C:Programs\Internet Explorer\svchost.exe HELP!!!

[cfd01]

Please help, I have this message popping up every few minutes. I used spybot S&D and Avast (both up to date) to no avail. I googled it and came across some threads posted here. After reading them I believe that I have some sort of malware. All the threads recommended that I get help as an individual rather then follow what was done for others. First I tried using the "Having problems with spyware and pop-ups?" got to step two and found that Panda ActiveScan is not vista compatible. I am running vista ultimate 32 bit, ASUS M2A-VM motherboard, AMD athalon 64x2 5600, with 3 gig ram. please help if you can.

[cfd01]

Deckard's System Scanner v20071014.68
Run by Chris on 2007-12-20 12:01:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
16: 2007-12-20 15:34:33 UTC - RP254 - Removed Ad-Aware 2007
15: 2007-12-19 07:50:29 UTC - RP253 - Windows Update
14: 2007-12-19 03:45:19 UTC - RP252 - Scheduled Checkpoint
13: 2007-12-18 14:01:02 UTC - RP251 - Installed HP Update
12: 2007-12-17 03:41:30 UTC - RP250 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-12-14 00:08:59 UTC - RP238 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-20 12:03:10
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\ASUS\AASP\1.00.28\aaCenter.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Users\Chris\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [L08AXLRD_942152] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: MRI_DISABLED
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\System32\drivers\Pclepci.sys
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe


--
End of file - 10785 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 37900 - \??\c:\windows\system32\37900.sys
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 ASPI (Advanced SCSI Programming Interface Driver) - \??\c:\windows\system32\drivers\aspi32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 windownetpker (Window Image Worker) - c:\program files\internet explorer\svchost.exe

S2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
S3 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-20 11:58:03 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{753DA5A8-35C8-460C-A81F-E1AEC693F5D9}.job
2007-12-13 20:35:40 390 --a------ C:\Windows\Tasks\1-Click Maintenance.job


