Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Unknow Trojan Removal...

  • 11-02-2008 11:28am
    #1
    Cmol
    Closed Accounts Posts: 732 ✭✭✭


    Hiya.... for one reason or another my laptop at home now has a trojan on it (the one where a message box pops up every couple of minutes telling you to download spyware... and no, I havent tried to download its 'recommended spyware') I have googled it and it seems to be fairly common but I just want to know the best way to get rid of it... im wary of downloading anti spyware found through google incase I download something dodgy.... does anyone have a reliable program I can download? Or Instructions on how to get rid of it??
    Thanks so much!!


Comments

  • #2
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    Anti spyware won't do you any good for a trojan, they're a form of virus which is outside the scope of most anti spyware programs.

    What does the Google search suggest the name of the infection is?

    Also, try running a DSS scan and posting the logs here.


  • #3
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    ah yeah, anti spyware was my name for whatever it is I need to download... Really technical, as you can tell...
    I dont know if it has a name, but this link here
    http://www.spywareremove.com/removeUnknownTrojan.html
    shows exactly whats coming up

    Thanks a mil, ill run the scan tonight and post...


  • #4
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    Deckard's System Scanner v20071014.68
    Run by Claire on 2008-02-11 20:14:21
    Computer is in Normal Mode.
    -- Last 5 Restore Point(s) --
    10: 2008-02-10 14:30:57 UTC - RP44 - Windows Backup
    9: 2008-02-10 00:09:12 UTC - RP43 - Configured AVG 7.5
    8: 2008-02-09 19:37:03 UTC - RP42 - Windows Update
    7: 2008-02-02 17:22:45 UTC - RP41 - Scheduled Checkpoint
    6: 2008-02-01 16:43:01 UTC - RP40 - Windows Update

    -- First Restore Point --
    1: 2008-01-25 17:09:57 UTC - RP35 - Windows Update

    Backed up registry hives.
    Performed disk cleanup.
    Total Physical Memory: 895 MiB (1024 MiB recommended).

    -- HijackThis Clone

    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-02-11 20:19:10
    Platform: Windows Vista (6.00.6000)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal
    Running processes:
    C:\Windows\System32\taskeng.exe
    C:\Windows\System32\dwm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\SiS VGA Utilities\SiSTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Grisoft\AVG7\avgw.exe
    C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBEK2ANG\dss[1].exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\taskeng.exe
    C:\Windows\System32\sdclt.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Sysem Player - {D70E28A7-AA79-4D62-A59F-87024840BB62} - C:\Windows\sysvol32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202598798233
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 7875 bytes
    -- File Associations
    All associations okay.

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    All drivers whitelisted.

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 ASLDRService (ASLDR Service) - c:\program files\atk hotkey\asldrsrv.exe <Not Verified; ; ADSMSrv>
    R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
    S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

    -- Device Manager: Disabled
    No disabled devices found.

    -- Scheduled Tasks
    2008-02-10 20:00:00 342 --a
    C:\Windows\Tasks\Recovery DVD Creator.job
    2008-02-10 20:00:00 276 --a
    C:\Windows\Tasks\PBRegbk.job
    2008-01-14 20:59:59 276 --a
    C:\Windows\Tasks\PBReg.job

    -- Files created between 2008-01-11 and 2008-02-11
    2008-02-09 22:15:52 236544 --a
    C:\Windows\sysvol32.dll <Not Verified; Asus; >
    2008-02-09 22:15:49 52 --a
    C:\tmp.bat
    2008-01-30 18:24:54 0 d
    C:\Program Files\Cossacks
    2008-01-30 18:24:32 53248 --a
    C:\Windows\system32\unrar.dll
    2008-01-30 18:24:28 4358144 -ra
    C:\Windows\uncsetup.exe <Not Verified; GSC Game World; Cossacks Setup Utility for Win32>
    2008-01-26 21:25:26 0 d
    C:\Program Files\iPod
    2008-01-26 21:25:12 0 d
    C:\Program Files\iTunes
    2008-01-26 21:23:10 0 d
    C:\Program Files\QuickTime
    2008-01-20 20:14:47 0 d
    C:\Program Files\About280.com
    2008-01-19 11:06:09 0 d
    C:\Windows\Downloaded Installations
    2008-01-17 21:37:49 33792 -ra
    C:\Windows\NPSExec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
    2008-01-17 21:37:48 0 d
    C:\Program Files\Electronic Arts
    2008-01-17 21:34:45 0 d
    C:\Program Files\Maxis
    2008-01-17 21:28:10 0 d
    C:\Program Files\NovaLogic
    2008-01-17 21:26:00 306688 --a
    C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-01-17 21:25:16 0 -rahs---- C:\MSDOS.SYS
    2008-01-17 21:25:16 0 -rahs---- C:\IO.SYS
    2008-01-12 13:17:20 0 d
    C:\Program Files\Java
    2008-01-12 13:09:49 0 d
    C:\Program Files\Common Files\Java
    2008-01-12 13:09:06 0 d
    C:\Program Files\LimeWire

    -- Find3M Report
    2008-02-11 20:09:15 0 d
    C:\Users\Claire\AppData\Roaming\AVG7
    2008-02-03 14:54:12 0 d
    C:\Users\Claire\AppData\Roaming\LimeWire
    2008-01-27 00:05:08 0 d
    C:\Program Files\Google
    2008-01-15 15:27:10 0 d
    C:\Users\Claire\AppData\Roaming\Google
    2008-01-14 17:25:34 0 d
    C:\Users\Claire\AppData\Roaming\Packard Bell
    2008-01-14 17:09:48 174 --ahs---- C:\Program Files\desktop.ini
    2008-01-14 17:08:22 0 d
    C:\Program Files\Windows Calendar
    2008-01-12 13:09:49 0 d
    C:\Program Files\Common Files
    2008-01-12 10:35:09 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-10 16:26:54 0 d
    C:\Program Files\Windows Mail
    2008-01-10 16:26:49 0 d
    C:\Program Files\Windows Sidebar
    2008-01-09 22:40:44 0 d
    C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-09 22:32:09 0 d
    C:\Program Files\MSXML 4.0
    2008-01-09 19:29:37 0 d
    C:\Users\Claire\AppData\Roaming\Adobe
    2008-01-08 21:05:38 0 d
    C:\Users\Claire\AppData\Roaming\Apple Computer
    2008-01-08 21:02:15 0 d
    C:\Program Files\Apple Software Update
    2008-01-08 21:00:05 0 d
    C:\Program Files\Common Files\Apple
    2008-01-08 19:29:22 0 d
    C:\Users\Claire\AppData\Roaming\Talkback
    2008-01-08 19:28:42 0 d
    C:\Users\Claire\AppData\Roaming\Mozilla
    2008-01-08 19:27:29 0 d
    C:\Program Files\Common Files\Symantec Shared
    2008-01-08 19:19:59 0 d
    C:\Users\Claire\AppData\Roaming\Macromedia
    2008-01-08 13:04:34 0 d
    C:\Program Files\Lavasoft
    2008-01-08 13:02:36 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-07 18:32:43 0 d
    C:\Users\Claire\AppData\Roaming\CyberLink
    2008-01-07 18:31:57 0 d
    C:\Users\Claire\AppData\Roaming\Roxio
    2008-01-07 18:30:33 0 d
    C:\Users\Claire\AppData\Roaming\Identities

