18:33:55
    Platform: Windows Vista (6.00.6000)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\taskeng.exe
    C:\Windows\System32\dwm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Video Add-on\isfmntr.exe
    C:\Program Files\Video Add-on\icmntr.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Acer\Empowering Technology\eNet\eNMTray.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\Video Add-on\icthis.exe
    C:\Users\The D's\Desktop\dss.exe
    C:\Windows\System32\conime.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ie.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ie.acer.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Video Add-on\isfmdl.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - Startup: Joost.lnk = C:\Program Files\Joost\xulrunner\tvprunner.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O15 - Trusted Zone: https://www.bankcardservices.co.uk (HKCU)
    O15 - Trusted Zone: https://cardsonline-consumer.com (HKCU)
    O15 - Trusted Zone: https://www.google.com (HKCU)
    O15 - Trusted Zone: https://www.halifax-online.co.uk (HKCU)
    O15 - Trusted Zone: https://www.o2online.ie (HKCU)
    O15 - Trusted Zone: https://www.ulsterbankanytimebanking.ie (HKCU)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


    --
    End of file - 11831 bytes

    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R0 PSDFilter - c:\windows\system32\drivers\psdfilter.sys <Not Verified; HiTRUST; >
    R0 PSDNServ (PSDNSERVER) - c:\windows\system32\drivers\psdnserv.sys <Not Verified; HiTRUST; >
    R0 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys <Not Verified; HiTRUST; >
    R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
    R2 int15 - \??\c:\acer\empowering technology\erecovery\int15.sys
    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>
    R2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>
    R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
    R2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>
    R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
    R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
    R2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>
    R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


    -- Device Manager: Disabled

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0000
    Service: tunmp

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: N76
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: N76
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd


    -- Scheduled Tasks

    2008-01-21 22:30:14 422 --ah
    C:\Windows\Tasks\User_Feed_Synchronization-{D765DECC-2916-4DAF-96A6-6278C5A0BCED}.job
    2008-01-17 18:30:19 550 --a
    C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - The D's.job


    -- Files created between 2007-12-22 and 2008-01-22

    2008-01-21 23:39:58 0 d
    C:\Program Files\Helper
    2008-01-21 23:39:39 0 d
    C:\Program Files\Video Add-on
    2008-01-17 17:57:43 0 d
    C:\Program Files\Norton Internet Security
    2008-01-17 11:21:04 0 d
    C:\Users\The D's\Program Files
    2008-01-15 16:41:06 0 d
    C:\Downloads
    2008-01-09 17:11:01 0 d
    C:\Users\All Users\NtiDvdCopy


    -- Find3M Report

    2008-01-22 00:49:37 12 --a
    C:\Windows\bthservsdp.dat
    2008-01-18 13:52:23 0 d
    C:\Program Files\DigiGuide TV Guide
    2008-01-17 18:30:08 0 d
    C:\Program Files\Common Files\Symantec Shared
    2008-01-17 18:11:58 0 d
    C:\Program Files\Symantec
    2008-01-17 18:01:49 0 d
    C:\Users\The D's\AppData\Roaming\Symantec
    2008-01-17 17:58:41 0 d
    C:\Program Files\Common Files
    2008-01-17 00:37:04 0 d
    C:\Users\The D's\AppData\Roaming\BitTorrent
    2008-01-10 09:49:33 0 d
    C:\Program Files\Windows Mail
    2008-01-10 09:49:31 0 d
    C:\Program Files\Windows Sidebar
    2007-12-24 20:24:38 0 d
    C:\Program Files\DivX
    2007-12-19 23:37:12 0 d--h
    C:\Program Files\InstallShield Installation Information
    2007-12-19 23:33:41 0 d
    C:\Program Files\Veoh Networks
    2007-12-15 11:34:25 0 d
    C:\Program Files\Nokia
    2007-12-15 11:33:37 0 d
    C:\Program Files\Common Files\PCSuite
    2007-12-05 18:20:24 0 d
    C:\Users\The D's\AppData\Roaming\Apple Computer
    2007-12-01 16:36:11 0 d
    C:\Users\The D's\AppData\Roaming\KewlBoxPrefs
    2007-11-24 18:08:32 0 d
    C:\Program Files\Games by Kewlbox
    2007-11-07 17:25:23 1349648 --a
    C:\Users\The D's\AppData\Roaming\NMM-MetaData.db