-- Files created between 2007-11-20 and 2007-12-20 -----------------------------

2038-10-01 05:03:16 4096 --a------ C:\Windows\system32\37900.sys
2007-12-16 19:24:12 0 d-------- C:\Program Files\Dx Entrance Screensaver
2007-12-13 20:27:00 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-13 20:25:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-13 19:48:46 164352 --a------ C:\Windows\system32\unrar.dll
2007-12-13 19:48:45 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-13 19:48:45 39936 --a------ C:\Windows\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-12-13 19:48:44 282624 --a------ C:\Windows\system32\xvidvfw.dll
2007-12-13 19:48:44 1559040 --a------ C:\Windows\system32\xvidcore.dll
2007-12-13 19:48:44 564224 --a------ C:\Windows\system32\x264vfw.dll
2007-12-13 19:48:44 630784 --a------ C:\Windows\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-12-13 19:48:44 438272 --a------ C:\Windows\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-12-13 19:48:44 144384 --a------ C:\Windows\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-12-13 19:48:43 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-12-13 19:48:43 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-13 19:48:43 739840 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-13 19:48:42 7680 --a------ C:\Windows\system32\ff_vfw.dll
2007-12-13 19:48:39 0 d-------- C:\Users\All Users\Real
2007-12-13 19:48:39 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-13 08:58:42 32 --a------ C:\Windows\go
2007-12-12 20:15:01 0 d-------- C:\Windows\WinAVI Video Converter 9.0
2007-12-12 12:15:25 1368064 --a------ C:\Windows\system32\vistaundo.exe <Not Verified; WareSoft Software; vistasmokerpro>
2007-12-09 19:44:22 0 d-------- C:\Users\All Users\FLEXnet
2007-12-09 19:39:10 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-09 14:25:51 0 --a------ C:\Windows\ativpsrm.bin
2007-12-05 23:00:59 0 d-------- C:\Program Files\Nero
2007-12-05 23:00:59 0 d-------- C:\Program Files\Common Files\Nero
2007-12-05 22:08:04 0 d-------- C:\Users\All Users\Nero
2007-12-04 18:10:04 0 d--h----- C:\Program Files\Zero G Registry
2007-12-04 18:10:04 0 d-------- C:\Program Files\Britannica 8.0
2007-12-04 18:08:20 0 d--h----- C:\Users\Chris\InstallAnywhere
2007-12-04 14:26:09 0 d-------- C:\Program Files\Common Files\Nova Development
2007-12-04 14:25:00 0 d-------- C:\Program Files\Creative Home
2007-12-04 08:36:07 0 d-------- C:\Users\All Users\Geek Squad
2007-12-04 08:01:19 0 d-------- C:\Users\All Users\WinZip
2007-12-01 17:39:24 92544 --a------ C:\Windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2007-12-01 17:39:24 0 d-------- C:\Program Files\MagicDisc
2007-12-01 17:30:01 0 dr------- C:\Users\Kevin\Searches
2007-12-01 17:29:46 0 dr------- C:\Users\Kevin\Contacts
2007-12-01 17:29:36 0 dr------- C:\Users\Kevin\Videos
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\Templates
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\Start Menu
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\SendTo
2007-12-01 17:29:36 0 dr------- C:\Users\Kevin\Saved Games
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\Recent
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\PrintHood
2007-12-01 17:29:36 0 dr------- C:\Users\Kevin\Pictures
2007-12-01 17:29:36 1048576 --ahs---- C:\Users\Kevin\NTUSER.DAT
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\NetHood
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\My Documents
2007-12-01 17:29:36 0 dr------- C:\Users\Kevin\Music
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\Local Settings
2007-12-01 17:29:36 0 dr------- C:\Users\Kevin\Links
2007-12-01 17:29:36 0 dr------- C:\Users\Kevin\Favorites
2007-12-01 17:29:36 0 dr------- C:\Users\Kevin\Downloads
2007-12-01 17:29:36 0 dr------- C:\Users\Kevin\Documents
2007-12-01 17:29:36 0 dr------- C:\Users\Kevin\Desktop
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\Cookies
2007-12-01 17:29:36 0 d--hs---- C:\Users\Kevin\Application Data
2007-12-01 17:29:36 0 d--h----- C:\Users\Kevin\AppData
2007-11-27 21:12:42 0 d-------- C:\Program Files\VideoLAN
2007-11-25 19:47:24 1203 --a------ C:\Windows\mozver.dat
2007-11-25 18:47:52 0 dr------- C:\Users\Aidan\Searches
2007-11-25 18:47:38 0 dr------- C:\Users\Aidan\Contacts
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\Templates
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\Start Menu
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\SendTo
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\Recent
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\PrintHood
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\NetHood
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\My Documents
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\Local Settings
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\Cookies
2007-11-25 18:47:31 0 d--hs---- C:\Users\Aidan\Application Data
2007-11-25 18:47:30 0 dr------- C:\Users\Aidan\Videos
2007-11-25 18:47:30 0 dr------- C:\Users\Aidan\Saved Games
2007-11-25 18:47:30 0 dr------- C:\Users\Aidan\Pictures
2007-11-25 18:47:30 1048576 --ahs---- C:\Users\Aidan\NTUSER.DAT
2007-11-25 18:47:30 0 dr------- C:\Users\Aidan\Music
2007-11-25 18:47:30 0 dr------- C:\Users\Aidan\Links
2007-11-25 18:47:30 0 dr------- C:\Users\Aidan\Favorites
2007-11-25 18:47:30 0 dr------- C:\Users\Aidan\Downloads
2007-11-25 18:47:30 0 dr------- C:\Users\Aidan\Documents
2007-11-25 18:47:30 0 dr------- C:\Users\Aidan\Desktop
2007-11-25 18:47:30 0 d--h----- C:\Users\Aidan\AppData
2007-11-24 08:41:39 2987 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2007-11-24 08:30:51 13085 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-11-24 08:30:45 0 d-------- C:\Program Files\Illustrate
2007-11-22 21:42:41 45056 --a------ C:\Windows\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-11-22 21:42:41 84832 --a------ C:\Windows\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>


