Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Help, PLEASE!!!!!!

  • 04-04-2008 5:55pm
    #1
    rocky123
    Closed Accounts Posts: 3


    ok, so I've got AVG vires protection but lately everytime I go to a search engine no matter what I type in this website 'guazu' comes up.

    I scanned the computer and it found no threats, what can I do to make it start working again?? It's so annoying. I'd appreciate help!!


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • #3
    rocky123
    Closed Accounts Posts: 3 rocky123


    here's the log results:


    Deckard's System Scanner v20071014.68
    Run by MCS on 2008-04-04 19:13:00
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    47: 2008-04-04 18:13:10 UTC - RP321 - Deckard's System Scanner Restore Point
    46: 2008-04-03 19:06:21 UTC - RP320 - System Checkpoint
    45: 2008-04-02 17:34:26 UTC - RP319 - System Checkpoint
    44: 2008-04-01 11:55:55 UTC - RP318 - System Checkpoint
    43: 2008-03-31 10:10:17 UTC - RP317 - System Checkpoint


    -- First Restore Point --
    1: 2008-01-04 23:43:52 UTC - RP275 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 495 MiB (512 MiB recommended).


    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-04-04 19:15:19
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\LexBceS.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Lexpps.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Acer\Notebook Manager\almxptray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\system32\hepv8f79.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MCS\Local Settings\Temporary Internet Files\Content.IE5\I72R4ZI1\dss[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.iol.ie/cgi-bin/dslcd?affiliate=IB143001
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://register.iol.ie/cgi-bin/dslcd?affiliate=IB143001
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\Program Files\SearchRelevancy\SearchRelevancy1.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
    O4 - HKLM\..\Run: [LaunchApp] LaunApp
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [hepv8f79] C:\WINDOWS\System32\hepv8f79.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ChkMail] ¨<Œ
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} () - http://static.windupdates.com/cab/GamesUnlimited/ie/Bridge-c139.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{E29C2868-9A59-48A9-B565-61436447E10A}: NameServer = 172.31.140.69 172.30.140.69
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LexBceS.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


    --
    End of file - 7042 bytes

    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
    R2 acernbm - c:\windows\system32\drivers\acernbm.sys
    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


    -- Device Manager: Disabled

    No disabled devices found.


    -- Scheduled Tasks

    2008-04-04 18:02:02 256 --a
    C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    2008-04-04 16:07:36 360 --a
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    2008-03-29 22:35:08 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-03-04 and 2008-04-04

    Nothing created in this timespan.


    -- Find3M Report

    2008-04-04 17:26:08 2687 --a
    C:\WINDOWS\system32\0ck8l44f.dat
    2008-04-01 21:40:34 16 --a
    C:\WINDOWS\system32\55hnlrsf.dat
    2008-04-01 21:40:28 931336 --a
    C:\WINDOWS\system32\sep2on2r.dat
    2008-04-01 21:40:14 2248 --a
    C:\WINDOWS\system32\1acvd0uj.dat


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}]
    30/12/2004 07:51 74752 --a
    C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="LaunApp" []
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [07/04/2003 00:19]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 00:07]
    "AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [16/05/2003 17:09]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [24/04/2003 16:51]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [24/04/2003 16:44]
    "AGRSMMSG"="AGRSMMSG.exe" [14/02/2003 11:59 C:\WINDOWS\AGRSMMSG.exe]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [25/11/2002 10:23]
    "PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [27/03/2001 03:08]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [15/10/2001 12:45]
    "hepv8f79"="C:\WINDOWS\System32\hepv8f79.exe" [12/02/2007 10:50]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/12/2007 10:56]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/12/2007 22:05]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/12/2007 12:10]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
    "ChkMail"="¨<Œ" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [22/12/2007 20:20]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 09:15:54]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09de49c1-7772-11dc-9a63-000ae4506d10}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf51efe1-1750-11dc-9a45-000ae4506d10}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf51efe3-1750-11dc-9a45-000ae4506d10}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5c1890-cf25-11db-9a36-000ae4506d10}]
    AutoRun\command- G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c9c480-55bd-11dc-9a4a-000ae4506d10}]
    AutoRun\command- F:\AutoRun.exe




    -- End of Deckard's System Scanner: finished at 2008-04-04 19:16:09



    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz
    Percentage of Memory in Use: 70%
    Physical Memory (total/avail): 494.42 MiB / 143.41 MiB
    Pagefile Memory (total/avail): 1155.51 MiB / 834.54 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1902.09 MiB

    A: is Removable (No Media)
    C: is Fixed (FAT32) - 27.47 GiB total, 13.86 GiB free.
    D: is Fixed (FAT32) - 9.76 GiB total, 8.47 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (CDFS)

    \\.\PHYSICALDRIVE0 - IC25N040ATMR04-0 - 37.26 GiB - 3 partitions
    \PARTITION0 (bootable) - Unknown - 27.49 GiB - C:
    \PARTITION1 - Unknown - 9.77 GiB - D:
    \PARTITION2 - Unknown - 7.84 MiB