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21ECA600-72B5-4E66-BB2E-573C92CBD8D6}]
    21/01/2008 23:39 12800 --a
    C:\Program Files\Video Add-on\isfmdl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    25/08/2007 03:51 316784 --a
    C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    17/01/2008 17:58 116088 --a
    C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25/08/2007 03:51 316784]
    "{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [-HKEY_CLASSES_ROOT\CLSID\{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20/06/2007 21:21]
    "RtHDVCpl"="RtHDVCpl.exe" [20/11/2006 06:13 C:\Windows\RtHDVCpl.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23/10/2006 03:00]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [12/07/2006 01:12]
    "Acer Tour"="" []
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05/11/2006 20:48]
    "SetPanel"="" []
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [15/11/2006 06:02]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [17/11/2006 07:26]
    "eRecoveryService"="" []
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/07/2007 15:39]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 20:16]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 18:36]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [29/08/2007 11:22]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [25/08/2007 05:07]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 09:33]
    "????r"="" []
    "?????????"="??????????????e" []
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [02/08/2007 15:55]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/12/2007 13:21]
    "@=" []

    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Joost.lnk - C:\Program Files\Joost\xulrunner\tvprunner.exe [27/09/2007 18:49:34]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [14/11/2006 14:49:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "some"=C:\Program Files\Video Add-on\icthis.exe
    "start"=C:\Program Files\Video Add-on\isfmntr.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-01-22 18:41:28

    The results of the extra are:

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft® Windows Vista™ Home Premium (build 6000)
    Architecture: X86; Language: English

    CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-52
    Percentage of Memory in Use: 69%
    Physical Memory (total/avail): 893.56 MiB / 271.13 MiB
    Pagefile Memory (total/avail): 2042.86 MiB / 746.75 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1922.99 MiB

    C: is Fixed (NTFS) - 52.14 GiB total, 29.29 GiB free.
    D: is Fixed (NTFS) - 51.84 GiB total, 42.74 GiB free.
    E: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 SCSI Disk Device - 111.79 GiB - 3 partitions
    \PARTITION0 - Unknown - 7.81 GiB
    \PARTITION1 (bootable) - MS-DOS V4 Huge - 52.14 GiB - C:
    \PARTITION2 - Installable File System - 51.84 GiB - D:



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
    AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
    AS: Norton Internet Security v15.0.0.60 (Symantec Corporation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe:*:Enabled:eDSfsu"
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe:*:Enabled:encryption"
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe:*:Enabled:decryption"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


    -- Environment Variables

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\The D's\AppData\Roaming
    CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=THEDS-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\The D's
    LOCALAPPDATA=C:\Users\The D's\AppData\Local
    LOGONSERVER=\\THEDS-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=4802
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\THED'S~1\AppData\Local\Temp
    TMP=C:\Users\THED'S~1\AppData\Local\Temp
    USERDOMAIN=TheDs-PC
    USERNAME=The D's
    USERPROFILE=C:\Users\The D's
    windir=C:\Windows