-- Find3M Report ---------------------------------------------------------------

2007-12-20 11:57:47 0 d-------- C:\Users\Chris\AppData\Roaming\Azureus
2007-12-19 18:51:45 0 d-------- C:\Users\Chris\AppData\Roaming\Vso
2007-12-13 20:25:43 0 d-------- C:\Program Files\Common Files
2007-12-13 20:03:35 0 d-------- C:\Program Files\K-Lite Video Conversion Pack
2007-12-13 19:48:39 0 d-------- C:\Users\Chris\AppData\Roaming\Real
2007-12-12 18:58:54 0 d-------- C:\Users\Chris\AppData\Roaming\dvdcss
2007-12-10 09:38:38 0 d-------- C:\Users\Chris\AppData\Roaming\Adobe
2007-12-09 19:39:13 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-07 17:14:29 0 d-------- C:\Program Files\Azureus
2007-12-05 22:12:31 0 d-------- C:\Users\Chris\AppData\Roaming\Nero
2007-12-05 09:00:52 0 d-------- C:\Users\Chris\AppData\Roaming\Primal Pictures
2007-12-01 17:56:15 0 d-------- C:\Program Files\Microsoft Games
2007-11-27 21:26:07 0 d-------- C:\Users\Chris\AppData\Roaming\vlc
2007-11-25 19:14:34 0 d-------- C:\Program Files\Google
2007-11-17 15:50:53 0 d-------- C:\Program Files\sz8037
2007-11-17 13:38:43 0 d-------- C:\Users\Chris\AppData\Roaming\School Zone Preferences
2007-11-15 07:32:51 0 d-------- C:\Program Files\Windows Mail
2007-11-13 20:15:05 0 d-------- C:\Program Files\Microsoft Student
2007-11-12 15:30:46 0 d-------- C:\Program Files\PCPitstop
2007-11-12 15:27:13 0 -rahs---- C:\MSDOS.SYS
2007-11-12 15:27:13 0 -rahs---- C:\IO.SYS
2007-11-09 18:28:47 0 d-------- C:\Program Files\SlySoft
2007-11-06 07:52:42 0 d-------- C:\Program Files\iTunes
2007-11-06 07:52:26 0 d-------- C:\Program Files\iPod
2007-11-06 07:50:27 0 d-------- C:\Program Files\QuickTime
2007-11-01 13:33:22 7 --a------ C:\Windows\system32\CurrentName.dat
2007-11-01 07:55:46 34 --a------ C:\Users\Chris\AppData\Roaming\pcouffin.log
2007-11-01 07:55:18 7887 --a------ C:\Users\Chris\AppData\Roaming\pcouffin.cat
2007-11-01 07:55:17 0 d-------- C:\Program Files\VSO
2007-10-28 19:04:47 0 d-------- C:\Program Files\Design Manager
2007-10-23 18:39:29 0 d-------- C:\Program Files\BayGenie
2007-10-23 18:02:27 0 d-------- C:\Program Files\Hallmark
2007-10-23 17:17:06 0 d-------- C:\Program Files\MagicISO
2007-10-23 16:45:24 0 d-------- C:\Program Files\Sierra On-Line
2007-10-23 16:45:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-11 15:12:07 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-10-08 14:19:08 2572 --a------ C:\Windows\WINDVDBOOTRECDOE.sys
2007-10-05 20:45:22 121 --a------ C:\AUTOEXEC.BAT
2007-10-02 16:46:58 2704 --a------ C:\Windows\checkip.dat
2007-10-02 16:45:55 3062 --a------ C:\Windows\ipconfig.dat
2007-10-01 22:01:12 148929 --a------ C:\Windows\hpoins19.dat
2007-10-01 21:44:14 174 --ahs---- C:\Program Files\desktop.ini
2007-10-01 19:54:37 0 --a------ C:\Windows\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/01/2007 09:05 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 08:52 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [11/02/2006 06:33 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 03:46 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [11/25/2007 07:14 PM]
"L08AXLRD_942152"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe" [05/21/2007 05:00 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 7:24:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 8:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableStatusMessages"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoStartMenuMyGames"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"HideClock"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"RestrictWelcomeCenter"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"L08AXLRD_129314407"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CatalystRegistration"="C:\Program Files\ATI\CatalystRegistration\dolce.exe"
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"RtHDVCpl"=RtHDVCpl.exe
"Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d72e3064-73b3-11dc-8371-001217663304}]
AutoRun\command- G:\Autorun.exe
install\command- G:\Setup.exe
readfile\command- hh.exe readme.htm


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 cts.180solutions.com
127.0.0.1 downloads.180solutions.com

