Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

spyware removal questions

  • 14-06-2008 9:42pm
    #1
    crapmanjoe
    Registered Users, Registered Users 2 Posts: 472 ✭✭


    Hi i have some spy ware installed on the computer and trying to get rid of it

    I have spybot search and destory but every time i run it something happens and i get a blue screen and the computer crashes.

    downloaded another spy removal program but same thing keeps happening

    bloody thing is driving me nuts - any1 have any ideas?


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    I wonder if the Sticky Topic called "I think I have a virus" - Please Read & Try BEFORE Posting may help....hmmm...


  • #3
    crapmanjoe
    Registered Users, Registered Users 2 Posts: 472 ✭✭crapmanjoe


    ActorSeeksJob wrote: »
    I wonder if the Sticky Topic called "I think I have a virus" - Please Read & Try BEFORE Posting may help....hmmm...

    ok maybe i should have been more specfic

    yeah that thread was my first point of call

    tried step 1 (ATF cleaner), computer screen crashed - blue screen from hell
    then tried to maually delete the temp files but same things happen

    so im tinking the error might be something to do with the windows temp folder?

    the blue screen is something about a stacked buffer over loading which meant malware is trying to access the system and the computer im guessing shuts down to protect itself

    then said id skip to step 2, computer screen crashed - blue screen from hell
    (but while running the mal ware scan it encountered loads of incidents, but it crashes before the end and if i manually stop it to clean the malware it crashes

    really havent a clue how to get rid of this bloody thing - driving me mad, computer keeps crashing

    help


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Post the DSS logs from the Sticky Thread


  • #5
    crapmanjoe
    Registered Users, Registered Users 2 Posts: 472 ✭✭crapmanjoe


    Ok ran the test, cant really make anything of the result

    Deckard's System Scanner v20071014.68
    Run by Daryll.Sheridan on 2008-06-19 08:59:48
    Computer is in Normal Mode.