    -- User Profiles

    The D's


    -- Add/Remove Programs

    --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
    4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
    Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
    Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
    Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
    Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
    Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
    Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
    Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
    Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
    Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
    Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
    Acer OrbiCam --> C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\setup.exe -runfromtemp -l0x0009 -removeonly
    Acer OrbiCam --> Rundll32.exe BisonRem.dll,WinMainRmv
    Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
    Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
    Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
    Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    ATI Catalyst Control Center Ex --> MsiExec.exe /I{D5855C09-9CBA-B631-0905-9B39647CC862}
    Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
    ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
    Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
    DigiGuide TV Guide --> "C:\Program Files\DigiGuide TV Guide\uninstall.exe"
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    EPSON PRINT Image Framer Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}\setup.exe" -l0x9 anything
    EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
    Fowl Words --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D913BA90-6D80-4CAB-9E5F-9DC9B87CFFC7}\setup.exe" -l0x9 -removeonly
    HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrSUN32z.inf
    iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
    Joost (tm) Beta 1.0 --> C:\Program Files\Joost\uninst.exe
    Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI
    LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
    LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
    LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Microsoft Money --> MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
    Microsoft Money System Pack --> MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
    Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
    Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
    Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
    Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{3675AD63-CF95-4778-B981-225FB9225D7C}
    Nokia Lifeblog 2.5 --> MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
    Nokia NSeries Application Installer --> MsiExec.exe /I{535BFE53-9F57-46DD-9162-E5EC84360328}
    Nokia NSeries Content Copier --> MsiExec.exe /X{5E8B06A6-D230-4849-8D26-1F2BE98CDC17}
    Nokia NSeries Multimedia Player --> MsiExec.exe /I{51318D14-C882-48CB-B38A-14EDCDF5890C}
    Nokia NSeries Music Manager --> MsiExec.exe /I{573518BD-DC9A-4399-9168-E657C98DCC46}
    Nokia NSeries One Touch Access --> MsiExec.exe /I{5510704C-FA32-4113-AF1C-17CDB5253206}
    Nokia NSeries System Utilities --> MsiExec.exe /X{5271157F-9566-4C24-BD7C-F9D17398AF78}
    Nokia Software Launcher --> MsiExec.exe /I{BB5A45A5-344C-4833-99C2-D056BF135D8E}
    Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
    Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
    Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
    Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
    Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
    Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
    Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
    Norton Security Scan --> MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
    NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
    NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} CDM7
    PC Connectivity Solution --> MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
    PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
    QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Sony Ericsson Media Manager 1.0 --> MsiExec.exe /X{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}
    Sony Ericsson PC Suite 3.010.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\setup.exe -runfromtemp -l0x0009 -removeonly
    SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    Symantec Technical Support Web Controls --> MsiExec.exe /X{A0E27BA8-353A-4288-AB60-5DE8EDA18E16}
    SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
    VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
    Watchtower Library 2006 - English Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42EED331-936C-446E-9374-077F7B028518}\Setup.exe"
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}


    -- Application Event Log

    Event Record #/Type27515 / Error
    Event Submitted/Written: 01/22/2008 06:19:49 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application firefox.exe, version 1.8.20071.12718, time stamp 0x474cd9ce, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x59000000,
    process id 0x6bc, application start time 0xfirefox.exe0.

    Event Record #/Type27514 / Error
    Event Submitted/Written: 01/22/2008 06:17:29 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    The program IEUser.exe version 6.0.6000.16575 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 1628
    Start Time: 01c85d21b5ad0158
    Termination Time: 6

    Event Record #/Type27512 / Error
    Event Submitted/Written: 01/22/2008 06:06:12 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application firefox.exe, version 1.8.20071.12718, time stamp 0x474cd9ce, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x8000006d,
    process id 0x100, application start time 0xfirefox.exe0.

    Event Record #/Type27510 / Error
    Event Submitted/Written: 01/22/2008 06:04:33 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application firefox.exe, version 1.8.20071.12718, time stamp 0x474cd9ce, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xd2cae80c,
    process id 0x4fc, application start time 0xfirefox.exe0.