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70E28A7-AA79-4D62-A59F-87024840BB62}]
    09/02/2008 22:15 236544 --a
    C:\Windows\sysvol32.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [26/09/2007 19:22]
    "SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [17/09/2007 20:09]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/03/2007 13:24]
    "RtHDVCpl"="RtHDVCpl.exe" [03/09/2007 10:39 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [03/08/2007 05:22 C:\Windows\SkyTel.exe]
    "@=" []
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/01/2007 10:40]
    "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [12/06/2007 22:36]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [20/02/2007 16:20]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/01/2008 13:24]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 03:22]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [19/07/2007 13:32]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 08/01/2008 13:24 9216 C:\Windows\System32\avgwlntf.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

    -- End of Deckard's System Scanner: finished at 2008-02-11 20:21:10


  • #5
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    -- System Information
    Microsoft® Windows Vista™ Home Premium (build 6000)
    Architecture: X86; Language: English
    CPU 0: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
    Percentage of Memory in Use: 70%
    Physical Memory (total/avail): 894.66 MiB / 259.82 MiB
    Pagefile Memory (total/avail): 2049.21 MiB / 1062.86 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1903.79 MiB
    C: is Fixed (NTFS) - 66.52 GiB total, 27.22 GiB free.
    D: is CDROM (Unformatted)
    [URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - ST980811AS ATA Device - 74.53 GiB - 2 partitions
    \PARTITION0 - Unknown - 8.01 GiB
    \PARTITION1 (bootable) - Installable File System - 66.52 GiB - C:

    -- Security Center
    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.
    FW: Norton 360 v2007 (SYMANTEC Corporation)
    AV: Norton 360 v2007 (SYMANTEC Corperation)
    AV: AVG 7.5.516 v7.5.516 (Grisoft)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
    AS: Norton 360 v2007 (Symantec Corporation)
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    -- Environment Variables
    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Claire\AppData\Roaming
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=CLAIRE-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Claire
    LOCALAPPDATA=C:\Users\Claire\AppData\Local
    LOGONSERVER=\\CLAIRE-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f0d
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Claire\AppData\Local\Temp
    TMP=C:\Users\Claire\AppData\Local\Temp
    USERDOMAIN=Claire-PC
    USERNAME=Claire
    USERPROFILE=C:\Users\Claire
    windir=C:\Windows

    -- User Profiles
    Claire

    -- Add/Remove Programs
    --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    --> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
    --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}
    Adobe Reader 8 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
    Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
    Adobe Shockwave Player --> MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
    Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    ATK Hotkey --> C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    British Telecom --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *BT_GB*
    Browser Address Error Redirector --> regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
    Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Creator 9 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
    EW : Cossacks --> C:\Windows\uncsetup.exe
    Flash Player 9 Internet Explorer --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
    Google BAE --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
    Google Earth --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH*
    Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    GoogleToolbar --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
    HDReg --> MsiExec.exe /I{AB7032FF-AFED-4C58-AA5C-8473B273793A}
    Infocentre Rev. 2.0 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
    Internet From BT --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE9033AD-CBAE-4EDF-989A-BC479FBC6F1F}\Setup.exe"
    iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    LimeWire 4.16.2 --> "C:\Program Files\LimeWire\uninstall.exe"
    Magic Sports --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *MagicSports*
    MagicSports 3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5927AF0D-335C-41D6-937B-54587EBD6D2C}\setup.exe" -uninstall
    Metaboli --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
    Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Works --> MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
    Microsoft Works 9 SE --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
    Microsoft® Office Trial 2007 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_UK*
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    Network Play System (Patching) --> C:\Windows\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
    Norton 360 2007 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *N360_2007_GB*
    Packard Bell ImageWriter --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
    Packard Bell LCD Test --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
    Packard Bell Updator --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
    QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    Roxio Creator 9 LE --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    SetUp My PC --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_GB*
    Shockwave player 10 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
    Simple Image Resizer --> MsiExec.exe /I{484886B5-B589-4133-A2EB-8FF147F68ABE}
    SiS VGA Utilities --> C:\Program Files\SiS VGA Utilities\Setup.exe -u
    Skype 3.2.2.163 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
    Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    The Sims --> C:\Windows\IsUninst.exe -f"C:\Program Files\Maxis\The Sims\Uninst.isu"

    -- Application Event Log
    Event Record #/Type1681 / Success
    Event Submitted/Written: 02/11/2008 08:07:24 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:

    Event Record #/Type1679 / Success
    Event Submitted/Written: 02/11/2008 08:07:22 PM
    Event ID/Source: 5615 / WinMgmt
    Event Description:

    Event Record #/Type1676 / Success
    Event Submitted/Written: 02/11/2008 08:07:16 PM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    The Software Licensing service has started.
    Event Record #/Type1666 / Warning
    Event Submitted/Written: 02/10/2008 08:00:42 PM
    Event ID/Source: 1530 / profsvc
    Event Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-1918521892-1394569715-2708047317-1002_Classes:
    Process 896 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1918521892-1394569715-2708047317-1002_CLASSES
    Event Record #/Type1665 / Warning
    Event Submitted/Written: 02/10/2008 08:00:41 PM
    Event ID/Source: 1530 / profsvc
    Event Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-1918521892-1394569715-2708047317-1002:
    Process 896 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1918521892-1394569715-2708047317-1002

    -- Security Event Log
    No Errors/Warnings found.

    -- System Event Log
    Event Record #/Type9160 / Error
    Event Submitted/Written: 02/11/2008 08:06:52 PM
    Event ID/Source: 6 / ACPI
    Event Description:
    IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0.
    Please contact your system vendor for technical assistance.
    Event Record #/Type9159 / Error
    Event Submitted/Written: 02/11/2008 08:06:52 PM
    Event ID/Source: 6 / ACPI
    Event Description:
    IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0.
    Please contact your system vendor for technical assistance.
    Event Record #/Type9158 / Warning
    Event Submitted/Written: 02/10/2008 08:01:03 PM
    Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
    Event Description:

    Event Record #/Type9134 / Warning
    Event Submitted/Written: 02/10/2008 02:12:31 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D60BD7AB8. The following error occurred:
    %%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    Event Record #/Type9120 / Warning
    Event Submitted/Written: 02/10/2008 01:49:28 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D60BD7AB8. The following error occurred:
    %%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    -- End of Deckard's System Scanner: finished at 2008-02-11 20:21:10


  • #6
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    You have two firewalls so you need to disable Windows firewall

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      C:\Windows\sysvol32.dll
C:\tmp.bat
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      purity
    • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    Reboot and post a new DSS log and tell me how your PC is running


  • Advertisement
  • #7
    donmeister
    Closed Accounts Posts: 2,158 ✭✭✭donmeister


    well,id say to you download avast! antivirus software of cnet.com,i find it those the job,takes a while to do a scan,but that means its working well!erm,i tink lol!p.s its free aswell,so happy out!