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    AV: AVG 7.5.519 v7.5.519 (Grisoft)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 DataModem HSDPA.exe"="C:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 DataModem HSDPA.exe:*:Enabled:3 DDataModem HSDPA"
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\MCS\Application Data
    CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=ACER-KQJM6RKK68
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\MCS
    LOGONSERVER=\\ACER-KQJM6RKK68
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0209
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\MCS\LOCALS~1\Temp
    TMP=C:\DOCUME~1\MCS\LOCALS~1\Temp
    USERDOMAIN=ACER-KQJM6RKK68
    USERNAME=MCS
    USERPROFILE=C:\Documents and Settings\MCS
    windir=C:\WINDOWS


    -- User Profiles

    MCS (admin)
    Administrator (admin)


    -- Add/Remove Programs

    --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3 DataModem HSDPA --> C:\PROGRA~1\HUAWEI~1\HUAWEI~1\Uninstall.exe
    Acer Notebook Manager --> MsiExec.exe /X{8C2FA1ED-8248-42DF-A78A-48D40133129E}
    acer screen saver --> C:\windows\TravelMate\uninstall.exe
    Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Agere Systems AC'97 Modem --> agrsmdel
    Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    Facility Timetabler --> C:\WINDOWS\uninst.exe -fc:\ttwin\DeIsL1.isu -cc:\ttwin\_ISREG32.DLL
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    hp deskjet 845c series (Remove only) --> C:\Program Files\hp deskjet 845c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB002 -vproduct=845c -huninstall
    Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
    Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
    iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
    LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Macromedia Flash Player --> MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
    Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
    Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
    Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
    NTI CD & DVD-Maker 6.5 Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2BEE2164-8BF1-4853-9193-36FDA9E4E46A} AnyText
    PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.exe" -uninstall
    QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
    Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
    Search Relevancy --> C:\Program Files\SearchRelevancy\uninstall.exe
    SelectRebates --> C:\WINDOWS\4fohplm1.exe
    SONIC MEGA COLLECTION PLUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C642BF2-C083-4C00-B832-48BA1CBB08D8}\setup.exe" -l0x9 -removeonly
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall


    -- Application Event Log

    Event Record #/Type4599 / Warning
    Event Submitted/Written: 04/01/2008 11:41:29 AM
    Event ID/Source: 32066 / Microsoft Fax
    Event Description:
    At least one of the devices in the outgoing routing group is not valid.
    Group name: '<All devices>'

    Event Record #/Type4593 / Warning
    Event Submitted/Written: 03/31/2008 09:14:46 PM
    Event ID/Source: 32066 / Microsoft Fax
    Event Description:
    At least one of the devices in the outgoing routing group is not valid.
    Group name: '<All devices>'

    Event Record #/Type4577 / Error
    Event Submitted/Written: 03/30/2008 02:27:20 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type4576 / Error
    Event Submitted/Written: 03/30/2008 02:27:19 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type4573 / Warning
    Event Submitted/Written: 03/30/2008 01:21:05 PM
    Event ID/Source: 32066 / Microsoft Fax
    Event Description:
    At least one of the devices in the outgoing routing group is not valid.
    Group name: '<All devices>'



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type22537 / Warning
    Event Submitted/Written: 03/30/2008 02:46:58 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type22507 / Error
    Event Submitted/Written: 03/29/2008 11:35:44 PM
    Event ID/Source: 43 / Modem
    Event Description:
    The system sleep operation failed

    Event Record #/Type22505 / Error
    Event Submitted/Written: 03/29/2008 10:02:43 PM
    Event ID/Source: 1003 / System Error
    Event Description:
    Error code 1000007e, parameter1 c0000005, parameter2 eee97071, parameter3 f762ac54, parameter4 f762a950.

    Event Record #/Type22460 / Error
    Event Submitted/Written: 03/28/2008 10:05:40 PM
    Event ID/Source: 1003 / System Error
    Event Description:
    Error code 1000007e, parameter1 c0000005, parameter2 eee65071, parameter3 f7626c54, parameter4 f7626950.

    Event Record #/Type22297 / Error
    Event Submitted/Written: 03/24/2008 09:13:20 PM
    Event ID/Source: 7011 / Service Control Manager
    Event Description:
    Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.



    -- End of Deckard's System Scanner: finished at 2008-04-04 19:16:09


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

    SelectRebates
    SearchRelevancy



    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\Program Files\SearchRelevancy\SearchRelevancy1.dll
    O4 - HKLM\..\Run: [hepv8f79] C:\WINDOWS\System32\hepv8f79.exe
    O4 - HKCU\..\Run: [ChkMail] ¨<Œ
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} () - http://static.windupdates.com/cab/Ga...ridge-c139.cab

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      [kill explorer]
C:\WINDOWS\system32\0ck8l44f.dat
C:\WINDOWS\system32\55hnlrsf.dat
C:\WINDOWS\system32\sep2on2r.dat
C:\WINDOWS\system32\1acvd0uj.dat
F:\AutoRun.exe
G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09de49c1-7772-11dc-9a63-000ae4506d10}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf51efe1-1750-11dc-9a45-000ae4506d10}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf51efe3-1750-11dc-9a45-000ae4506d10}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5c1890-cf25-11db-9a36-000ae4506d10}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c9c480-55bd-11dc-9a4a-000ae4506d10}
C:\Program Files\SearchRelevancy
C:\WINDOWS\4fohplm1.exe
purity 
[start explorer]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Reboot and post a new DSS log


  • #5
    rocky123
    Closed Accounts Posts: 3 rocky123


    Ok all done, but when I went into add/remove programs it says that I cant remove SearchRelevancy. It keeps saying that I've to exit out of internet explorer first...even though I already have. But it's stopped redirecting me to that weird website.