    Event Record #/Type27509 / Error
    Event Submitted/Written: 01/22/2008 06:02:45 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    The program IEUser.exe version 6.0.6000.16575 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 10c
    Start Time: 01c85ce5fc1adb24
    Termination Time: 54



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type66933 / Error
    Event Submitted/Written: 01/22/2008 09:37:46 AM
    Event ID/Source: 10247 / R300
    Event Description:
    I2c return failed

    Event Record #/Type66932 / Error
    Event Submitted/Written: 01/22/2008 09:37:46 AM
    Event ID/Source: 10247 / R300
    Event Description:
    I2c return failed

    Event Record #/Type66926 / Error
    Event Submitted/Written: 01/22/2008 09:37:25 AM
    Event ID/Source: 6 / ACPI
    Event Description:
    IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0.
    Please contact your system vendor for technical assistance.

    Event Record #/Type66925 / Error
    Event Submitted/Written: 01/22/2008 09:37:25 AM
    Event ID/Source: 6 / ACPI
    Event Description:
    IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0.
    Please contact your system vendor for technical assistance.

    Event Record #/Type66920 / Warning
    Event Submitted/Written: 01/22/2008 00:49:57 AM
    Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
    Event Description:




    -- End of Deckard's System Scanner: finished at 2008-01-22 18:41:28


  • Registered Users, Registered Users 2 Posts: 1,495 ✭✭✭Zorba


    Could u not just uninstall firefox and reinstall it ?


  • Closed Accounts Posts: 110 ✭✭quickstitch.ie


    Have you tried restarting in safe mode then deleting the file?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, double-click on SmitfraudFix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.


    Also post a new DSS log


  • Advertisement
  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    Zorba wrote: »
    Could u not just uninstall firefox and reinstall it ?
    No, because uninstalling Firefox leaves the profile folder behind, which contains the extension files and their registrations.


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    One of the viruses you have is "Video Addon", A m8 managed to remove it by scanning with Super Antispyware (Free Edition) in Safe Mode, once thats done see what happens... Theres probably more stuff on there but that should help a bit anyways

    Nick


  • Closed Accounts Posts: 53 ✭✭smellyanus


    By any chance was it veoh you downloaded?


  • Closed Accounts Posts: 17 micsd


    Hi

    Sorry for delay in replying ActorSeeksJob, was away. Just a quick question before i go ahead. When i used computer today, Norton Anti virus had detected three out of the five files and deleted them. There are now only two small files, icmntr.exe which is 7kb and isfmm.exe which is 8 kb, both of which still wont let me delete them. Is the above way you mentioned safe to do without removing my desktop (as you warn will happen if there is no virus found).

    Sorry if this is a stupid question, not always good when it comes to virus' and what to do :)

    Thanks


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    micsd wrote: »
    Hi

    Sorry for delay in replying ActorSeeksJob, was away. Just a quick question before i go ahead. When i used computer today, Norton Anti virus had detected three out of the five files and deleted them. There are now only two small files, icmntr.exe which is 7kb and isfmm.exe which is 8 kb, both of which still wont let me delete them. Is the above way you mentioned safe to do without removing my desktop (as you warn will happen if there is no virus found).

    Sorry if this is a stupid question, not always good when it comes to virus' and what to do :)

    Thanks
    No, Safe Mode means only windows loads without any drivers or other software but os critical files, therefore any files that are "locked" in normal mode should remove in safe mode :). To open safemode keep tapping F8 at startup and then when a boot menu appears choose safe mode.

    Nick


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello
    Is the above way you mentioned safe to do without removing my desktop (as you warn will happen if there is no virus found).
    Yes it is perfectly safe and the only realistic way that you will remove this infection. There is no chance Norton has fully removed it.


  • Closed Accounts Posts: 17 micsd


    Hi

    SmitFraudFix v2.274

    Scan done at 14:00:53.34, 25/01/2008
    Run from C:\Users\The D's\Desktop\SmitfraudFix
    OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost
    ::1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Program Files\Helper\ Deleted
    C:\Program Files\Video Add-on\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix.exe by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    only a main.txt file opened after running dss (don't know if was meant to have an extra file like the last time?)