    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-06-19 09:00:18
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\EY AWS\bin\NetAPISrvr.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Trisnap Technologies\SSI\SysEnforce.exe
    C:\Program Files\CyberArmor\casvc.exe
    C:\Program Files\CyberArmor\pcs.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Program Files\Timbuktu Pro\tb2logon.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Pointsec\P95TRAY.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
    C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\WINDOWS\system32\iprntctl.exe
    C:\WINDOWS\system32\iprntlgn.exe
    C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberArmor\pcshelp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
    C:\Program Files\Apoint\hidfind.exe
    C:\Program Files\AAP\ACQ\EY.AAP.Acquisition.exe
    C:\Program Files\Apoint\ApntEx.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\CyberArmor\pcshelp.exe
    C:\Documents and Settings\Daryll.sherindan\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.iweb.ey.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ernst & Young
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = eyicweb02.ey.net:8080
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iweb.ey.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Groove Networks\Groove\Bin\GrooveShellExtensions.dll
    O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\system32\162123\162123.dll
    O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Vodafone Mobile Connect] C:\Program Files\Vodafone\Mobile Connect Embedded\VodafoneMC.exe -a
    O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Protect Tray] "C:\Program Files\Pointsec\P95tray.exe"
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
    O4 - HKLM\..\Run: [Kontiki] "C:\Program Files\Kontiki\khost.exe" -i -p ey-ey
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
    O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [CyberArmorHelper] C:\PROGRA~1\CYBERA~1\pcshelp.exe -check
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AAPAcqService] C:\Program Files\AAP\ACQ\EY.AAP.Acquisition.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\khost.exe
    O4 - HKCU\..\RunOnce: [ProxyOn] C:\Progra~1\ConnWiz\ProxyOn.EXE
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: https://eFormRS.com (HKLM)
    O15 - Trusted Zone: http://ey.com (HKLM)
    O15 - Trusted Zone: https://ey.com (HKLM)
    O15 - Trusted Zone: http://ey.net (HKLM)
    O15 - Trusted Zone: https://ey.net (HKLM)
    O15 - Trusted Zone: http://eyleads.com (HKLM)
    O15 - Trusted Zone: http://eylink.com (HKLM)
    O15 - Trusted Zone: http://eyqa.net (HKLM)
    O15 - Trusted Zone: https://eyqa.net (HKLM)
    O15 - Trusted Zone: http://eyua.net (HKLM)
    O15 - Trusted Zone: https://eyua.net (HKLM)
    O15 - Trusted Zone: https://gosystemrs.fasttax.com (HKLM)
    O15 - Trusted Zone: http://ey.fincad.com (HKLM)
    O15 - Trusted Zone: http://intellinex-asp.com (HKLM)
    O15 - Trusted Zone: http://intellinex.com (HKLM)
    O15 - Trusted Zone: https://intellinex.com (HKLM)
    O15 - Trusted Zone: http://web.lexis.com (HKLM)
    O15 - Trusted Zone: http://intellinex.raindance.com (HKLM)
    O15 - Trusted Zone: http://smarttrainer4.com (HKLM)
    O15 - Trusted Zone: http://surveymonkey.com (HKLM)
    O15 - Trusted Zone: https://gosystem.thomson.com (HKLM)
    O15 - Trusted Zone: http://thomsonib.com (HKLM)
    O15 - Trusted Zone: http://cserver.xtremelearning.com (HKLM)
    O15 - Trusted Zone: https://eFormRS.com (HKCU)
    O15 - Trusted Zone: http://ey.com (HKCU)
    O15 - Trusted Zone: https://ey.com (HKCU)
    O15 - Trusted Zone: http://ey.net (HKCU)
    O15 - Trusted Zone: https://ey.net (HKCU)
    O15 - Trusted Zone: http://eyleads.com (HKCU)
    O15 - Trusted Zone: http://eylink.com (HKCU)
    O15 - Trusted Zone: http://eyqa.net (HKCU)
    O15 - Trusted Zone: https://eyqa.net (HKCU)
    O15 - Trusted Zone: http://eyua.net (HKCU)
    O15 - Trusted Zone: https://eyua.net (HKCU)
    O15 - Trusted Zone: https://gosystemrs.fasttax.com (HKCU)
    O15 - Trusted Zone: http://ey.fincad.com (HKCU)
    O15 - Trusted Zone: http://intellinex-asp.com (HKCU)
    O15 - Trusted Zone: http://intellinex.com (HKCU)
    O15 - Trusted Zone: https://intellinex.com (HKCU)
    O15 - Trusted Zone: http://web.lexis.com (HKCU)
    O15 - Trusted Zone: http://intellinex.raindance.com (HKCU)
    O15 - Trusted Zone: http://smarttrainer4.com (HKCU)
    O15 - Trusted Zone: http://surveymonkey.com (HKCU)
    O15 - Trusted Zone: https://gosystem.thomson.com (HKCU)
    O15 - Trusted Zone: http://thomsonib.com (HKCU)
    O15 - Trusted Zone: http://cserver.xtremelearning.com (HKCU)
    O15 - Trusted IP Range: http://130.94.72.17 (HKLM)
    O15 - Trusted IP Range: https://130.94.72.17 (HKLM)
    O15 - Trusted IP Range: http://195.95.*.* (HKCU)
    O15 - Trusted IP Range: https://195.95.*.* (HKCU)
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/iNotes6W.cab
    O16 - DPF: {51B217FA-AA53-11D1-8295-006097970389} (NotesUserCtrl Class) - http://home.iweb.ey.com/kweb6/cab/notesuser.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200225133718
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\Software\..\Telephony: DomainName = eurw.ey.net
    O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = eurw.ey.net
    O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: SearchList = eurw.ey.net,ey.com,ey.net,eylink.com
    O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = eurw.ey.net
    O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: SearchList = eurw.ey.net,ey.com,ey.net,eylink.com
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = eurw.ey.net
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = eurw.ey.net,ey.com,ey.net,eylink.com
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O20 - AppInit_DLLs: cahooknt.dll
    O22 - SharedTaskScheduler: dikage - {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - C:\WINDOWS\system32\lruvqvw.dll (file missing)
    O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\system32\psqnuvo.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Groove Audit Service (GrooveAuditService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveAuditService.exe
    O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
    O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
    O23 - Service: Network API Server (NetAPISrvr) - Unknown owner - C:\Program Files\EY AWS\bin\NetAPISrvr.exe
    O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
    O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\PROT_SRV.EXE
    O23 - Service: Pointsec update agent (Pointsec_agent) - Unknown owner - C:\WINDOWS\system32\PAGENTS.EXE
    O23 - Service: Pointsec service start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\PSTARTSR.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SysEnforce - Unknown owner - C:\Program Files\Trisnap Technologies\SSI\SysEnforce.exe
    O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