7795 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-20 12:04:16 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 3069.88 MiB / 1900.29 MiB
Pagefile Memory (total/avail): 6328.26 MiB / 5247.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.82 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 233.76 GiB total, 164.51 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 93.16 GiB total, 29.09 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 7L250S0 ATA Device - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 233.76 GiB - C:

\\.\PHYSICALDRIVE1 - HTS54101 0G9AT00 USB Device - 93.16 GiB - 1 partition
\PARTITION0 - Installable File System - 93.16 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1098 [VPS 071219-0] v4.7.1098 (ALWIL Software) Disabled
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Chris\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRIS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Chris
LOCALAPPDATA=C:\Users\Chris\AppData\Local
LOGONSERVER=\\CHRIS-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Chris\AppData\Local\Temp
TMP=C:\Users\Chris\AppData\Local\Temp
USERDOMAIN=Chris-PC
USERNAME=Chris
USERPROFILE=C:\Users\Chris
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Chris (admin)
Tracey
Ryan
Aidan
Kevin


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
5600 -->
5600_Help -->
5600Trb -->
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat 7.0 Professional -->
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe GoLive CS2 -->
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 -->
Adobe InDesign CS2 -->
Adobe Photoshop CS2 -->
Adobe Photoshop Elements 6.0 -->
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Version Cue CS2 -->
AIO_CDB_ProductContext -->
AIO_CDB_Software -->
AIO_Scan -->
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AQUAZONE "Arowana Pack" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7ECF05A1-3C93-4014-A81C-C1C0DBFDF396}\Setup.exe" -l0x9
AQUAZONE "Deep Sea Pack" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07C24494-0182-4C3C-B529-F2AE19AC6993}\Setup.exe" -l0x9
AQUAZONE "Fun Pack" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F649CBB8-70F0-4963-8C28-AC6EF632439C}\Setup.exe" -l0x9
AQUAZONE "Goldfish Pack" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{375BFA5F-3DC3-455D-B015-38F295AF70E6}\Setup.exe" -l0x9
AQUAZONE "Jellyfish Pack" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEEBEE52-2944-4078-8716-FBB367E294FA}\Setup.exe" -l0x9
AQUAZONE "Reef Fish Pack" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C50A4644-D4F3-4B11-A277-7195F2307E7B}\Setup.exe" -l0x9
AQUAZONE "Turtles & More Pack" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA1B467F-367B-49D6-93B4-5621BDAB28EB}\Setup.exe" -l0x9
AQUAZONE DESKTOP GARDEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DFBF7E-DC05-4E87-A7D1-D5631A23ECED}\Setup.exe" -l0x9
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
ATI Catalyst Install Manager -->
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BayGenie eBay Auction Sniper Pro Edition 3.1.1.0 --> "C:\Program Files\BayGenie\ProEdition\unins000.exe"
BS.Player PRO 2.23 --> "C:\Program Files\BSplayerPro\unins000.exe"
BufferChm -->
Catalyst Control Center Core Implementation -->
Catalyst Control Center Graphics Full Existing -->
Catalyst Control Center Graphics Full New -->
Catalyst Control Center Graphics Light -->
Catalyst Control Center Graphics Previews Common -->
Catalyst Control Center Graphics Previews Vista -->
Catalyst Registration --> MsiExec.exe /X{5E2691D1-9EDF-43E8-9CF2-E3DF6A17706E}
ccc-core-static -->
ccc-utility -->
CCC Help English -->
ConvertXtoDVD 2.2.3.258g --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Copy -->
CustomerResearchQFolder -->
dBpoweramp FLAC Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp Music Converter --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Destinations -->
DeviceManagementQFolder -->
DocProc -->
DocProcQFolder -->
Dx Entrance Screensaver --> "C:\Program Files\Dx Entrance Screensaver\unins000.exe"
Encyclopaedia Britannica 2008 Ultimate Reference Suite --> "C:\Program Files\Britannica 8.0\Encyclopaedia Britannica 2008 Ultimate Reference Suite\Uninstall_Encyclopaedia Britannica 2008 Ultimate Reference Suite\Uninstall Encyclopaedia Britannica 2008 Ultimate Reference Suite.exe"
eSupportQFolder -->
Fax -->
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hallmark Card Studio 2007 Deluxe --> MsiExec.exe /X{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}
Hallmark Card Studio 2008 Deluxe --> MsiExec.exe /X{747A6A10-DA58-48C2-A1F0-C15514419C8A}
Hallmark Holiday Card Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86E96E2-56E6-4CAF-8705-3C4A102E3FDF}\setup.exe"
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B --> C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HPProductAssistant -->
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 3.5.7 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
K-Lite Video Conversion Pack 1.1.0 --> "C:\Program Files\K-Lite Video Conversion Pack\unins000.exe"
Learning Essentials for Microsoft Office --> MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
Linksys Wireless-G PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MarketResearch -->
Microsoft Math --> MsiExec.exe /I{07043840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Student 2007 for Learning Essentials --> RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\en\US\Microsoft Student 2007\Uninstall\Uninstall.inf,Uninstall,,,N
Microsoft Student with Encarta Premium 2008 --> MsiExec.exe /I{08041881-FCA5-44A7-B863-D66037A16AAF}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft XML Parser -->
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Music Alarm --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4999E00F-EB5E-402E-B5AE-BB5710F77EEB}\setup.exe" -l0x9
Nero 8 Demo --> MsiExec.exe /X{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PC Pitstop Optimize 1.5 --> "C:\Program Files\PCPitstop\Optimize\unins000.exe"
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Scan -->
Skins -->
SolutionCenter -->
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Status -->
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Thinking Skills --> C:\Windows\unvise32.exe C:\Program Files\sz8037\uninstal.log
Toolbox -->
TrayApp -->
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
UnloadSupport -->
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebReg -->
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Zoom ADSL Modem --> C:\Program Files\Zoom\Adsl\uninstall.exe
Zoom ADSL Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52C8CFE4-7C7C-11D7-A021-0060979CE4D3}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type91343 / Error
Event Submitted/Written: 12/20/2007 11:01:59 AM
Event ID/Source: 0 / svchost.exe
Event Description:
Access violation at address 00452606 in module 'svchost.exe'. Read of address 000002F4