    Deckard's System Scanner v20071014.68
    Run by The D's on 2008-01-25 14:10:31
    Computer is in Normal Mode.

    Total Physical Memory: 894 MiB (1024 MiB recommended).


    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-01-25 14:11:02
    Platform: Windows Vista (6.00.6000)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\dwm.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\eNet\eNMTray.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Users\The D's\Desktop\dss.exe
    C:\Windows\System32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - Startup: Joost.lnk = C:\Program Files\Joost\xulrunner\tvprunner.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O15 - Trusted Zone: https://www.bankcardservices.co.uk (HKCU)
    O15 - Trusted Zone: https://cardsonline-consumer.com (HKCU)
    O15 - Trusted Zone: https://www.google.com (HKCU)
    O15 - Trusted Zone: https://www.halifax-online.co.uk (HKCU)
    O15 - Trusted Zone: https://www.o2online.ie (HKCU)
    O15 - Trusted Zone: https://www.ulsterbankanytimebanking.ie (HKCU)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


    --
    End of file - 10461 bytes

    -- Files created between 2007-12-25 and 2008-01-25

    2008-01-25 14:00:59 4000 --a
    C:\Windows\system32\tmp.reg
    2008-01-25 13:59:51 25600 --a
    C:\Windows\system32\WS2Fix.exe
    2008-01-25 13:59:51 289144 --a
    C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-01-25 13:59:51 288417 --a
    C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-01-25 13:59:51 53248 --a
    C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-01-25 13:59:51 81920 --a
    C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-01-25 13:59:51 51200 --a
    C:\Windows\system32\dumphive.exe
    2008-01-17 17:57:43 0 d
    C:\Program Files\Norton Internet Security
    2008-01-17 11:21:04 0 d
    C:\Users\The D's\Program Files
    2008-01-15 16:41:06 0 d
    C:\Downloads
    2008-01-09 17:11:01 0 d
    C:\Users\All Users\NtiDvdCopy


    -- Find3M Report

    2008-01-25 13:57:27 12 --a
    C:\Windows\bthservsdp.dat
    2008-01-18 13:52:23 0 d
    C:\Program Files\DigiGuide TV Guide
    2008-01-17 18:30:08 0 d
    C:\Program Files\Common Files\Symantec Shared
    2008-01-17 18:11:58 0 d
    C:\Program Files\Symantec
    2008-01-17 18:01:49 0 d
    C:\Users\The D's\AppData\Roaming\Symantec
    2008-01-17 17:58:41 0 d
    C:\Program Files\Common Files
    2008-01-17 00:37:04 0 d
    C:\Users\The D's\AppData\Roaming\BitTorrent
    2008-01-10 09:49:33 0 d
    C:\Program Files\Windows Mail
    2008-01-10 09:49:31 0 d
    C:\Program Files\Windows Sidebar
    2007-12-24 20:24:38 0 d
    C:\Program Files\DivX
    2007-12-19 23:37:12 0 d--h
    C:\Program Files\InstallShield Installation Information
    2007-12-19 23:33:41 0 d
    C:\Program Files\Veoh Networks
    2007-12-15 11:34:25 0 d
    C:\Program Files\Nokia
    2007-12-15 11:33:37 0 d
    C:\Program Files\Common Files\PCSuite
    2007-12-05 18:20:24 0 d
    C:\Users\The D's\AppData\Roaming\Apple Computer
    2007-12-01 16:36:11 0 d
    C:\Users\The D's\AppData\Roaming\KewlBoxPrefs
    2007-11-07 17:25:23 1349648 --a
    C:\Users\The D's\AppData\Roaming\NMM-MetaData.db