    --
    End of file - 15800 bytes

    -- Files created between 2008-05-19 and 2008-06-19

    2008-06-18 18:06:49 0 d
    C:\WINDOWS\pss
    2008-06-15 23:23:49 0 d
    C:\Documents and Settings\Daryll.sherindan\Application Data\Malwarebytes
    2008-06-15 23:23:46 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-15 23:23:46 0 d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-14 22:33:57 159744 --a
    C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
    2008-06-14 22:33:57 0 d
    C:\Program Files\Trisnap Technologies
    2008-06-14 16:59:04 0 d
    C:\Documents and Settings\All Users\Application Data\ADSL Software Limited
    2008-06-14 15:14:44 0 d-a
    C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-14 15:14:43 0 d
    C:\Program Files\AntiSpyCheck
    2008-06-14 15:14:37 8704 --a
    C:\WINDOWS\system32\tdidrv32.sys
    2008-06-14 15:14:36 0 d
    C:\WINDOWS\system32\162123
    2008-06-14 15:14:28 0 d
    C:\Program Files\NetProject


    -- Find3M Report

    2008-06-19 08:59:35 0 d
    C:\Program Files\ConnWiz
    2008-06-18 18:43:20 0 d
    C:\Documents and Settings\Daryll.sherindan\Application Data\Kingston
    2008-06-18 17:34:53 0 d
    C:\Program Files\Pointsec
    2008-06-13 16:45:48 13312 --a-s---- C:\WINDOWS\system32\psqnuvo.dll
    2008-06-08 16:33:30 2484 --a
    C:\WINDOWS\bthservsdp.dat
    2008-04-25 10:48:55 0 d
    C:\Documents and Settings\Daryll.sherindan\Application Data\PowerHouse


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95667A7A-03B3-4EE0-91AE-A4DE74D25729}]
    14/06/2008 15:14 15360 --a
    C:\WINDOWS\system32\162123\162123.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99BA268B-4021-4739-9945-3C774217FE75}]
    19/06/2008 00:11 8192 --a
    C:\Program Files\NetProject\sbmdl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [25/10/2006 01:33]
    "Vodafone Mobile Connect"="C:\Program Files\Vodafone\Mobile Connect Embedded\VodafoneMC.exe" [01/09/2006 11:47]
    "TLogonPath"="C:\Program Files\Timbuktu Pro\Tb2Logon.exe" [13/08/2002 16:13]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [04/07/2006 17:59]
    "SigmatelSysTrayApp"="stsystra.exe" [16/11/2005 15:35 C:\WINDOWS\stsystra.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 16:27]
    "Protect Tray"="C:\Program Files\Pointsec\P95tray.exe" [04/07/2007 11:41]
    "pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [25/01/2006 13:55]
    "OdTray.exe"="C:\Program Files\Funk Software\Odyssey Client\OdTray.exe" [19/05/2005 20:56]
    "Kontiki"="C:\Program Files\Kontiki\khost.exe" [18/01/2005 13:30]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 04:22]
    "iPrint Tray"="C:\WINDOWS\system32\iprntctl.exe" [06/09/2007 10:45]
    "iPrint Event Monitor"="C:\WINDOWS\system32\iprntlgn.exe" [06/09/2007 10:45]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [01/05/2006 09:28]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [01/05/2006 09:28]
    "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [13/12/2005 17:44]
    "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [13/12/2005 17:45]
    "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [13/12/2005 17:41]
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 22:22]
    "FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [10/01/2006 13:30]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [06/04/2006 14:58]
    "CyberArmorHelper"="C:\PROGRA~1\CYBERA~1\pcshelp.exe" [09/11/2005 20:42]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [19/07/2006 20:26]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [03/08/2004 09:56 C:\WINDOWS\system32\bthprops.cpl]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/10/2005 14:13]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [17/12/2002 12:28]
    "AAPAcqService"="C:\Program Files\AAP\ACQ\EY.AAP.Acquisition.exe" [26/07/2007 14:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 12:43]
    "kdx"="C:\Program Files\Kontiki\khost.exe" [18/01/2005 13:30]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "ProxyOn"=C:\Progra~1\ConnWiz\ProxyOn.EXE