  • #8
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    Hiya

    Ok, well ran the twp programs above.... the superantivirus did pick up 11 problems and quarantined and deleted then but have just rebooted comp and the unknown trojan message is still coming up.... new DSS log below.... only main.txt, it didnt give me an extra.txt....
    I turned off the windows firewall while the scans were running but have just turned it back on...

    Should probably also mention that the boyfriend thought he'd have a go at trying to fix it before I got home and actually clicked ok to downloading the trojan/virus message that was coming up.... dont know if that makes a difference, but the logo on the desktop that he downloaded has gone now that that scans finished... hopefully this all make sense....

    Thanks so much for the help too - its much appreciated!

    Deckard's System Scanner v20071014.68
    Run by Claire on 2008-02-12 21:10:02
    Computer is in Normal Mode.
    Total Physical Memory: 895 MiB (1024 MiB recommended).

    -- HijackThis Clone

    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-02-12 21:10:32
    Platform: Windows Vista (6.00.6000)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal
    Running processes:
    C:\Windows\System32\dwm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\SiS VGA Utilities\SiSTray.exe
    C:\Windows\System32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\SearchFilterHost.exe
    C:\Users\Claire\Desktop\dss.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Sysem Player - {D70E28A7-AA79-4D62-A59F-87024840BB62} - C:\Windows\sysvol32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202598798233
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8149 bytes
    -- Files created between 2008-01-12 and 2008-02-12
    2008-02-12 20:04:17 0 d
    C:\Users\All Users\SUPERAntiSpyware.com
    2008-02-12 20:03:08 0 d
    C:\Program Files\SUPERAntiSpyware
    2008-02-12 20:02:15 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-09 22:15:52 236544 --a
    C:\Windows\sysvol32.dll <Not Verified; Asus; >
    2008-02-09 22:15:49 52 --a
    C:\tmp.bat
    2008-01-30 18:24:32 53248 --a
    C:\Windows\system32\unrar.dll
    2008-01-30 18:24:28 4358144 -ra
    C:\Windows\uncsetup.exe <Not Verified; GSC Game World; Cossacks Setup Utility for Win32>
    2008-01-26 21:25:26 0 d
    C:\Program Files\iPod
    2008-01-26 21:25:12 0 d
    C:\Program Files\iTunes
    2008-01-26 21:23:10 0 d
    C:\Program Files\QuickTime
    2008-01-20 20:14:47 0 d
    C:\Program Files\About280.com
    2008-01-19 11:06:09 0 d
    C:\Windows\Downloaded Installations
    2008-01-17 21:37:49 33792 -ra
    C:\Windows\NPSExec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
    2008-01-17 21:37:48 0 d
    C:\Program Files\Electronic Arts
    2008-01-17 21:34:45 0 d
    C:\Program Files\Maxis
    2008-01-17 21:28:10 0 d
    C:\Program Files\NovaLogic
    2008-01-17 21:26:00 306688 --a
    C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-01-17 21:25:16 0 -rahs---- C:\MSDOS.SYS
    2008-01-17 21:25:16 0 -rahs---- C:\IO.SYS
    2008-01-12 13:17:20 0 d
    C:\Program Files\Java
    2008-01-12 13:09:49 0 d
    C:\Program Files\Common Files\Java
    2008-01-12 13:09:06 0 d
    C:\Program Files\LimeWire

    -- Find3M Report
    2008-02-12 20:03:08 0 d
    C:\Users\Claire\AppData\Roaming\SUPERAntiSpyware.com
    2008-02-12 20:02:15 0 d
    C:\Program Files\Common Files
    2008-02-12 19:28:03 0 d
    C:\Users\Claire\AppData\Roaming\AVG7
    2008-02-12 17:37:30 0 d
    C:\Users\Claire\AppData\Roaming\Grisoft
    2008-02-03 14:54:12 0 d
    C:\Users\Claire\AppData\Roaming\LimeWire
    2008-01-27 00:05:08 0 d
    C:\Program Files\Google
    2008-01-15 15:27:10 0 d
    C:\Users\Claire\AppData\Roaming\Google
    2008-01-14 17:25:34 0 d
    C:\Users\Claire\AppData\Roaming\Packard Bell
    2008-01-14 17:09:48 174 --ahs---- C:\Program Files\desktop.ini
    2008-01-14 17:08:22 0 d
    C:\Program Files\Windows Calendar
    2008-01-12 10:35:09 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-10 16:26:54 0 d
    C:\Program Files\Windows Mail
    2008-01-10 16:26:49 0 d
    C:\Program Files\Windows Sidebar
    2008-01-09 22:40:44 0 d
    C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-09 22:32:09 0 d
    C:\Program Files\MSXML 4.0
    2008-01-09 19:29:37 0 d
    C:\Users\Claire\AppData\Roaming\Adobe
    2008-01-08 21:05:38 0 d
    C:\Users\Claire\AppData\Roaming\Apple Computer
    2008-01-08 21:02:15 0 d
    C:\Program Files\Apple Software Update
    2008-01-08 21:00:05 0 d
    C:\Program Files\Common Files\Apple
    2008-01-08 19:29:22 0 d
    C:\Users\Claire\AppData\Roaming\Talkback
    2008-01-08 19:28:42 0 d
    C:\Users\Claire\AppData\Roaming\Mozilla
    2008-01-08 19:27:29 0 d
    C:\Program Files\Common Files\Symantec Shared
    2008-01-08 19:19:59 0 d
    C:\Users\Claire\AppData\Roaming\Macromedia
    2008-01-07 18:32:43 0 d
    C:\Users\Claire\AppData\Roaming\CyberLink
    2008-01-07 18:31:57 0 d
    C:\Users\Claire\AppData\Roaming\Roxio
    2008-01-07 18:30:33 0 d
    C:\Users\Claire\AppData\Roaming\Identities

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70E28A7-AA79-4D62-A59F-87024840BB62}]
    09/02/2008 22:15 236544 --a
    C:\Windows\sysvol32.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [26/09/2007 19:22]
    "SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [17/09/2007 20:09]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/03/2007 13:24]
    "RtHDVCpl"="RtHDVCpl.exe" [03/09/2007 10:39 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [03/08/2007 05:22 C:\Windows\SkyTel.exe]
    "@=" []
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/01/2007 10:40]
    "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [12/06/2007 22:36]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [20/02/2007 16:20]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/01/2008 13:24]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 03:22]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [19/07/2007 13:32]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 08/01/2008 13:24 9216 C:\Windows\System32\avgwlntf.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

    -- End of Deckard's System Scanner: finished at 2008-02-12 21:11:15


  • #9
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Download ComboFix from one of the locations below, and save it to your Desktop. Double click combofix.exe and follow the prompts.
    When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


  • #10
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    Trojan message is still showing....