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    25/08/2007 03:51 316784 --a
    C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    17/01/2008 17:58 116088 --a
    C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25/08/2007 03:51 316784]
    "{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [-HKEY_CLASSES_ROOT\CLSID\{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20/06/2007 21:21]
    "RtHDVCpl"="RtHDVCpl.exe" [20/11/2006 06:13 C:\Windows\RtHDVCpl.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23/10/2006 03:00]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [12/07/2006 01:12]
    "Acer Tour"="" []
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05/11/2006 20:48]
    "SetPanel"="" []
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [15/11/2006 06:02]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [17/11/2006 07:26]
    "eRecoveryService"="" []
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/07/2007 15:39]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 20:16]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 18:36]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [29/08/2007 11:22]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [25/08/2007 05:07]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 09:33]
    "????r"="" []
    "?????????"="??????????????e" []
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [02/08/2007 15:55]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/12/2007 13:21]
    "@=" []

    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Joost.lnk - C:\Program Files\Joost\xulrunner\tvprunner.exe [27/09/2007 18:49:34]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [14/11/2006 14:49:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-01-25 14:11:36


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Nearly done now

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKCU\..\Run: [?????????] ??????????????e


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    Reboot and post a new DSS log and tell me how your PC is running


  • Closed Accounts Posts: 17 micsd


    Hi

    Sorry for delay. The results of the scan were:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/28/2008 at 10:28 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3389
    Trace Rules Database Version: 1383

    Scan type : Complete Scan
    Total Scan Time : 14:08:59

    Memory items scanned : 837
    Memory threats detected : 0
    Registry items scanned : 7820
    Registry threats detected : 9
    File items scanned : 372682
    File threats detected : 69

    Trojan.Media-Codec/V4
    HKLM\Software\Classes\CLSID\{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}
    HKCR\CLSID\{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}
    HKCR\CLSID\{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}
    HKCR\CLSID\{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}\Implemented Categories
    HKCR\CLSID\{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
    HKCR\CLSID\{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}\InprocServer32
    HKCR\CLSID\{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}\InprocServer32#ThreadingModel
    C:\PROGRAM FILES\VIDEO ADD-ON\ICTMDL.DLL
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}
    HKU\S-1-5-21-2123940437-4136409791-1907729423-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{C4DFA6F3-1245-41E5-8E60-7D31427F01B3}

    Adware.Tracking Cookie
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\the_d's@winpcdoctor[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\the_d's@channel4.112.2o7[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\the_d's@www.winspykiller[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\the_d's@www.virusranger[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\the_d's@rdr.hitmngr[2].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\the_d's@winsecureav[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\the_d's@www.antispyshield[1].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@3.adbrite[1].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@adbrite[2].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@adrevolver[2].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@channel4.112.2o7[1].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@clicktorrent[1].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@doubleclick[1].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@revsci[1].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@serving-sys[1].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@stats.channel4[1].txt
    C:\Documents and Settings\The D's\AppData\Roaming\Microsoft\Windows\Cookies\the_d's@channel4.112.2o7[1].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@3.adbrite[1].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@adbrite[2].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@adrevolver[2].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@channel4.112.2o7[1].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@clicktorrent[1].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@doubleclick[1].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@revsci[1].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@serving-sys[1].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@stats.channel4[1].txt
    C:\Documents and Settings\The D's\Application Data\Microsoft\Windows\Cookies\the_d's@channel4.112.2o7[1].txt
    C:\Documents and Settings\The D's\Cookies\Low\the_d's@3.adbrite[1].txt
    C:\Documents and Settings\The D's\Cookies\Low\the_d's@adbrite[2].txt
    C:\Documents and Settings\The D's\Cookies\Low\the_d's@adrevolver[2].txt
    C:\Documents and Settings\The D's\Cookies\Low\the_d's@channel4.112.2o7[1].txt
    C:\Documents and Settings\The D's\Cookies\Low\the_d's@clicktorrent[1].txt
    C:\Documents and Settings\The D's\Cookies\Low\the_d's@doubleclick[1].txt
    C:\Documents and Settings\The D's\Cookies\Low\the_d's@revsci[1].txt
    C:\Documents and Settings\The D's\Cookies\Low\the_d's@serving-sys[1].txt
    C:\Documents and Settings\The D's\Cookies\Low\the_d's@stats.channel4[1].txt
    C:\Documents and Settings\The D's\Cookies\the_d's@channel4.112.2o7[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@3.adbrite[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@adbrite[2].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@adrevolver[2].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@channel4.112.2o7[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@clicktorrent[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@doubleclick[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@revsci[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@serving-sys[1].txt
    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_d's@stats.channel4[1].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@3.adbrite[1].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@adbrite[2].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@adrevolver[2].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@channel4.112.2o7[1].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@clicktorrent[1].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@doubleclick[1].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@revsci[1].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@serving-sys[1].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\Low\the_d's@stats.channel4[1].txt
    C:\Users\The D's\Application Data\Microsoft\Windows\Cookies\the_d's@channel4.112.2o7[1].txt
    C:\Users\The D's\Cookies\Low\the_d's@3.adbrite[1].txt
    C:\Users\The D's\Cookies\Low\the_d's@adbrite[2].txt
    C:\Users\The D's\Cookies\Low\the_d's@adrevolver[2].txt
    C:\Users\The D's\Cookies\Low\the_d's@channel4.112.2o7[1].txt
    C:\Users\The D's\Cookies\Low\the_d's@clicktorrent[1].txt
    C:\Users\The D's\Cookies\Low\the_d's@doubleclick[1].txt
    C:\Users\The D's\Cookies\Low\the_d's@revsci[1].txt
    C:\Users\The D's\Cookies\Low\the_d's@serving-sys[1].txt
    C:\Users\The D's\Cookies\Low\the_d's@stats.channel4[1].txt
    C:\Users\The D's\Cookies\the_d's@channel4.112.2o7[1].txt