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "<NO NAME>"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "start"=C:\Program Files\NetProject\sbmntr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{d4c51fa4-9192-4a9a-8d2a-a0690c92f171}"= C:\WINDOWS\system32\lruvqvw.dll [ ]
    "{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"= C:\WINDOWS\system32\psqnuvo.dll [13/06/2008 16:45 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
    odyEvent.dll 10/07/2006 14:50 106496 C:\WINDOWS\system32\odyEvent.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
    C:\Program Files\Timbuktu Pro\Hook32.dll 13/08/2002 16:18 81973 C:\Program Files\Timbuktu Pro\HOOK32.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"= cahooknt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
    "Script"=shutdown.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
    "Script"=Startup.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
    "Script"=EYConfig_dll.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-299502267-1417001333-43810\Scripts\Logon\0\0]
    "Script"=ERoomProxy.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-299502267-1417001333-43810\Scripts\Logon\1\0]
    "Script"=Dub Form Update.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-299502267-1417001333-43810\Scripts\Logon\2\0]
    "Script"=DonotsaveBUTempty.vbs

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AuditingTools]
    C:\WINDOWS\System32\msiexec.exe /i C:\WINDOWS\EYINST\AudTools256\AuditingToolbar.msi /qb

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\EY_Leads_Branding]
    C:\WINDOWS\EYINST\ACS_Offline_Course_Manager\EY_Leads.EXE /S

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\SamplingAssistant]
    C:\WINDOWS\system32\msiexec.exe /i C:\WINDOWS\EYINST\SaAssist22\SaAssist22.msi /qb

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
    rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmactedp.inf,PerUserStub



    -- End of Deckard's System Scanner: finished at 2008-06-19 09:00:45

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Unable to create WMI object.

    Architecture: X86; Language: English

    Percentage of Memory in Use: 26%
    Physical Memory (total/avail): 2037.77 MiB / 1504.2 MiB
    Pagefile Memory (total/avail): 3930.67 MiB / 3564.23 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1947.14 MiB

    C: is Fixed (NTFS) - 74.53 GiB total, 53.89 GiB free.
    D: is CDROM (UDF)


    -- Security Center

    AUOptions is not configured.
    Windows Internal Firewall is enabled.

    Unable to create WMI object.

    -- Environment Variables

    ADMIN=YES
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Daryll.sherindan\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=IEWDUBLSHERIDDA
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Daryll.sherindan
    LOGONSERVER=\\DEFRANMEYAD05
    MIGO_DRIVE=E
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\LSinfo\;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Sybase\Shared\Win32;C:\Program Files\Sybase\SQL Anywhere 7\Win32;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f06
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\WINDOWS\TEMP
    TMP=C:\WINDOWS\TEMP
    USERDNSDOMAIN=EURW.EY.NET
    USERDOMAIN=EURW
    USERNAME=Daryll.Sheridan
    USERPROFILE=C:\Documents and Settings\Daryll.sherindan
    windir=C:\WINDOWS


    -- User Profiles

    Helpdesk (admin)
    brian.casey (new local, admin, net ready)
    sebastien.claude (new local, admin, net ready)
    Daryll.sherindan (admin)