    ComboFix 08-02-13.2 - Claire 2008-02-13 16:32:06.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.320 [GMT 0:00]
    Running from: C:\Users\Claire\Desktop\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
    .
    2008-02-12 20:04 . 2008-02-12 20:04 <DIR> d
    C:\Users\All Users\SUPERAntiSpyware.com
    2008-02-12 20:04 . 2008-02-12 20:04 <DIR> d
    C:\ProgramData\SUPERAntiSpyware.com
    2008-02-12 20:03 . 2008-02-12 20:03 <DIR> d
    C:\Users\Claire\AppData\Roaming\SUPERAntiSpyware.com
    2008-02-12 20:03 . 2008-02-12 20:08 <DIR> d
    C:\Program Files\SUPERAntiSpyware
    2008-02-12 20:02 . 2008-02-12 20:02 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-12 19:22 . 2008-02-12 19:22 <DIR> d
    C:\_OTMoveIt
    2008-02-12 17:37 . 2008-02-12 17:37 <DIR> d
    C:\Users\Claire\AppData\Roaming\Grisoft
    2008-02-12 17:37 . 2007-05-30 12:10 10,872 --a
    C:\Windows\System32\drivers\AvgAsCln.sys
    2008-02-11 20:13 . 2008-02-11 20:13 <DIR> d
    C:\Deckard
    2008-02-09 22:15 . 2008-02-09 22:15 236,544 --a
    C:\Windows\sysvol32.dll
    2008-02-09 22:15 . 2008-02-09 22:15 52 --a
    C:\tmp.bat
    2008-01-30 18:24 . 2001-03-06 19:05 4,358,144 -ra
    C:\Windows\uncsetup.exe
    2008-01-30 18:24 . 2008-01-30 18:24 53,248 --a
    C:\Windows\System32\unrar.dll
    2008-01-28 19:09 . 2008-02-03 15:27 107,809,741 --a
    C:\Windows\MEMORY.DMP
    2008-01-26 21:26 . 2008-01-27 13:13 54,156 --ah
    C:\Windows\QTFont.qfn
    2008-01-26 21:26 . 2008-01-26 21:26 1,409 --a
    C:\Windows\QTFont.for
    2008-01-26 21:25 . 2008-01-26 21:25 <DIR> d
    C:\Program Files\iTunes
    2008-01-26 21:25 . 2008-01-26 21:25 <DIR> d
    C:\Program Files\iPod
    2008-01-26 21:23 . 2008-01-26 21:23 <DIR> d
    C:\Program Files\QuickTime
    2008-01-20 20:14 . 2008-01-20 20:14 <DIR> d
    C:\Program Files\About280.com
    2008-01-19 11:06 . 2008-01-19 11:06 <DIR> d
    C:\Windows\Downloaded Installations
    2008-01-17 21:37 . 2008-01-17 21:37 <DIR> d
    C:\Program Files\Electronic Arts
    2008-01-17 21:37 . 1997-01-22 22:26 565,760 -ra
    C:\Windows\System32\MSVCP50.DLL
    2008-01-17 21:37 . 1999-04-02 16:37 33,792 -ra
    C:\Windows\NPSExec.exe
    2008-01-17 21:34 . 2008-01-17 21:34 <DIR> d
    C:\Program Files\Maxis
    2008-01-17 21:28 . 2008-01-17 21:28 <DIR> d
    C:\Program Files\NovaLogic
    2008-01-17 21:26 . 1998-10-29 17:45 306,688 --a
    C:\Windows\IsUninst.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-12 19:28
    d
    w C:\Users\Claire\AppData\Roaming\AVG7
    2008-02-12 17:37
    d
    w C:\ProgramData\Grisoft
    2008-02-11 20:07
    d
    w C:\ProgramData\avg7
    2008-02-03 14:54
    d
    w C:\Users\Claire\AppData\Roaming\LimeWire
    2008-01-27 17:23
    d
    w C:\Program Files\Java
    2008-01-27 00:05
    d
    w C:\Program Files\Google
    2008-01-26 21:25
    d
    w C:\ProgramData\Apple Computer
    2008-01-14 17:25
    d
    w C:\Users\Claire\AppData\Roaming\Packard Bell
    2008-01-14 17:09 174 --sha-w C:\Program Files\desktop.ini
    2008-01-14 17:08
    d
    w C:\Program Files\Windows Calendar
    2008-01-12 14:17 8,192 ----a-w C:\Windows\System32\riched32.dll
    2008-01-12 14:17 77,824 ----a-w C:\Windows\System32\rascfg.dll
    2008-01-12 14:17 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
    2008-01-12 14:17 694,784 ----a-w C:\Windows\System32\localspl.dll
    2008-01-12 14:17 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2008-01-12 14:17 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
    2008-01-12 14:17 52,736 ----a-w C:\Windows\System32\rasdiag.dll
    2008-01-12 14:17 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
    2008-01-12 14:17 384,000 ----a-w C:\Windows\System32\netcfgx.dll
    2008-01-12 14:17 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-01-12 14:17 33,280 ----a-w C:\Windows\System32\traffic.dll
    2008-01-12 14:17 32,768 ----a-w C:\Windows\System32\rasmxs.dll
    2008-01-12 14:17 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
    2008-01-12 14:17 22,016 ----a-w C:\Windows\System32\rasser.dll
    2008-01-12 14:17 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
    2008-01-12 14:17 15,360 ----a-w C:\Windows\System32\pacerprf.dll
    2008-01-12 14:17 134,656 ----a-w C:\Windows\System32\dps.dll
    2008-01-12 14:17 13,824 ----a-w C:\Windows\System32\wshqos.dll
    2008-01-12 14:17 13,824 ----a-w C:\Windows\System32\icsunattend.exe
    2008-01-12 14:16 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-01-12 14:14 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
    2008-01-12 14:14 65,024 ----a-w C:\Windows\System32\avicap32.dll
    2008-01-12 14:14 61,440 ----a-w C:\Windows\System32\ntprint.exe
    2008-01-12 14:14 269,824 ----a-w C:\Windows\System32\schannel.dll
    2008-01-12 14:14 220,160 ----a-w C:\Windows\System32\ntprint.dll
    2008-01-12 14:14 123,904 ----a-w C:\Windows\System32\msvfw32.dll
    2008-01-12 14:14 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
    2008-01-12 14:14 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
    2008-01-12 14:14 1,984,512 ----a-w C:\Windows\System32\authui.dll
    2008-01-12 14:13 88,576 ----a-w C:\Windows\System32\avifil32.dll
    2008-01-12 14:13 82,944 ----a-w C:\Windows\System32\mciavi32.dll
    2008-01-12 14:13 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
    2008-01-12 14:13 69,632 ----a-w C:\Windows\System32\sendmail.dll
    2008-01-12 14:13 31,232 ----a-w C:\Windows\System32\msvidc32.dll
    2008-01-12 14:13 12,800 ----a-w C:\Windows\System32\msrle32.dll
    2008-01-12 13:18
    d
    w C:\Program Files\LimeWire
    2008-01-12 13:09
    d
    w C:\Program Files\Common Files\Java
    2008-01-12 10:35
    d
    w C:\Program Files\Common Files\Adobe
    2008-01-10 16:26
    d
    w C:\Program Files\Windows Sidebar
    2008-01-10 16:26
    d
    w C:\Program Files\Windows Mail
    2008-01-09 22:44 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-01-09 22:44 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2008-01-09 22:44 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2008-01-09 22:44 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2008-01-09 22:44 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2008-01-09 22:44 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2008-01-09 22:44 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2008-01-09 22:44 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
    2008-01-09 22:44 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2008-01-09 22:44 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2008-01-09 22:44 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
    2008-01-09 22:44 2,923,520 ----a-w C:\Windows\explorer.exe
    2008-01-09 22:44 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-01-09 22:44 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
    2008-01-09 22:42 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-01-09 22:42 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-09 22:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-01-09 22:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-01-09 22:42 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-01-09 22:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-01-09 22:41 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-09 22:41 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-09 22:41 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-01-09 22:40
    d
    w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-09 22:39 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-01-09 22:39 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-01-09 22:39 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-01-09 22:39 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2008-01-09 22:39 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-01-09 22:39 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-09 22:39 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2008-01-09 22:39 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2008-01-09 22:39 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-01-09 22:39 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2008-01-09 22:39 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2008-01-09 22:39 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-01-09 22:39 1,686,016 ----a-w C:\Windows\System32\gameux.dll
    2008-01-09 22:39 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-09 22:38 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-09 22:37 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-09 22:37 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-09 22:37 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-09 22:37 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-09 22:37 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-09 22:36 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-01-09 22:36 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-09 22:36 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-01-09 22:36 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-01-09 22:36 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-01-09 22:36 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70E28A7-AA79-4D62-A59F-87024840BB62}]
    2008-02-09 22:15 236544 --a
    C:\Windows\sysvol32.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 13:32 1120568]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-26 19:22 1006264]
    "SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [2007-09-17 20:09 552960]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 13:24 857648]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 10:39 4702208 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [2007-08-03 05:22 1826816 C:\Windows\SkyTel.exe]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
    "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 22:36 102400]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 16:20 28672]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-08 13:24 579072]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-08 13:24 219136]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 2008-01-08 13:24 9216 C:\Windows\System32\avgwlntf.dll
    R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 17:13]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-04-20 02:16]
    R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-01-08 13:24]
    R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-17 20:09]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 03:12]
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-14 20:59:59 C:\Windows\Tasks\PBReg.job"
    - C:\Program Files\HDReg\HDRegApp.exe
    "2008-02-13 16:30:01 C:\Windows\Tasks\PBRegbk.job"
    - C:\Program Files\HDReg\HDRegApp.exe
    "2008-02-13 16:30:02 C:\Windows\Tasks\Recovery DVD Creator.job"
    - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
    .
    **************************************************************************
    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-13 16:35:12
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2008-02-13 16:35:58
    .
    2008-02-09 19:38:01 --- E O F ---