Event Record #/Type91339 / Error
Event Submitted/Written: 12/20/2007 11:00:16 AM
Event ID/Source: 0 / svchost.exe
Event Description:
Access violation at address 00452606 in module 'svchost.exe'. Read of address 000002F4

Event Record #/Type91326 / Error
Event Submitted/Written: 12/20/2007 10:47:34 AM
Event ID/Source: 0 / svchost.exe
Event Description:
Access violation at address 00452606 in module 'svchost.exe'. Read of address 000002F4

Event Record #/Type91316 / Error
Event Submitted/Written: 12/20/2007 10:42:23 AM
Event ID/Source: 0 / svchost.exe
Event Description:
Access violation at address 00452606 in module 'svchost.exe'. Read of address 000002F4

Event Record #/Type91298 / Success
Event Submitted/Written: 12/20/2007 10:39:30 AM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35622 / Warning
Event Submitted/Written: 12/20/2007 00:03:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Chris-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Chris-PC27 can't undo changes that you allow.

For more information please see the following:
%Chris-PC275

Scan ID: {CADE23A7-255E-4CC9-B2F8-22C42708CCBE}

User: Chris-PC\Chris

Name: %Chris-PC271

ID: %Chris-PC272

Severity ID: %Chris-PC273

Category ID: %Chris-PC274

Path Found: %Chris-PC276

Alert Type: %Chris-PC278

Detection Type: 1.1.1505.02

Event Record #/Type35621 / Warning
Event Submitted/Written: 12/20/2007 00:03:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Chris-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Chris-PC27 can't undo changes that you allow.

For more information please see the following:
%Chris-PC275

Scan ID: {0307AB80-52F4-4CE4-BCC4-ECE895926F6E}

User: Chris-PC\Chris

Name: %Chris-PC271

ID: %Chris-PC272

Severity ID: %Chris-PC273

Category ID: %Chris-PC274

Path Found: %Chris-PC276

Alert Type: %Chris-PC278

Detection Type: 1.1.1505.02

Event Record #/Type35620 / Warning
Event Submitted/Written: 12/20/2007 00:03:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Chris-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Chris-PC27 can't undo changes that you allow.

