Thread: Newby Bombarded With Spyware Pop-ups
View Single Post
Old 04-24-2007, 11:36 AM   #1 (permalink)
JOHNNYMACK
Registered User
 
Join Date: Apr 2007
Location: united kingdom
Posts: 16
OS: Win XP


Newby Bombarded With Spyware Pop-ups
So glad to find a site that looks like it may finally be able to help me.
You have probably seen it all before,
I'm having trouble with popups and trojans. here are some of the popups that have been coming up.
A very bad one is the first; amaena. It brings me to fake antivirus and antispyware download pages.
Mostly a page for WinAntiVirus Pro 2007 and WinAntiSpyware 2006, that say my current antivirus/spyware protection is ineffective and that my system is inefected.

Please help me fix this, I have carried out the 5 required steps and here comes my logs -

PANDA LOG -

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User\Cookies\user@atdmt[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\User\Cookies\user@cassava[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\User\Cookies\user@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\User\Cookies\user@errorsafe[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\User\Cookies\user@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\User\Cookies\user@stats1.reliablestats[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\User\Cookies\user@systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\User\Cookies\user@winantispyware[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\User\Cookies\user@winantivirus[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\User\Cookies\user@www.drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\User\Cookies\user@www.errorsafe[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\User\Cookies\user@www.myaffiliateprogram[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\User\Cookies\user@www.winantiviruspro[1].txt
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\01234567\installdrivecleanerstart[1].exe
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\WINDOWS\system32\dllcache\win32\csrss.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hggdbaw.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hgghfeb.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ljjigeb.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pmnolll.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\urqrrqo.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\yayawts.dll *********************************************************
DECKARDS MAIN.TXT LOG -

Deckard's System Scanner v20070423.42
Run by User on 2007-04-24 at 17:16:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-04-24 16:16:44 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as User.exe) ------------------------------------------------

Unable to find log (file not found).

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SRTSP - c:\windows\system32\drivers\srtsp.sys <Verified; Symantec Corporation; AutoProtect; 10.1; 10.1.4.1>
R1 SRTSPX - c:\windows\system32\drivers\srtspx.sys <Verified; Symantec Corporation; AutoProtect; 10.1; 10.1.4.1>
R3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Verified; THOMSON; SpeedTouch USB; 301.0.0.12; 301.0.0.12>
R3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Verified; THOMSON; SpeedTouch USB; 301.0.0.12; 301.0.0.12>
R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Verified; Sensaura; ; ; 5.10.00.3513>

S2 BCMNTIO - c:\progra~1\checkit\diagno~1\bcmntio.sys (file missing)
S2 MAPMEM - c:\progra~1\checkit\diagno~1\mapmem.sys (file missing)
S3 AmeAtmPc - c:\windows\system32\drivers\ameatmpc.sys (file missing)
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913; 9.13.15.6; 1.89.108.2>
S3 FXDRV - d:\fxdrv.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk; 7.00.0.24; 7.00.0.24>
S3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - c:\windows\system32\drivers\sisnic.sys <Verified; SiS Corporation; NDIS 5.1 NIC Driver; 1.16.00.05; 1.16.00.05 built by: WinDDK>
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Verified; Symantec Corporation; AutoProtect; 10.1; 10.1.4.1>
S3 zlportio (ZLPORTIO - Allow user access to I/O ports) - c:\windows\system32\zlportio.sys <Not Verified; SpecoSoft; SpecoSoft zlportio; 1, 0, 0, 1; 1, 0, 0, 1>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon <Verified; Symantec Corporation; Symantec Security Technologies; 106.1.2.2; 106.1.2.2>
R2 Speed Disk service - c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk; 7.00.0.24; 7.00.0.24>

S2 FirebirdGuardianDefaultInstance (Firebird Guardian - DefaultInstance) - c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s (file missing)
S2 LiveUpdate Notice Service - "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll" <Verified; Symantec Corporation; LiveUpdate Notice; 1.2; 1.2.0.18>
S3 FirebirdServerDefaultInstance (Firebird Server - DefaultInstance) - c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-04-20 20:01:14 528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - User.job
2007-04-16 12:08:51 290 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job