  • #11
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    Deckard's System Scanner v20071014.68
    Run by Claire on 2008-02-13 16:42:17
    Computer is in Normal Mode.
    Total Physical Memory: 895 MiB (1024 MiB recommended).

    -- HijackThis (run as Claire.exe)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:42:52, on 13/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\SiS VGA Utilities\SiSTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Claire\Desktop\dss.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Claire.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Sysem Player - {D70E28A7-AA79-4D62-A59F-87024840BB62} - C:\Windows\sysvol32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202598798233
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 7500 bytes
    -- Files created between 2008-01-13 and 2008-02-13
    2008-02-13 16:42:42 0 d
    C:\Program Files\Trend Micro
    2008-02-13 16:29:22 68096 --a
    C:\Windows\system32\zip.exe
    2008-02-13 16:29:22 98816 --a
    C:\Windows\system32\sed.exe
    2008-02-13 16:29:22 80412 --a
    C:\Windows\system32\grep.exe
    2008-02-13 16:29:22 73728 --a
    C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-02-12 20:04:17 0 d
    C:\Users\All Users\SUPERAntiSpyware.com
    2008-02-12 20:03:08 0 d
    C:\Program Files\SUPERAntiSpyware
    2008-02-12 20:02:15 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-09 22:15:52 236544 --a
    C:\Windows\sysvol32.dll <Not Verified; Asus; >
    2008-02-09 22:15:49 52 --a
    C:\tmp.bat
    2008-01-30 18:24:32 53248 --a
    C:\Windows\system32\unrar.dll
    2008-01-30 18:24:28 4358144 -ra
    C:\Windows\uncsetup.exe <Not Verified; GSC Game World; Cossacks Setup Utility for Win32>
    2008-01-26 21:25:26 0 d
    C:\Program Files\iPod
    2008-01-26 21:25:12 0 d
    C:\Program Files\iTunes
    2008-01-26 21:23:10 0 d
    C:\Program Files\QuickTime
    2008-01-20 20:14:47 0 d
    C:\Program Files\About280.com
    2008-01-19 11:06:09 0 d
    C:\Windows\Downloaded Installations
    2008-01-17 21:37:49 33792 -ra
    C:\Windows\NPSExec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
    2008-01-17 21:37:48 0 d
    C:\Program Files\Electronic Arts
    2008-01-17 21:34:45 0 d
    C:\Program Files\Maxis
    2008-01-17 21:28:10 0 d
    C:\Program Files\NovaLogic
    2008-01-17 21:26:00 306688 --a
    C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-01-17 21:25:16 0 -rahs---- C:\MSDOS.SYS
    2008-01-17 21:25:16 0 -rahs---- C:\IO.SYS