    Trojan.Unclassifed/LAF-Variant
    C:\DECKARD\SYSTEM SCANNER\20080125140838\BACKUP\USERS\THED'S~1\APPDATA\LOCAL\TEMP\LAF1.EXE

    Undefined Adware (IEHOST)
    C:\DECKARD\SYSTEM SCANNER\20080125140838\BACKUP\WINDOWS\TEMP\IEHOST.EXE


  • Closed Accounts Posts: 17 micsd


    Hi

    The DSS log is:

    Deckard's System Scanner v20071014.68
    Run by The D's on 2008-01-28 12:01:23
    Computer is in Normal Mode.

    Total Physical Memory: 894 MiB (1024 MiB recommended).


    -- HijackThis (run as The D's.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:01:40, on 28/01/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Users\The D's\Desktop\dss.exe
    C:\Windows\system32\conime.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\THED'S~1.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Joost.lnk = ?
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O13 - Gopher Prefix:
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9173 bytes

    -- Files created between 2007-12-28 and 2008-01-28

    2008-01-27 12:33:20 0 d
    C:\Users\All Users\SUPERAntiSpyware.com
    2008-01-27 12:32:53 0 d
    C:\Program Files\SUPERAntiSpyware
    2008-01-27 12:30:08 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-27 12:05:16 0 d
    C:\Program Files\Trend Micro
    2008-01-25 15:37:55 0 d
    C:\Program Files\iPod
    2008-01-25 14:29:38 0 d
    C:\Program Files\Bonjour
    2008-01-25 14:28:30 0 d
    C:\Program Files\QuickTime
    2008-01-25 14:00:59 4000 --a
    C:\Windows\system32\tmp.reg
    2008-01-25 13:59:51 25600 --a
    C:\Windows\system32\WS2Fix.exe
    2008-01-25 13:59:51 289144 --a
    C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-01-25 13:59:51 288417 --a
    C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-01-25 13:59:51 53248 --a
    C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-01-25 13:59:51 81920 --a
    C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-01-25 13:59:51 51200 --a
    C:\Windows\system32\dumphive.exe
    2008-01-17 17:57:43 0 d
    C:\Program Files\Norton Internet Security
    2008-01-17 11:21:04 0 d
    C:\Users\The D's\Program Files
    2008-01-15 16:41:06 0 d
    C:\Downloads
    2008-01-09 17:11:01 0 d
    C:\Users\All Users\NtiDvdCopy