-- Files created between 2007-03-24 and 2007-04-24 -----------------------------

2007-04-24 17:03:58 0 d-------- C:\ie-spyad
2007-04-24 17:01:37 536811 --a------ C:\ie-spyad.exe
2007-04-24 16:54:10 0 d-------- C:\Program Files\SpywareGuard
2007-04-24 16:44:33 0 d-------- C:\Program Files\SpywareBlaster
2007-04-24 09:05:12 764570 ---hs---- C:\WINDOWS\system32\bccdd.ini2
2007-04-24 08:58:17 131604 --a------ C:\WINDOWS\system32\xalcibup.dll
2007-04-23 18:04:41 0 d-------- C:\WINDOWS\BDOSCAN8
2007-04-23 17:52:28 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-22 15:39:22 0 d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2007-04-22 15:38:46 0 d-------- C:\Program Files\Lavasoft
2007-04-20 19:38:14 758028 ---hs---- C:\WINDOWS\system32\bccdd.bak2
2007-04-19 21:18:13 0 d-------- C:\Documents and Settings\User\Application Data\Microgaming
2007-04-19 21:18:00 0 d-------- C:\WINDOWS\system32\FlashAX
2007-04-19 19:38:03 773477 ---hs---- C:\WINDOWS\system32\bccdd.bak1
2007-04-19 19:36:34 281172 ---hs---- C:\WINDOWS\system32\ddccb.dll
2007-04-19 14:52:44 0 d-------- C:\VundoFix Backups
2007-04-19 13:23:43 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys <Not Verified; GRISOFT, s.r.o.; AVG7 Clean Driver; 1.0.0.14; 1.0.0.14>
2007-04-18 17:15:55 0 d-------- C:\kav
2007-04-18 14:26:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-18 14:26:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-18 14:26:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-18 14:26:22 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-04-18 14:26:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-18 14:26:22 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-18 14:26:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-18 14:26:22 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-04-18 14:26:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-18 14:26:22 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-04-18 14:26:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-18 14:26:22 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-04-18 14:26:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-18 14:26:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-18 11:18:08 0 d-------- C:\Program Files\Enigma Software Group
2007-04-17 17:24:35 0 d-------- C:\WINDOWS\Prefetch
2007-04-16 14:24:22 0 d-------- C:\Program Files\Motorola Phone Tools
2007-04-16 14:14:14 26694 --a------ C:\WINDOWS\system32\hggdbaw.dll
2007-04-16 14:14:03 26694 --a------ C:\WINDOWS\system32\pmnolll.dll
2007-04-16 13:24:12 26694 --a------ C:\WINDOWS\system32\ljjigeb.dll
2007-04-16 13:24:00 26694 --a------ C:\WINDOWS\system32\yayawts.dll
2007-04-16 13:14:20 26694 --a------ C:\WINDOWS\system32\urqrrqo.dll
2007-04-16 13:14:20 26694 --a------ C:\WINDOWS\system32\hgghfeb.dll
2007-04-15 15:00:31 7864320 --a------ C:\Documents and Settings\User\ntuser.dat
2007-04-12 21:48:17 0 d-------- C:\WINDOWS\pss
2007-04-12 21:35:27 280676 ---hs---- C:\WINDOWS\system32\pmkhf.dll
2007-04-11 15:41:35 0 d-------- C:\Program Files\PartyGaming
2007-04-10 17:50:54 0 d-------- C:\Program Files\Poker Indicator
2007-04-10 13:17:42 0 d-------- C:\Program Files\pokerkant
2007-04-07 19:27:32 0 d-------- C:\Program Files\Poker Pal Pro Edition
2007-04-06 19:29:42 0 d-------- C:\Program Files\Poker-Spy
2007-04-03 16:24:35 0 d-------- C:\Program Files\EmpirePokerMaster
2007-04-03 09:47:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-04-02 22:57:20 0 d-------- C:\Program Files\Magic Holdem
2007-04-02 19:32:29 0 d-------- C:\Program Files\Norton AntiVirus
2007-04-02 19:28:36 0 d-------- C:\Program Files\Norton SystemWorks
2007-04-02 14:46:19 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-03-28 22:57:59 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-25 1643 0 d-------- C:\WINDOWS\A5W_DATA