    -- Find3M Report
    2008-02-12 20:03:08 0 d
    C:\Users\Claire\AppData\Roaming\SUPERAntiSpyware.com
    2008-02-12 20:02:15 0 d
    C:\Program Files\Common Files
    2008-02-12 19:28:03 0 d
    C:\Users\Claire\AppData\Roaming\AVG7
    2008-02-12 17:37:30 0 d
    C:\Users\Claire\AppData\Roaming\Grisoft
    2008-02-03 14:54:12 0 d
    C:\Users\Claire\AppData\Roaming\LimeWire
    2008-01-27 17:23:09 0 d
    C:\Program Files\Java
    2008-01-27 00:05:08 0 d
    C:\Program Files\Google
    2008-01-15 15:27:10 0 d
    C:\Users\Claire\AppData\Roaming\Google
    2008-01-14 17:25:34 0 d
    C:\Users\Claire\AppData\Roaming\Packard Bell
    2008-01-14 17:09:48 174 --ahs---- C:\Program Files\desktop.ini
    2008-01-14 17:08:22 0 d
    C:\Program Files\Windows Calendar
    2008-01-12 13:18:44 0 d
    C:\Program Files\LimeWire
    2008-01-12 13:09:49 0 d
    C:\Program Files\Common Files\Java
    2008-01-12 10:35:09 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-10 16:26:54 0 d
    C:\Program Files\Windows Mail
    2008-01-10 16:26:49 0 d
    C:\Program Files\Windows Sidebar
    2008-01-09 22:40:44 0 d
    C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-09 22:32:09 0 d
    C:\Program Files\MSXML 4.0
    2008-01-09 19:29:37 0 d
    C:\Users\Claire\AppData\Roaming\Adobe
    2008-01-08 21:05:38 0 d
    C:\Users\Claire\AppData\Roaming\Apple Computer
    2008-01-08 21:02:15 0 d
    C:\Program Files\Apple Software Update
    2008-01-08 21:00:05 0 d
    C:\Program Files\Common Files\Apple
    2008-01-08 19:29:22 0 d
    C:\Users\Claire\AppData\Roaming\Talkback
    2008-01-08 19:28:42 0 d
    C:\Users\Claire\AppData\Roaming\Mozilla
    2008-01-08 19:27:29 0 d
    C:\Program Files\Common Files\Symantec Shared
    2008-01-08 19:19:59 0 d
    C:\Users\Claire\AppData\Roaming\Macromedia
    2008-01-07 18:32:43 0 d
    C:\Users\Claire\AppData\Roaming\CyberLink
    2008-01-07 18:31:57 0 d
    C:\Users\Claire\AppData\Roaming\Roxio
    2008-01-07 18:30:33 0 d
    C:\Users\Claire\AppData\Roaming\Identities

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70E28A7-AA79-4D62-A59F-87024840BB62}]
    09/02/2008 22:15 236544 --a
    C:\Windows\sysvol32.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [26/09/2007 19:22]
    "SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [17/09/2007 20:09]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/03/2007 13:24]
    "RtHDVCpl"="RtHDVCpl.exe" [03/09/2007 10:39 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [03/08/2007 05:22 C:\Windows\SkyTel.exe]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/01/2007 10:40]
    "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [12/06/2007 22:36]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [20/02/2007 16:20]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/01/2008 13:24]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 03:22]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [19/07/2007 13:32]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 08/01/2008 13:24 9216 C:\Windows\System32\avgwlntf.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

    -- End of Deckard's System Scanner: finished at 2008-02-13 16:43:24


  • Advertisement
  • #12
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Close any open browsers.

    2. Open notepad and copy/paste the text in the quotebox below into it:
    File::
    C:\Windows\sysvol32.dll
    C:\tmp.bat

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Combo-Do.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Sysem Player - {D70E28A7-AA79-4D62-A59F-87024840BB62} - C:\Windows\sysvol32.dll

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Reboot and post a new HijackThis log