    -- Add/Remove Programs

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    --> C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ACL Version 8 --> MsiExec.exe /I{DA976589-6642-4DF5-8EDE-8B420340DB56}
    ACS Offline Course Manager --> MsiExec.exe /I{90FF8B1D-1A81-476C-83F3-1F8D71C1CFC0}
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}
    Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
    Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Auditing Tools --> MsiExec.exe /X{7145EE1C-9E7F-41FF-A729-75F99CC063BB}
    Aventail Connect --> MsiExec.exe /I{A2A78788-2792-49BF-AF22-5E9296E568F3}
    Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
    Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Compustat ExcelLink --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Compustat ExcelLink\DeIsL1.isu"
    Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
    Connection Wizard --> C:\PROGRA~1\ConnWiz\UNWISE.EXE C:\PROGRA~1\ConnWiz\INSTALL.LOG
    CyberArmor --> C:\PROGRA~1\CYBERA~1\UNWISE.EXE C:\PROGRA~1\CYBERA~1\INSTALL.LOG
    Dell Mobile Broadband Card Utility --> MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
    Excel Fix for My Recent Documents --> MsiExec.exe /X{84741142-31F4-4640-B5C9-6D8EB4ACC02D}
    EY Random --> MsiExec.exe /X{CC53DD2F-80DA-483E-9698-B0E497C34308}
    EY Visual Identity 2008 Screensaver White --> MsiExec.exe /I{E9164DFC-1ED8-4DF6-A02B-7F6AE317BC8D}
    EY/AWS --> MsiExec.exe /I{EB59B1AD-06C8-4EFD-AB7B-8AC792BEFAD0}
    EY/Business Process Profiler --> MsiExec.exe /I{1E656E29-6EBE-40EA-A13C-5D2A5089B957}
    EY/MicroSTART --> MsiExec.exe /X{2FD1E78C-008C-4E25-B7CB-281293F8B45E}
    EY/Options --> MsiExec.exe /X{A71592AA-85CE-4C43-9826-68F7B3A4CEE2}
    EYRunAs_Client --> MsiExec.exe /I{5D1213DD-F9AE-4639-933B-D8BE9186A43E}
    Fiberlink Global Remote --> MsiExec.exe /X{C8F5F433-8DD0-445E-BE69-3750BF492D35}
    FinePrint --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpinst5.exe /uninstall
    GAAIT - Personal Edition --> MsiExec.exe /X{0D617564-DD4A-498D-B085-C9079FF7B968}
    GAAIT - Personal Edition --> MsiExec.exe /X{47D106CA-E8EA-40A9-9EA5-153822C03C11}
    GAMxLogger --> MsiExec.exe /I{6365F4FC-6AEC-41A5-AD3B-8BE937EEF623}
    GoldWave v5.23 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.23" "C:\Program Files\GoldWave\unstall.log"
    Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
    Groove Virtual Office --> MsiExec.exe /X{BA49D9F9-8A09-48AD-83FB-AAFCB28FB8BD}
    gTime and Expense --> MsiExec.exe /I{B26A4DA8-6B90-4D2D-8192-BA1A12E54309}
    High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
    Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
    Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
    Internet Service --> "C:\Program Files\NetProject\waun.exe"
    InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
    iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
    J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
    Kontiki Delivery Manager --> MsiExec.exe /I{9641EC1E-BB62-40CB-8902-943720CCCB9C}
    LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Lotus Notes 6.5.3 --> MsiExec.exe /I{70D040E8-C756-4B59-A1FC-B758D9A0792D}
    Lotus Notes Hotfix --> MsiExec.exe /X{38BA314F-52DA-40C8-A847-384B4372C783}
    Macromedia Flash Player --> MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
    mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
    mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
    Media Player --> MsiExec.exe /X{E49F1A1F-7693-4ED4-A06A-E8D62F290113}
    mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
    Micrografx FlowCharter Viewer 7 --> C:\WINDOWS\mgxclean.exe flowView.App
    Microsoft Office 2000 Web Components --> MsiExec.exe /I{902E0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /X{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Professional 2003 --> MsiExec.exe /X{90510409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
    Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{96327C3C-96BE-4C7A-A6F7-A71635E5949A}
    Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
    Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
    Microsoft WSE 2.0 SP1 Runtime --> MsiExec.exe /X{C9603D6E-FC80-452E-A85D-CE29D4302AAD}
    Migo --> C:\Documents and Settings\Daryll.sherindan\Application Data\Powerhouse\Migo\MigoCleanup.exe
    mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
    mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
    mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
    mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
    mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
    mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
    mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
    mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
    mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
    Novell iPrint Client v04.32.00 --> C:\WINDOWS\system32\iprint\setupipp.exe /uninstall
    Odyssey Client --> MsiExec.exe /X{7B81B736-F3D1-473D-88A6-96C3C1B50F42}
    Oracle JInitiator 1.1.8.16 --> C:\PROGRA~1\Oracle\JINITI~1.16\bin\uninstall.exe C:\WINDOWS\uninst.exe -f"C:\PROGRA~1\Oracle\JINITI~1.16\DeIsL1.isu" -cC:\PROGRA~1\Oracle\JINITI~1.16\_ISREG32.DLL
    OZ776 SCR CardBus Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
    pdfFactory Pro --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst2.exe /uninstall
    Pointsec for PC --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{31B33270-24D7-4307-84F2-A3288636B83A}
    QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
    QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Remove Hidden Data Tool --> MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
    Retain Notes --> C:\PROGRA~1\RETAIN~1\UNWISE.EXE C:\PROGRA~1\RETAIN~1\Install.LOG
    RssBandit --> MsiExec.exe /I{BFF9E5EC-646C-4F05-8031-41CB3AF0A7E9}
    Sametime Client v3.1 --> MsiExec.exe /I{127019B2-6EAB-4F9E-A93B-460EEEEFB852}
    Sametime Print Capture --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82AFAC3E-A0EA-11D3-BFAC-00C04F60824A}\setup.exe"
    Sametime Print Capture Port Fix --> MsiExec.exe /X{AF2D9C92-E705-44CE-BEF9-C2672FEF62C5}
    Sampling Assistant --> MsiExec.exe /X{05868AF7-5984-4CAE-96E3-A01C36D1DA1D}
    Search for EY Printers --> MsiExec.exe /I{5D806F07-ADB3-4F23-8346-DAA251C04FCF}
    Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Shockwave v10 --> MsiExec.exe /X{A59895DE-0E79-4846-94E6-0169B1268AFC}
    SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Skype™ Beta 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Soap Took Kit --> MsiExec.exe /I{7C4A7CB9-C388-46D8-95F3-5FB8AA5CE873}
    SopCast 2.0.4 --> C:\Program Files\SopCast\uninst.exe
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SwiftFile 2.0.3 --> MsiExec.exe /I{438E0D78-E86D-47FB-BD63-26864A5F2E8F}
    Symantec AntiVirus --> MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
    System Spyware Interrogator --> C:\PROGRA~1\TRISNA~1\SSI\UNWISE.EXE C:\PROGRA~1\TRISNA~1\SSI\INSTALL.LOG
    Timbuktu Pro for Windows build 900 --> MsiExec.exe /X{6A061028-B634-45B6-AC95-6B474AE04405}
    UltimateZip 2007 --> "C:\Program Files\UltimateZip 2007\unins000.exe"
    Vodafone Mobile Connect --> MsiExec.exe /X{531E6021-32A4-44B1-B1F0-6C7DA10D56CB}
    Web Application --> "C:\Program Files\NetProject\scu.exe"
    Windows Safety Alert --> C:\WINDOWS\Temp\zfe2.exe /del
    WinZip --> "C:\PROGRA~1\WinZip\WINZIP32.EXE" /uninstall
    ZipMail V8 for Lotus Notes --> C:\WINDOWS\IsUninst.exe -fC:\lotus\notes\data\zmlnl.isu -c"C:\lotus\notes\Uninst.dll


    -- Application Event Log

    No Errors/Warnings found.


    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    No Errors/Warnings found.


    -- End of Deckard's System Scanner: finished at 2008-06-19 00:15:53


  • #6
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\system32\162123\162123.dll
    O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
    O22 - SharedTaskScheduler: dikage - {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - C:\WINDOWS\system32\lruvqvw.dll (file missing)
    O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\system32\psqnuvo.dll


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.





    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      [kill explorer]
C:\Program Files\AntiSpyCheck
C:\WINDOWS\system32\tdidrv32.sys
C:\WINDOWS\system32\162123
C:\Program Files\NetProject
C:\WINDOWS\system32\psqnuvo.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys
purity 
EmptyTemp
[start explorer]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Reboot and post a new DSS log


  • Advertisement
  • #7
    crapmanjoe
    Registered Users, Registered Users 2 Posts: 472 ✭✭crapmanjoe


    cheers mate

    that actually worked the job, got rid of what ever was giving me trouble


Advertisement