    -- Find3M Report

    2008-01-28 11:51:08 12 --a
    C:\Windows\bthservsdp.dat
    2008-01-27 12:32:53 0 d
    C:\Users\The D's\AppData\Roaming\SUPERAntiSpyware.com
    2008-01-27 12:30:08 0 d
    C:\Program Files\Common Files
    2008-01-26 10:13:17 0 d
    C:\Program Files\DigiGuide TV Guide
    2008-01-25 15:38:15 0 d
    C:\Program Files\iTunes
    2008-01-17 18:30:08 0 d
    C:\Program Files\Common Files\Symantec Shared
    2008-01-17 18:11:58 0 d
    C:\Program Files\Symantec
    2008-01-17 18:01:49 0 d
    C:\Users\The D's\AppData\Roaming\Symantec
    2008-01-17 00:37:04 0 d
    C:\Users\The D's\AppData\Roaming\BitTorrent
    2008-01-10 09:49:33 0 d
    C:\Program Files\Windows Mail
    2008-01-10 09:49:31 0 d
    C:\Program Files\Windows Sidebar
    2007-12-24 20:24:38 0 d
    C:\Program Files\DivX
    2007-12-19 23:37:12 0 d--h
    C:\Program Files\InstallShield Installation Information
    2007-12-19 23:33:41 0 d
    C:\Program Files\Veoh Networks
    2007-12-15 11:34:25 0 d
    C:\Program Files\Nokia
    2007-12-15 11:33:37 0 d
    C:\Program Files\Common Files\PCSuite
    2007-12-05 18:20:24 0 d
    C:\Users\The D's\AppData\Roaming\Apple Computer
    2007-12-01 16:36:11 0 d
    C:\Users\The D's\AppData\Roaming\KewlBoxPrefs
    2007-11-07 17:25:23 1349648 --a
    C:\Users\The D's\AppData\Roaming\NMM-MetaData.db


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    25/08/2007 03:51 316784 --a
    C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    17/01/2008 17:58 116088 --a
    C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25/08/2007 03:51 316784]

    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20/06/2007 21:21]
    "RtHDVCpl"="RtHDVCpl.exe" [20/11/2006 06:13 C:\Windows\RtHDVCpl.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23/10/2006 03:00]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [12/07/2006 01:12]
    "Acer Tour"="" []
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05/11/2006 20:48]
    "SetPanel"="" []
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [15/11/2006 06:02]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [17/11/2006 07:26]
    "eRecoveryService"="" []
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/07/2007 15:39]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [29/08/2007 11:22]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [25/08/2007 05:07]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 03:22]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 09:33]
    "????r"="" []
    "?????????"="??????????????e" []
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [02/08/2007 15:55]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/12/2007 13:21]
    "@=" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]

    C:\Users\The D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Joost.lnk - C:\Program Files\Joost\xulrunner\tvprunner.exe [27/09/2007 18:49:34]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [14/11/2006 14:49:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-01-28 12:02:11

    The computer seems to be running alot smoother and quicker :)

    Thank you so much for your help, was at a loss as to how to get rid of everything :)


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    All done

    Few things to do

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    You can delete the tools that we used

    Below I have included a number of recommendations for how to protect your computer against malware infections.

    * Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

    * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
    SpywareBlaster protects against bad ActiveX
    IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    * SpywareGuard offers realtime protection from spyware installation attempts.

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

    Thank you for your patience, and performing all of the procedures requested.


  • Closed Accounts Posts: 17 micsd


    Thanks so much for your help. I've downloaded the applications you mentioned. I already use firefox but thanks for the advice. :)


Advertisement