  • #13
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    ComboFix 08-02-13.2 - Claire 2008-02-13 17:51:38.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.316 [GMT 0:00]
    Running from: C:\Users\Claire\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Claire\Desktop\CFScript.txt
    * Created a new restore point
    .
    ((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
    .
    2008-02-13 16:42 . 2008-02-13 16:42 <DIR> d
    C:\Program Files\Trend Micro
    2008-02-12 20:04 . 2008-02-12 20:04 <DIR> d
    C:\Users\All Users\SUPERAntiSpyware.com
    2008-02-12 20:04 . 2008-02-12 20:04 <DIR> d
    C:\ProgramData\SUPERAntiSpyware.com
    2008-02-12 20:03 . 2008-02-12 20:03 <DIR> d
    C:\Users\Claire\AppData\Roaming\SUPERAntiSpyware.com
    2008-02-12 20:03 . 2008-02-12 20:08 <DIR> d
    C:\Program Files\SUPERAntiSpyware
    2008-02-12 20:02 . 2008-02-12 20:02 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-12 19:22 . 2008-02-12 19:22 <DIR> d
    C:\_OTMoveIt
    2008-02-12 17:37 . 2008-02-12 17:37 <DIR> d
    C:\Users\Claire\AppData\Roaming\Grisoft
    2008-02-12 17:37 . 2007-05-30 12:10 10,872 --a
    C:\Windows\System32\drivers\AvgAsCln.sys
    2008-02-11 20:13 . 2008-02-11 20:13 <DIR> d
    C:\Deckard
    2008-02-09 22:15 . 2008-02-09 22:15 236,544 --a
    C:\Windows\sysvol32.dll
    2008-02-09 22:15 . 2008-02-09 22:15 52 --a
    C:\tmp.bat
    2008-01-30 18:24 . 2001-03-06 19:05 4,358,144 -ra
    C:\Windows\uncsetup.exe
    2008-01-30 18:24 . 2008-01-30 18:24 53,248 --a
    C:\Windows\System32\unrar.dll
    2008-01-28 19:09 . 2008-02-03 15:27 107,809,741 --a
    C:\Windows\MEMORY.DMP
    2008-01-26 21:26 . 2008-01-27 13:13 54,156 --ah
    C:\Windows\QTFont.qfn
    2008-01-26 21:26 . 2008-01-26 21:26 1,409 --a
    C:\Windows\QTFont.for
    2008-01-26 21:25 . 2008-01-26 21:25 <DIR> d
    C:\Program Files\iTunes
    2008-01-26 21:25 . 2008-01-26 21:25 <DIR> d
    C:\Program Files\iPod
    2008-01-26 21:23 . 2008-01-26 21:23 <DIR> d
    C:\Program Files\QuickTime
    2008-01-20 20:14 . 2008-01-20 20:14 <DIR> d
    C:\Program Files\About280.com
    2008-01-19 11:06 . 2008-01-19 11:06 <DIR> d
    C:\Windows\Downloaded Installations
    2008-01-17 21:37 . 2008-01-17 21:37 <DIR> d
    C:\Program Files\Electronic Arts
    2008-01-17 21:37 . 1997-01-22 22:26 565,760 -ra
    C:\Windows\System32\MSVCP50.DLL
    2008-01-17 21:37 . 1999-04-02 16:37 33,792 -ra
    C:\Windows\NPSExec.exe
    2008-01-17 21:34 . 2008-01-17 21:34 <DIR> d
    C:\Program Files\Maxis
    2008-01-17 21:28 . 2008-01-17 21:28 <DIR> d
    C:\Program Files\NovaLogic
    2008-01-17 21:26 . 1998-10-29 17:45 306,688 --a
    C:\Windows\IsUninst.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-12 19:28
    d
    w C:\Users\Claire\AppData\Roaming\AVG7
    2008-02-12 17:37
    d
    w C:\ProgramData\Grisoft
    2008-02-11 20:07
    d
    w C:\ProgramData\avg7
    2008-02-03 14:54
    d
    w C:\Users\Claire\AppData\Roaming\LimeWire
    2008-01-27 17:23
    d
    w C:\Program Files\Java
    2008-01-27 00:05
    d
    w C:\Program Files\Google
    2008-01-26 21:25
    d
    w C:\ProgramData\Apple Computer
    2008-01-14 17:25
    d
    w C:\Users\Claire\AppData\Roaming\Packard Bell
    2008-01-14 17:09 174 --sha-w C:\Program Files\desktop.ini
    2008-01-14 17:08
    d
    w C:\Program Files\Windows Calendar
    2008-01-12 14:17 8,192 ----a-w C:\Windows\System32\riched32.dll
    2008-01-12 14:17 77,824 ----a-w C:\Windows\System32\rascfg.dll
    2008-01-12 14:17 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
    2008-01-12 14:17 694,784 ----a-w C:\Windows\System32\localspl.dll
    2008-01-12 14:17 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2008-01-12 14:17 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
    2008-01-12 14:17 52,736 ----a-w C:\Windows\System32\rasdiag.dll
    2008-01-12 14:17 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
    2008-01-12 14:17 384,000 ----a-w C:\Windows\System32\netcfgx.dll
    2008-01-12 14:17 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-01-12 14:17 33,280 ----a-w C:\Windows\System32\traffic.dll
    2008-01-12 14:17 32,768 ----a-w C:\Windows\System32\rasmxs.dll
    2008-01-12 14:17 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
    2008-01-12 14:17 22,016 ----a-w C:\Windows\System32\rasser.dll
    2008-01-12 14:17 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
    2008-01-12 14:17 15,360 ----a-w C:\Windows\System32\pacerprf.dll
    2008-01-12 14:17 134,656 ----a-w C:\Windows\System32\dps.dll
    2008-01-12 14:17 13,824 ----a-w C:\Windows\System32\wshqos.dll
    2008-01-12 14:17 13,824 ----a-w C:\Windows\System32\icsunattend.exe
    2008-01-12 14:16 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-01-12 14:14 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
    2008-01-12 14:14 65,024 ----a-w C:\Windows\System32\avicap32.dll
    2008-01-12 14:14 61,440 ----a-w C:\Windows\System32\ntprint.exe
    2008-01-12 14:14 269,824 ----a-w C:\Windows\System32\schannel.dll
    2008-01-12 14:14 220,160 ----a-w C:\Windows\System32\ntprint.dll
    2008-01-12 14:14 123,904 ----a-w C:\Windows\System32\msvfw32.dll
    2008-01-12 14:14 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
    2008-01-12 14:14 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
    2008-01-12 14:14 1,984,512 ----a-w C:\Windows\System32\authui.dll
    2008-01-12 14:13 88,576 ----a-w C:\Windows\System32\avifil32.dll
    2008-01-12 14:13 82,944 ----a-w C:\Windows\System32\mciavi32.dll
    2008-01-12 14:13 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
    2008-01-12 14:13 69,632 ----a-w C:\Windows\System32\sendmail.dll
    2008-01-12 14:13 31,232 ----a-w C:\Windows\System32\msvidc32.dll
    2008-01-12 14:13 12,800 ----a-w C:\Windows\System32\msrle32.dll
    2008-01-12 13:18
    d
    w C:\Program Files\LimeWire
    2008-01-12 13:09
    d
    w C:\Program Files\Common Files\Java
    2008-01-12 10:35
    d
    w C:\Program Files\Common Files\Adobe
    2008-01-10 16:26
    d
    w C:\Program Files\Windows Sidebar
    2008-01-10 16:26
    d
    w C:\Program Files\Windows Mail
    2008-01-09 22:44 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-01-09 22:44 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2008-01-09 22:44 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2008-01-09 22:44 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2008-01-09 22:44 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2008-01-09 22:44 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2008-01-09 22:44 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2008-01-09 22:44 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
    2008-01-09 22:44 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2008-01-09 22:44 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2008-01-09 22:44 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
    2008-01-09 22:44 2,923,520 ----a-w C:\Windows\explorer.exe
    2008-01-09 22:44 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-01-09 22:44 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
    2008-01-09 22:42 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-01-09 22:42 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-09 22:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-01-09 22:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-01-09 22:42 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-01-09 22:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-01-09 22:41 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-09 22:41 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-09 22:41 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-01-09 22:40
    d
    w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-09 22:39 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-01-09 22:39 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-01-09 22:39 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-01-09 22:39 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2008-01-09 22:39 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-01-09 22:39 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-09 22:39 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2008-01-09 22:39 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2008-01-09 22:39 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-01-09 22:39 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2008-01-09 22:39 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2008-01-09 22:39 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-01-09 22:39 1,686,016 ----a-w C:\Windows\System32\gameux.dll
    2008-01-09 22:39 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-09 22:38 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-09 22:37 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-09 22:37 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-09 22:37 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-09 22:37 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-09 22:37 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-09 22:36 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-01-09 22:36 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-09 22:36 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-01-09 22:36 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-01-09 22:36 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-01-09 22:36 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70E28A7-AA79-4D62-A59F-87024840BB62}]
    2008-02-09 22:15 236544 --a
    C:\Windows\sysvol32.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 13:32 1120568]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-26 19:22 1006264]
    "SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [2007-09-17 20:09 552960]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 13:24 857648]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 10:39 4702208 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [2007-08-03 05:22 1826816 C:\Windows\SkyTel.exe]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
    "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 22:36 102400]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 16:20 28672]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-08 13:24 579072]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-08 13:24 219136]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 2008-01-08 13:24 9216 C:\Windows\System32\avgwlntf.dll
    R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 17:13]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-04-20 02:16]
    R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-01-08 13:24]
    R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-17 20:09]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 03:12]
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-14 20:59:59 C:\Windows\Tasks\PBReg.job"
    - C:\Program Files\HDReg\HDRegApp.exe
    "2008-02-13 17:30:00 C:\Windows\Tasks\PBRegbk.job"
    - C:\Program Files\HDReg\HDRegApp.exe
    "2008-02-13 17:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
    - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
    .
    **************************************************************************
    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-13 17:53:48
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2008-02-13 17:54:30
    ComboFix2.txt 2008-02-13 16:35:59
    .
    2008-02-09 19:38:01 --- E O F ---


  • #14
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    Hiya..

    Whenever I try to run the system scan in hijack this it just comes up with a blank screen after I select the files... it doesnt seem to do anything...


  • #15
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    Ok, I take that last message back - i restarted and tried to do it again and the files were gone!
    The Trojan Message seems to have gone too! Is there any way of telling whether the computer is totally clean? Also can you recommend the best anti virus/spyware to get? Should I leave on the programs that I have downloaded for this?

    Sorry for all the questions - I appreciate all your help so much!!


  • #16
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Just want to make sure they are gone

    Post a new DSS log there


  • #17
    Cmol
    Closed Accounts Posts: 732 ✭✭✭Cmol


    Deckard's System Scanner v20071014.68
    Run by Claire on 2008-02-15 19:01:07
    Computer is in Normal Mode.
    Percentage of Memory in Use: 79% (more than 75%).
    Total Physical Memory: 895 MiB (1024 MiB recommended).