For more information please see the following:
%Chris-PC275

Scan ID: {FF51399F-659C-4873-A663-67858FD79665}

User: Chris-PC\Chris

Name: %Chris-PC271

ID: %Chris-PC272

Severity ID: %Chris-PC273

Category ID: %Chris-PC274

Path Found: %Chris-PC276

Alert Type: %Chris-PC278

Detection Type: 1.1.1505.02

Event Record #/Type35619 / Warning
Event Submitted/Written: 12/20/2007 00:03:22 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Chris-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Chris-PC27 can't undo changes that you allow.

For more information please see the following:
%Chris-PC275

Scan ID: {004B383D-5489-40EB-A334-9B1555AF5BB8}

User: Chris-PC\Chris

Name: %Chris-PC271

ID: %Chris-PC272

Severity ID: %Chris-PC273

Category ID: %Chris-PC274

Path Found: %Chris-PC276

Alert Type: %Chris-PC278

Detection Type: 1.1.1505.02

Event Record #/Type35618 / Warning
Event Submitted/Written: 12/20/2007 00:03:22 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Chris-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Chris-PC27 can't undo changes that you allow.

For more information please see the following:
%Chris-PC275

Scan ID: {CA6ADFF0-50B0-452C-81FF-D6BE6B59766B}

User: Chris-PC\Chris

Name: %Chris-PC271

ID: %Chris-PC272

Severity ID: %Chris-PC273

Category ID: %Chris-PC274

Path Found: %Chris-PC276

Alert Type: %Chris-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2007-12-20 12:04:16 ------------

[cfd01]

Ran Spy Sweeper, Tune-up Utilities, Pc Pit Stop. Seems to have done the trick. I'll post if something new comes up.

[cfd01]

It's Back.

[forhockey]

Hi cfd01,

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

DO NOT run SDFix yet. We will shortly

--------------------------------------------------------------

Disable S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

--------------------------------------------------------------

Download http://www.techsupportforum.com/sect...etTeaTimer.zip
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

--------------------------------------------------------------

Enter Safe Mode

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
3. Instead of Windows loading as normal, a menu should appear
4. Use the up arrow key to highlight Safe Mode and press Enter.
5. Login with your usual account
6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

--------------------------------------------------------------

Run SDFix

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• Paste the contents of the Report.txt back on the forum

--------------------------------------------------------------

Restart your computer in Normal Mode

--------------------------------------------------------------

1. Download Combofix from Here or Alternate link
   
   **Save it directly to your desktop**
   
2. Disable your real time Anti Virus and Anti Spyware protection programs. Exit the program via the SystemTray icon.
3. Double click on combofix.exe & follow the prompts. Type "1" and press Enter to begin the scan.
4. When finished, it shall produce a log for you ( C:\ComboFix.txt ). Post that log in your next reply.
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall
   
   --------------------------------------------------------------
   
5. Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it.
   
6. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
   
   --------------------------------------------------------------

Please reply back with the following logs:

C:\SDFix\report.txt
C:\ComboFix.txt
New HijackThis Log

[cfd01]

I followed the instructions and ResetTeaTimer.bat says it is an unsupported version. Also I did not have RunThis.bat in SDFix, I do have RunThis.cmd. Just a reminder I am running vista (yeah I know, BIG MISTAKE!!!). Is there something I'm doing wrong or is it vista?

[forhockey]

Hi cfd01,

Sorry about that. Please scratch my previous instructions and follow these set of instructions. Also I've noticed you have Avast! disabled. Are you only disabling it when you are running these scans? Please have it enabled to ensure your computer is protected, or else we will be wasting our time cleaning this machine.

--------------------------------------------------------------

Press Windows Logo + R on your keyboard
Type cmd in the Run box, and press OK

Command Prompt should open in a black window. Please type the following in bold.
sc stop 37900
<hit enter on your keyboard>

sc delete 37900
<hit enter on your keyboard>

sc stop windownetpker
<hit enter on your keyboard>

sc delete windownetpker
<hit enter on your keyboard>

- Close Command Prompt after you've completed the above set of instructions.

--------------------------------------------------------------

Please download OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  c:\program files\internet explorer\svchost.exe
  c:\windows\system32\37900.sys
  
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

--------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Please run DSS.exe again, and post the resulting log (Should only produce main.txt now)

--------------------------------------------------------------

Please reply back with the following logs:

1. C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

2. Kaspersky Online Scan Results

3. New main.txt (From DSS.exe)