    Explorer killed successfully
    File/Folder C:\WINDOWS\system32\0ck8l44f.dat not found.
    File/Folder C:\WINDOWS\system32\55hnlrsf.dat not found.
    File/Folder C:\WINDOWS\system32\sep2on2r.dat not found.
    File/Folder C:\WINDOWS\system32\1acvd0uj.dat not found.
    File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
    File/Folder G:\LaunchU3.exe not found.
    File/Folder HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09de49c1-7772-11dc-9a63-000ae4506d10} not found.
    File/Folder HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf51efe1-1750-11dc-9a45-000ae4506d10} not found.
    File/Folder HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf51efe3-1750-11dc-9a45-000ae4506d10} not found.
    File/Folder HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5c1890-cf25-11db-9a36-000ae4506d10} not found.
    File/Folder HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c9c480-55bd-11dc-9a4a-000ae4506d10} not found.
    Folder move failed. C:\Program Files\SearchRelevancy scheduled to be moved on reboot.
    File/Folder C:\WINDOWS\4fohplm1.exe not found.
    < purity >
    Explorer started successfully

    OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04042008_220742

    Files moved on Reboot...
    File F:\AutoRun.exe not found!
    C:\Program Files\SearchRelevancy moved successfully.

    Deckard's System Scanner v20071014.68
    Run by MCS on 2008-04-04 22:14:29
    Computer is in Normal Mode.

    Total Physical Memory: 495 MiB (512 MiB recommended).


    -- HijackThis (run as MCS.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:14:34, on 04/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Acer\Notebook Manager\almxptray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MCS\Local Settings\Temporary Internet Files\Content.IE5\I72R4ZI1\dss[1].exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\MCS.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.iol.ie/cgi-bin/dslcd?affiliate=IB143001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://register.iol.ie/cgi-bin/dslcd?affiliate=IB143001
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LaunchApp] LaunApp
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E29C2868-9A59-48A9-B565-61436447E10A}: NameServer = 172.31.140.69 172.30.140.69
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 5586 bytes

    -- Files created between 2008-03-04 and 2008-04-04

    2008-04-04 21:57:00 0 d
    C:\Program Files\Trend Micro


    -- Find3M Report

    Nothing modified in this timespan.


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="LaunApp" []
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [07/04/2003 00:19]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 00:07]
    "AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [16/05/2003 17:09]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [24/04/2003 16:51]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [24/04/2003 16:44]
    "AGRSMMSG"="AGRSMMSG.exe" [14/02/2003 11:59 C:\WINDOWS\AGRSMMSG.exe]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [25/11/2002 10:23]
    "PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [27/03/2001 03:08]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [15/10/2001 12:45]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/12/2007 10:56]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/12/2007 22:05]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/12/2007 12:10]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [22/12/2007 20:20]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 09:15:54]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09de49c1-7772-11dc-9a63-000ae4506d10}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf51efe1-1750-11dc-9a45-000ae4506d10}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf51efe3-1750-11dc-9a45-000ae4506d10}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5c1890-cf25-11db-9a36-000ae4506d10}]
    AutoRun\command- G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c9c480-55bd-11dc-9a4a-000ae4506d10}]
    AutoRun\command- F:\AutoRun.exe




    -- End of Deckard's System Scanner: finished at 2008-04-04 22:14:55


  • #6
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello
      1 - Flash Drive Disinfector
      Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
      • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
      • Wait until it has finished scanning and then exit the program.
      • Reboot your computer when done.
      Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.




      Please do an online scan with Kaspersky WebScanner

      Click on Kaspersky Online Scanner and click Accept

      You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
      • The program will launch and then begin downloading the latest definition files:
      • Once the files have been downloaded click on NEXT
      • Now click on Scan Settings
      • In the scan settings make that the following are selected:
        • Scan using the following Anti-Virus database:
          Extended (if available otherwise Standard)
        • Scan Options:
          Scan Archives
          Scan Mail Bases

          [*]Click OK
          [*]Now under select a target to scan:
            Select
          My Computer

          [*]This will program will start and scan your system.
          [*]The scan will take a while so be patient and let it run.
          [*]Once the scan is complete it will display if your system has been infected.
          • Now click on the Save as Text button:
          [*]Save the file to your desktop.
          [*]Copy and paste that information in your next post.



          Reboot and post a new DSS log and tell me how your PC is running


        • Advertisement
        Advertisement