    -- HijackThis (run as Claire.exe)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:02:57, on 15/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\SiS VGA Utilities\SiSTray.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Claire\Desktop\dss.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Claire.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Grisoft\AVG7\avgw.exe
    C:\Program Files\Grisoft\AVG7\avginet.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202598798233
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 8103 bytes
    -- Files created between 2008-01-15 and 2008-02-15
    2008-02-13 16:42:42 0 d
    C:\Program Files\Trend Micro
    2008-02-13 16:29:22 68096 --a
    C:\Windows\system32\zip.exe
    2008-02-13 16:29:22 98816 --a
    C:\Windows\system32\sed.exe
    2008-02-13 16:29:22 80412 --a
    C:\Windows\system32\grep.exe
    2008-02-13 16:29:22 73728 --a
    C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-02-12 20:04:17 0 d
    C:\Users\All Users\SUPERAntiSpyware.com
    2008-02-12 20:03:08 0 d
    C:\Program Files\SUPERAntiSpyware
    2008-02-12 20:02:15 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-09 22:15:49 52 --a
    C:\tmp.bat
    2008-01-30 18:24:32 53248 --a
    C:\Windows\system32\unrar.dll
    2008-01-30 18:24:28 4358144 -ra
    C:\Windows\uncsetup.exe <Not Verified; GSC Game World; Cossacks Setup Utility for Win32>
    2008-01-26 21:25:26 0 d
    C:\Program Files\iPod
    2008-01-26 21:25:12 0 d
    C:\Program Files\iTunes
    2008-01-26 21:23:10 0 d
    C:\Program Files\QuickTime
    2008-01-20 20:14:47 0 d
    C:\Program Files\About280.com
    2008-01-19 11:06:09 0 d
    C:\Windows\Downloaded Installations
    2008-01-17 21:37:49 33792 -ra
    C:\Windows\NPSExec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
    2008-01-17 21:37:48 0 d
    C:\Program Files\Electronic Arts
    2008-01-17 21:34:45 0 d
    C:\Program Files\Maxis
    2008-01-17 21:28:10 0 d
    C:\Program Files\NovaLogic
    2008-01-17 21:26:00 306688 --a
    C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-01-17 21:25:16 0 -rahs---- C:\MSDOS.SYS
    2008-01-17 21:25:16 0 -rahs---- C:\IO.SYS

    -- Find3M Report
    2008-02-15 19:02:29 0 d
    C:\Users\Claire\AppData\Roaming\AVG7
    2008-02-12 20:03:08 0 d
    C:\Users\Claire\AppData\Roaming\SUPERAntiSpyware.com
    2008-02-12 20:02:15 0 d
    C:\Program Files\Common Files
    2008-02-12 17:37:30 0 d
    C:\Users\Claire\AppData\Roaming\Grisoft
    2008-02-03 14:54:12 0 d
    C:\Users\Claire\AppData\Roaming\LimeWire
    2008-01-27 17:23:09 0 d
    C:\Program Files\Java
    2008-01-27 00:05:08 0 d
    C:\Program Files\Google
    2008-01-15 15:27:10 0 d
    C:\Users\Claire\AppData\Roaming\Google
    2008-01-14 17:25:34 0 d
    C:\Users\Claire\AppData\Roaming\Packard Bell
    2008-01-14 17:09:48 174 --ahs---- C:\Program Files\desktop.ini
    2008-01-14 17:08:22 0 d
    C:\Program Files\Windows Calendar
    2008-01-12 13:18:44 0 d
    C:\Program Files\LimeWire
    2008-01-12 13:09:49 0 d
    C:\Program Files\Common Files\Java
    2008-01-12 10:35:09 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-10 16:26:54 0 d
    C:\Program Files\Windows Mail
    2008-01-10 16:26:49 0 d
    C:\Program Files\Windows Sidebar
    2008-01-09 22:40:44 0 d
    C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-09 22:32:09 0 d
    C:\Program Files\MSXML 4.0
    2008-01-09 19:29:37 0 d
    C:\Users\Claire\AppData\Roaming\Adobe
    2008-01-08 21:05:38 0 d
    C:\Users\Claire\AppData\Roaming\Apple Computer
    2008-01-08 21:02:15 0 d
    C:\Program Files\Apple Software Update
    2008-01-08 21:00:05 0 d
    C:\Program Files\Common Files\Apple
    2008-01-08 19:29:22 0 d
    C:\Users\Claire\AppData\Roaming\Talkback
    2008-01-08 19:28:42 0 d
    C:\Users\Claire\AppData\Roaming\Mozilla
    2008-01-08 19:27:29 0 d
    C:\Program Files\Common Files\Symantec Shared
    2008-01-08 19:19:59 0 d
    C:\Users\Claire\AppData\Roaming\Macromedia
    2008-01-07 18:32:43 0 d
    C:\Users\Claire\AppData\Roaming\CyberLink
    2008-01-07 18:31:57 0 d
    C:\Users\Claire\AppData\Roaming\Roxio
    2008-01-07 18:30:33 0 d
    C:\Users\Claire\AppData\Roaming\Identities

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [26/09/2007 19:22]
    "SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [17/09/2007 20:09]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/03/2007 13:24]
    "RtHDVCpl"="RtHDVCpl.exe" [03/09/2007 10:39 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [03/08/2007 05:22 C:\Windows\SkyTel.exe]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/01/2007 10:40]
    "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [12/06/2007 22:36]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [20/02/2007 16:20]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/01/2008 13:24]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 03:22]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [19/07/2007 13:32]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 08/01/2008 13:24 9216 C:\Windows\System32\avgwlntf.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

    -- End of Deckard's System Scanner: finished at 2008-02-15 19:05:25


  • #18
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Perfect, few small things

    Now lets uninstall Combofix:
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK
    The above procedure will do the following:
    1. Delete ComboFix and its associated files and folders.
    2. Delete VundoFix backups, if present
    3. Delete the C:\Deckard folder, if present
    4. Delete the C:_OtMoveIt folder, if present
    5. Reset the clock settings.
    6. Hide file extensions, if required.
    7. Hide System/Hidden files, if required.
    8. Reset System Restore.



    • Make sure you have an Internet Connection.
    • Double-click OTMoveIt2.exe to run it.
    • Click on the CleanUp! button
    • A list of tool components used in the Cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    • Click Yes to beging the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



    You now need to update your Java and remove your older versions.

    Please follow these steps to remove older version Java components.

    * Click Start > Control Panel.
    * Click Add/Remove Programs.
    * Check any item with Java Runtime Environment (JRE) in the name.
    * Click the Remove or Change/Remove button.

    Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
    here



    Below I have included a number of recommendations for how to protect your computer against malware infections.

    * Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

    * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
    SpywareBlaster protects against bad ActiveX
    IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    * SpywareGuard offers realtime protection from spyware installation attempts.

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

    Thank you for your patience, and performing all of the procedures requested.


Advertisement