-- Find3M Report ---------------------------------------------------------------

2007-04-24 16:09:26 0 d-------- C:\Program Files\Messenger
2007-04-24 1634 0 d-------- C:\Program Files\iTunes
2007-04-24 16:05:55 0 d-------- C:\Program Files\Google
2007-04-24 16:05:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-23 18:44:56 0 d-------- C:\Program Files\PacificPoker
2007-04-22 15:37:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-21 14:55:07 0 d-------- C:\Documents and Settings\User\Application Data\uTorrent
2007-04-20 00:44:14 0 d-------- C:\Program Files\MSN Messenger
2007-04-19 14:40:04 0 d-------- C:\Program Files\Calorie-Count.com Toolbar
2007-04-16 14:24:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-07 19:24:17 0 d-------- C:\Program Files\CyberLink
2007-04-03 11:23:05 0 d-------- C:\Program Files\Common Files\{1CFBFD37-07D0-2057-0722-04070903002c}
2007-04-02 22:49:18 0 d-------- C:\Program Files\Google Toolbar
2007-04-02 22:13:22 0 d-------- C:\Program Files\Symantec
2007-04-02 22:13:13 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL <Verified; Symantec Corporation; SYMEVENT; 12.3.0.15; 12.3.0.15>
2007-04-02 18:15:10 0 d-------- C:\Documents and Settings\User\Application Data\Symantec
2007-03-21 09:51:22 0 d-------- C:\Program Files\Java
2007-03-15 15:34:57 0 d-------- C:\Program Files\Thomson
2007-03-15 12:23:16 497496 --a------ C:\WINDOWS\system32\XceedZip.dll <Verified; Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com; Xceed Zip Compression Library; 6.0.6621.0; 6.0.6621.0>
2007-03-15 12:19:58 526184 --a------ C:\WINDOWS\system32\XceedCry.dll <Verified; Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com; Xceed Encryption Library; 1.1.6461.0; 1.1.6461.0>
2007-03-12 17:30:45 0 d-------- C:\Program Files\Motorola Phone Tools(2)
2007-03-12 17:30:37 0 d-------- C:\Program Files\LiveUpdate
2007-03-12 17:30:14 0 d-------- C:\Program Files\Motorola Phone Tools(2)(2)
2007-03-12 17:28:46 0 d-------- C:\Program Files\Motorola Phone Tools(3)
2007-03-05 13:34:28 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
2007-03-04 16:43:12 0 d-------- C:\Program Files\Common Files\{3CFBFD37-07D0-2057-0722-04070903002c}
2007-03-03 17:18:03 0 d-------- C:\Documents and Settings\User\Application Data\Ahead
2007-02-27 11:00:13 0 --a------ C:\WINDOWS\USA Poker
2007-02-27 11:00:13 0 --a------ C:\WINDOWS\Titan Poker
2007-02-27 11:00:13 0 --a------ C:\WINDOWS\Prestige Poker
2007-02-27 11:00:13 0 --a------ C:\WINDOWS\Poker.com
2007-02-27 11:00:13 0 --a------ C:\WINDOWS\Noble Poker
2007-02-27 11:00:13 0 --a------ C:\WINDOWS\CDPoker
2007-02-27 10:55:04 0 d-------- C:\Program Files\Yadu Digital
2007-02-09 18:22:24 8022 ---hs---- C:\WINDOWS\system32\uttss.ini2


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{7E7CF20E-AAC3-4698-91F3-4CE05D055AAd} C:\WINDOWS\system32\xalcibup.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{BC5D816C-7FA8-4815-9B0B-0D6F73D5EFF2} C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\bxoxpoce.dll\",setvm"
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"AAW"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe\" \"+b1\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9796007A-181E-4C97-99EB-7F71B8989A7B}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghffc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttu

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-04-24 at 17:40:23 ----

**********************************************************

DECKARDS EXTRA.TEXT LOG -

Deckard's System Scanner v20070423.42
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2400+
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 255.48 MiB / 72.96 MiB
Pagefile Memory (total/avail): 618.75 MiB / 331.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.1 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.1 GiB total, 4.4 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-NDO1LQJK5G
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\USER-NDO1LQJK5G
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=USER-NDO1LQJK5G
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 -removeonly
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AxCrypt (Remove Only) --> "C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Calorie-Count.com Toolbar --> regsvr32 /u /s "C:\Program Files\Calorie-Count.com Toolbar\toolbar.dll"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Connection Keep Alive --> MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
Driver Wizard by 62NDS Solutions --> uninst62.exe "C:\Program Files\Driver Wizard\INSTALL.LOG"
EmpirePoker --> "C:\Program Files\EmpirePokerMaster\EmpirePoker\Uninstall.exe" "C:\Program Files\EmpirePokerMaster\EmpirePoker\install.log"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall
Hoyle Friday Night Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A17FD8C6-1AC2-46E7-AD0A-70C602C3504D}\setup.exe" -l0x9 -removeonly
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
LimeWire PRO 4.9.14 --> "C:\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
My DSC --> C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_5_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Cleanup --> MsiExec.exe /I{CA31120D-2101-484D-9FF1-195DE96FE346}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton SystemWorks --> MsiExec.exe /I{71E7B3F5-CFAF-4C1E-B494-528E28707937}
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4C1E-B494-528E28707937}\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.exe" /X
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
QuickTime --> MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{5FCDE341-328B-434B-9F21-AF5BADB57852}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-04-24 at 17:40:23 ----

**********************************************************

Please help - other than throw computer out of the window, what do I do next ???
JOHNNYMACK is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here